ID EULEROS_SA-2019-1109.NASL Type nessus Reporter This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2019-04-02T00:00:00
Description
According to the versions of the elfutils packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
An Invalid Memory Address Dereference exists in the
function elf_end in libelf in elfutils through v0.174.
Although eu-size is intended to support ar files inside
ar files, handle_ar in size.c closes the outer ar file
before handling all inner entries. The vulnerability
allows attackers to cause a denial of service
(application crash) with a crafted ELF
file.(CVE-2018-18520)
An invalid memory address dereference was discovered in
dwfl_segment_report_module.c in libdwfl in elfutils
through v0.174. The vulnerability allows attackers to
cause a denial of service (application crash) with a
crafted ELF file, as demonstrated by
consider_notes.(CVE-2018-18310)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(123583);
script_version("1.14");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id(
"CVE-2018-18310",
"CVE-2018-18520"
);
script_name(english:"EulerOS 2.0 SP2 : elfutils (EulerOS-SA-2019-1109)");
script_summary(english:"Checks the rpm output for the updated packages.");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the elfutils packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- An Invalid Memory Address Dereference exists in the
function elf_end in libelf in elfutils through v0.174.
Although eu-size is intended to support ar files inside
ar files, handle_ar in size.c closes the outer ar file
before handling all inner entries. The vulnerability
allows attackers to cause a denial of service
(application crash) with a crafted ELF
file.(CVE-2018-18520)
- An invalid memory address dereference was discovered in
dwfl_segment_report_module.c in libdwfl in elfutils
through v0.174. The vulnerability allows attackers to
cause a denial of service (application crash) with a
crafted ELF file, as demonstrated by
consider_notes.(CVE-2018-18310)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1109
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bfc1f715");
script_set_attribute(attribute:"solution", value:
"Update the affected elfutils packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-18520");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"patch_publication_date", value:"2019/03/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/02");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:elfutils");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:elfutils-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:elfutils-libelf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:elfutils-libelf-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:elfutils-libs");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["elfutils-0.163-3.h2",
"elfutils-devel-0.163-3.h2",
"elfutils-libelf-0.163-3.h2",
"elfutils-libelf-devel-0.163-3.h2",
"elfutils-libs-0.163-3.h2"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "elfutils");
}
{"id": "EULEROS_SA-2019-1109.NASL", "bulletinFamily": "scanner", "title": "EulerOS 2.0 SP2 : elfutils (EulerOS-SA-2019-1109)", "description": "According to the versions of the elfutils packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An Invalid Memory Address Dereference exists in the\n function elf_end in libelf in elfutils through v0.174.\n Although eu-size is intended to support ar files inside\n ar files, handle_ar in size.c closes the outer ar file\n before handling all inner entries. The vulnerability\n allows attackers to cause a denial of service\n (application crash) with a crafted ELF\n file.(CVE-2018-18520)\n\n - An invalid memory address dereference was discovered in\n dwfl_segment_report_module.c in libdwfl in elfutils\n through v0.174. The vulnerability allows attackers to\n cause a denial of service (application crash) with a\n crafted ELF file, as demonstrated by\n consider_notes.(CVE-2018-18310)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "published": "2019-04-02T00:00:00", "modified": "2019-04-02T00:00:00", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "href": "https://www.tenable.com/plugins/nessus/123583", "reporter": "This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?bfc1f715"], "cvelist": ["CVE-2018-18520", "CVE-2018-18310"], "type": "nessus", "lastseen": "2021-01-07T08:54:50", "edition": 12, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-18310", "CVE-2018-18520"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310875322", "OPENVAS:1361412562310876168", "OPENVAS:1361412562311220191133", "OPENVAS:1361412562311220192102", "OPENVAS:1361412562310844046", "OPENVAS:1361412562311220201055", "OPENVAS:1361412562310891689", "OPENVAS:1361412562311220191261", "OPENVAS:1361412562311220191109", "OPENVAS:1361412562311220191281"]}, {"type": "nessus", "idList": ["FEDORA_2018-91382C7BD3.NASL", "PHOTONOS_PHSA-2019-1_0-0226_ELFUTILS.NASL", "EULEROS_SA-2019-2102.NASL", "FEDORA_2018-CB25AE4B94.NASL", "EULEROS_SA-2019-1281.NASL", "EULEROS_SA-2019-1261.NASL", "EULEROS_SA-2019-1133.NASL", "EULEROS_SA-2020-1055.NASL", "CENTOS_RHSA-2019-2197.NASL", "UBUNTU_USN-4012-1.NASL"]}, {"type": "archlinux", "idList": ["ASA-201901-3"]}, {"type": "fedora", "idList": ["FEDORA:59AD36087F11", "FEDORA:E56C76217CD7", "FEDORA:F30E5644359D"]}, {"type": "ubuntu", "idList": ["USN-4012-1"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:E196CD01F392E90101CA4586833C4A40"]}, {"type": "centos", "idList": ["CESA-2019:2197"]}, {"type": "amazon", "idList": ["ALAS2-2019-1337"]}, {"type": "redhat", "idList": ["RHSA-2019:2197"]}, {"type": "oraclelinux", "idList": ["ELSA-2019-2197"]}, {"type": "debian", "idList": ["DEBIAN:DLA-1689-1:0C7A0"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1590-1"]}, {"type": "hackerone", "idList": ["H1:676976"]}], "modified": "2021-01-07T08:54:50", "rev": 2}, "score": {"value": 6.5, "vector": "NONE", "modified": "2021-01-07T08:54:50", "rev": 2}, "vulnersScore": 6.5}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123583);\n script_version(\"1.14\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-18310\",\n \"CVE-2018-18520\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : elfutils (EulerOS-SA-2019-1109)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the elfutils packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An Invalid Memory Address Dereference exists in the\n function elf_end in libelf in elfutils through v0.174.\n Although eu-size is intended to support ar files inside\n ar files, handle_ar in size.c closes the outer ar file\n before handling all inner entries. The vulnerability\n allows attackers to cause a denial of service\n (application crash) with a crafted ELF\n file.(CVE-2018-18520)\n\n - An invalid memory address dereference was discovered in\n dwfl_segment_report_module.c in libdwfl in elfutils\n through v0.174. The vulnerability allows attackers to\n cause a denial of service (application crash) with a\n crafted ELF file, as demonstrated by\n consider_notes.(CVE-2018-18310)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1109\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bfc1f715\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected elfutils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-18520\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils-libelf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils-libelf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"elfutils-0.163-3.h2\",\n \"elfutils-devel-0.163-3.h2\",\n \"elfutils-libelf-0.163-3.h2\",\n \"elfutils-libelf-devel-0.163-3.h2\",\n \"elfutils-libs-0.163-3.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"elfutils\");\n}\n", "naslFamily": "Huawei Local Security Checks", "pluginID": "123583", "cpe": ["p-cpe:/a:huawei:euleros:elfutils-libs", "p-cpe:/a:huawei:euleros:elfutils-devel", "p-cpe:/a:huawei:euleros:elfutils-libelf-devel", "p-cpe:/a:huawei:euleros:elfutils", "p-cpe:/a:huawei:euleros:elfutils-libelf", "cpe:/o:huawei:euleros:2.0"], "scheme": null, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}}
{"cve": [{"lastseen": "2020-12-09T20:25:38", "description": "An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.", "edition": 8, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-10-19T17:29:00", "title": "CVE-2018-18520", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18520"], "modified": "2019-06-10T17:29:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:elfutils_project:elfutils:0.174"], "id": "CVE-2018-18520", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18520", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_project:elfutils:0.174:*:*:*:*:*:*:*"]}, {"lastseen": "2020-12-09T20:25:38", "description": "An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.", "edition": 8, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "userInteraction": "REQUIRED", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-10-15T02:29:00", "title": "CVE-2018-18310", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-18310"], "modified": "2019-06-10T17:29:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "cpe:/a:elfutils_project:elfutils:0.174"], "id": "CVE-2018-18310", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-18310", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:a:elfutils_project:elfutils:0.174:*:*:*:*:*:*:*"]}], "openvas": [{"lastseen": "2020-01-27T18:34:56", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-18520", "CVE-2018-18310"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191133", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191133", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for elfutils (EulerOS-SA-2019-1133)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1133\");\n script_version(\"2020-01-23T11:32:34+0000\");\n script_cve_id(\"CVE-2018-18310\", \"CVE-2018-18520\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:32:34 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:32:34 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for elfutils (EulerOS-SA-2019-1133)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1133\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1133\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'elfutils' package(s) announced via the EulerOS-SA-2019-1133 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.(CVE-2018-18520)\n\nAn invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.(CVE-2018-18310)\");\n\n script_tag(name:\"affected\", value:\"'elfutils' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils\", rpm:\"elfutils~0.170~4.h1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils-default-yama-scope\", rpm:\"elfutils-default-yama-scope~0.170~4.h1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils-devel\", rpm:\"elfutils-devel~0.170~4.h1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils-libelf\", rpm:\"elfutils-libelf~0.170~4.h1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils-libelf-devel\", rpm:\"elfutils-libelf-devel~0.170~4.h1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils-libs\", rpm:\"elfutils-libs~0.170~4.h1.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:36:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-18520", "CVE-2018-18310"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191109", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191109", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for elfutils (EulerOS-SA-2019-1109)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1109\");\n script_version(\"2020-01-23T11:31:38+0000\");\n script_cve_id(\"CVE-2018-18310\", \"CVE-2018-18520\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:31:38 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:31:38 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for elfutils (EulerOS-SA-2019-1109)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1109\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1109\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'elfutils' package(s) announced via the EulerOS-SA-2019-1109 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.(CVE-2018-18520)\n\nAn invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.(CVE-2018-18310)\");\n\n script_tag(name:\"affected\", value:\"'elfutils' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils\", rpm:\"elfutils~0.163~3.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils-devel\", rpm:\"elfutils-devel~0.163~3.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils-libelf\", rpm:\"elfutils-libelf~0.163~3.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils-libelf-devel\", rpm:\"elfutils-libelf-devel~0.163~3.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils-libs\", rpm:\"elfutils-libs~0.163~3.h2\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:35:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-18520", "CVE-2018-18310"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191261", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191261", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for elfutils (EulerOS-SA-2019-1261)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1261\");\n script_version(\"2020-01-23T11:36:48+0000\");\n script_cve_id(\"CVE-2018-18310\", \"CVE-2018-18520\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:36:48 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:36:48 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for elfutils (EulerOS-SA-2019-1261)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1261\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1261\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'elfutils' package(s) announced via the EulerOS-SA-2019-1261 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.CVE-2018-18520\n\nAn invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.CVE-2018-18310\");\n\n script_tag(name:\"affected\", value:\"'elfutils' package(s) on Huawei EulerOS Virtualization 2.5.3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils\", rpm:\"elfutils~0.168~8.h1\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils-default-yama-scope\", rpm:\"elfutils-default-yama-scope~0.168~8.h1\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils-libelf\", rpm:\"elfutils-libelf~0.168~8.h1\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils-libs\", rpm:\"elfutils-libs~0.168~8.h1\", rls:\"EULEROSVIRT-2.5.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:33:14", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-18520", "CVE-2018-18310"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191281", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191281", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for elfutils (EulerOS-SA-2019-1281)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1281\");\n script_version(\"2020-01-23T11:37:23+0000\");\n script_cve_id(\"CVE-2018-18310\", \"CVE-2018-18520\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:37:23 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:37:23 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for elfutils (EulerOS-SA-2019-1281)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1281\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1281\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'elfutils' package(s) announced via the EulerOS-SA-2019-1281 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.(CVE-2018-18520)\n\nAn invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.(CVE-2018-18310)\");\n\n script_tag(name:\"affected\", value:\"'elfutils' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils\", rpm:\"elfutils~0.163~3.h2\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils-devel\", rpm:\"elfutils-devel~0.163~3.h2\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils-libelf\", rpm:\"elfutils-libelf~0.163~3.h2\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils-libelf-devel\", rpm:\"elfutils-libelf-devel~0.163~3.h2\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils-libs\", rpm:\"elfutils-libs~0.163~3.h2\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:37:33", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-18520", "CVE-2018-18521", "CVE-2018-18310", "CVE-2019-7148"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192102", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192102", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for elfutils (EulerOS-SA-2019-2102)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2102\");\n script_version(\"2020-01-23T12:34:31+0000\");\n script_cve_id(\"CVE-2018-18310\", \"CVE-2018-18520\", \"CVE-2018-18521\", \"CVE-2019-7148\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:34:31 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:34:31 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for elfutils (EulerOS-SA-2019-2102)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2102\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2102\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'elfutils' package(s) announced via the EulerOS-SA-2019-2102 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.(CVE-2018-18310)\n\nAn Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.(CVE-2018-18520)\n\nDivide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.(CVE-2018-18521)\n\nAn attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a 'warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens.'(CVE-2019-7148)\");\n\n script_tag(name:\"affected\", value:\"'elfutils' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils\", rpm:\"elfutils~0.174~1.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils-default-yama-scope\", rpm:\"elfutils-default-yama-scope~0.174~1.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils-devel\", rpm:\"elfutils-devel~0.174~1.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils-devel-static\", rpm:\"elfutils-devel-static~0.174~1.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils-libelf\", rpm:\"elfutils-libelf~0.174~1.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils-libelf-devel\", rpm:\"elfutils-libelf-devel~0.174~1.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils-libelf-devel-static\", rpm:\"elfutils-libelf-devel-static~0.174~1.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils-libs\", rpm:\"elfutils-libs~0.174~1.h3.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-27T18:37:57", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-18520", "CVE-2018-18521", "CVE-2018-18310", "CVE-2019-7148"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-01-23T00:00:00", "published": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220201055", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201055", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for elfutils (EulerOS-SA-2020-1055)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1055\");\n script_version(\"2020-01-23T13:18:25+0000\");\n script_cve_id(\"CVE-2018-18310\", \"CVE-2018-18520\", \"CVE-2018-18521\", \"CVE-2019-7148\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:18:25 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:18:25 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for elfutils (EulerOS-SA-2020-1055)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.5\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1055\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1055\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'elfutils' package(s) announced via the EulerOS-SA-2020-1055 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.(CVE-2018-18310)\n\nAn Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.(CVE-2018-18520)\n\nDivide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.(CVE-2018-18521)\n\nAn attempted excessive memory allocation was discovered in the function read_long_names in elf_begin.c in libelf in elfutils 0.174. Remote attackers could leverage this vulnerability to cause a denial-of-service via crafted elf input, which leads to an out-of-memory exception. NOTE: The maintainers believe this is not a real issue, but instead a 'warning caused by ASAN because the allocation is big. By setting ASAN_OPTIONS=allocator_may_return_null=1 and running the reproducer, nothing happens.'(CVE-2019-7148)\");\n\n script_tag(name:\"affected\", value:\"'elfutils' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.5.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.5.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils\", rpm:\"elfutils~0.174~1.h4.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils-default-yama-scope\", rpm:\"elfutils-default-yama-scope~0.174~1.h4.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils-libelf\", rpm:\"elfutils-libelf~0.174~1.h4.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils-libs\", rpm:\"elfutils-libs~0.174~1.h4.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.5.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-05-29T18:32:55", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-18520", "CVE-2018-18521", "CVE-2018-18310", "CVE-2018-16062", "CVE-2018-16403", "CVE-2018-16402"], "description": "The remote host is missing an update for the ", "modified": "2019-03-15T00:00:00", "published": "2018-12-04T00:00:00", "id": "OPENVAS:1361412562310875322", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310875322", "type": "openvas", "title": "Fedora Update for elfutils FEDORA-2018-cb25ae4b94", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2018_cb25ae4b94_elfutils_fc28.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for elfutils FEDORA-2018-cb25ae4b94\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2018 Greenbone Networks GmbH, http://www.greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.875322\");\n script_version(\"$Revision: 14223 $\");\n script_cve_id(\"CVE-2018-18310\", \"CVE-2018-18520\", \"CVE-2018-18521\", \"CVE-2018-16062\", \"CVE-2018-16402\", \"CVE-2018-16403\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2018-12-04 08:32:03 +0100 (Tue, 04 Dec 2018)\");\n script_name(\"Fedora Update for elfutils FEDORA-2018-cb25ae4b94\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC28\");\n\n script_xref(name:\"FEDORA\", value:\"2018-cb25ae4b94\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ANJQREMUOYS2D54BXYEKNN3H6Q2FOUMG\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'elfutils'\n package(s) announced via the FEDORA-2018-cb25ae4b94 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"affected\", value:\"elfutils on Fedora 28.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC28\")\n{\n\n if ((res = isrpmvuln(pkg:\"elfutils\", rpm:\"elfutils~0.174~5.fc28\", rls:\"FC28\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-05-29T18:32:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-18520", "CVE-2019-7146", "CVE-2018-18521", "CVE-2018-18310", "CVE-2019-7664", "CVE-2019-7149", "CVE-2019-7148", "CVE-2019-7150", "CVE-2019-7665"], "description": "The remote host is missing an update for the ", "modified": "2019-05-14T00:00:00", "published": "2019-05-07T00:00:00", "id": "OPENVAS:1361412562310876168", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310876168", "type": "openvas", "title": "Fedora Update for elfutils FEDORA-2019-44a9d99647", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.876168\");\n script_version(\"2019-05-14T05:04:40+0000\");\n script_cve_id(\"CVE-2019-7146\", \"CVE-2019-7148\", \"CVE-2019-7149\", \"CVE-2019-7150\", \"CVE-2019-7664\", \"CVE-2019-7665\", \"CVE-2018-18520\", \"CVE-2018-18521\", \"CVE-2018-18310\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-05-14 05:04:40 +0000 (Tue, 14 May 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-05-07 02:37:26 +0000 (Tue, 07 May 2019)\");\n script_name(\"Fedora Update for elfutils FEDORA-2019-44a9d99647\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC29\");\n\n script_xref(name:\"FEDORA\", value:\"2019-44a9d99647\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z6QQTO2CLXUBNNOX4DEZ5XXWJYV3SYVN\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'elfutils'\n package(s) announced via the FEDORA-2019-44a9d99647 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Elfutils is a collection of utilities, including stack (to show\nbacktraces), nm (for listing symbols from object files), size\n(for listing the section sizes of an object or archive file),\nstrip (for discarding symbols), readelf (to see the raw ELF file\nstructures), elflint (to check for well-formed ELF files) and\nelfcompress (to compress or decompress ELF sections).\");\n\n script_tag(name:\"affected\", value:\"'elfutils' package(s) on Fedora 29.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC29\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"elfutils\", rpm:\"elfutils~0.176~1.fc29\", rls:\"FC29\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-06-12T20:42:58", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-18520", "CVE-2018-18521", "CVE-2018-18310", "CVE-2018-16062", "CVE-2018-16403", "CVE-2019-7149", "CVE-2018-16402", "CVE-2019-7150", "CVE-2019-7665"], "description": "The remote host is missing an update for the ", "modified": "2019-06-11T00:00:00", "published": "2019-06-11T00:00:00", "id": "OPENVAS:1361412562310844046", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844046", "type": "openvas", "title": "Ubuntu Update for elfutils USN-4012-1", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844046\");\n script_version(\"2019-06-11T06:16:55+0000\");\n script_cve_id(\"CVE-2018-16062\", \"CVE-2018-16402\", \"CVE-2018-16403\", \"CVE-2018-18310\", \"CVE-2018-18520\", \"CVE-2018-18521\", \"CVE-2019-7149\", \"CVE-2019-7150\", \"CVE-2019-7665\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-06-11 06:16:55 +0000 (Tue, 11 Jun 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-06-11 02:00:57 +0000 (Tue, 11 Jun 2019)\");\n script_name(\"Ubuntu Update for elfutils USN-4012-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU18\\.10|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4012-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-June/004951.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'elfutils'\n package(s) announced via the USN-4012-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that elfutils incorrectly handled certain malformed\nfiles. If a user or automated system were tricked into processing a\nspecially crafted file, elfutils could be made to crash or consume\nresources, resulting in a denial of service.\");\n\n script_tag(name:\"affected\", value:\"'elfutils' package(s) on Ubuntu 18.10, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"elfutils\", ver:\"0.170-0.4ubuntu0.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libasm1\", ver:\"0.170-0.4ubuntu0.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libdw1\", ver:\"0.170-0.4ubuntu0.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libelf1\", ver:\"0.170-0.4ubuntu0.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU18.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"elfutils\", ver:\"0.170-0.5.0ubuntu1.1\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libasm1\", ver:\"0.170-0.5.0ubuntu1.1\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libdw1\", ver:\"0.170-0.5.0ubuntu1.1\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libelf1\", ver:\"0.170-0.5.0ubuntu1.1\", rls:\"UBUNTU18.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"elfutils\", ver:\"0.165-3ubuntu1.2\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libasm1\", ver:\"0.165-3ubuntu1.2\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libdw1\", ver:\"0.165-3ubuntu1.2\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"libelf1\", ver:\"0.165-3ubuntu1.2\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-29T19:25:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-18520", "CVE-2017-7613", "CVE-2018-18521", "CVE-2018-18310", "CVE-2017-7611", "CVE-2018-16062", "CVE-2017-7612", "CVE-2019-7149", "CVE-2017-7610", "CVE-2017-7608", "CVE-2019-7150", "CVE-2019-7665"], "description": "Several issues in elfutils, a collection of utilities to handle ELF\nobjects, have been found either by fuzzing or by using an\nAddressSanitizer.\n\nCVE-2019-7665\nDue to a heap-buffer-overflow problem in function elf32_xlatetom()\na crafted ELF input can cause segmentation faults.\n\nCVE-2019-7150\nAdd sanity check for partial core file dynamic data read.\n\nCVE-2019-7149\nDue to a heap-buffer-overflow problem in function read_srclines()\na crafted ELF input can cause segmentation faults.\n\nCVE-2018-18521\nBy using a crafted ELF file, containing a zero sh_entsize, a\ndivide-by-zero vulnerability could allow remote attackers to\ncause a denial of service (application crash).\n\nCVE-2018-18520\nBy fuzzing an Invalid Address Deference problem in function elf_end\nhas been found.\n\nCVE-2018-18310\nBy fuzzing an Invalid Address Read problem in eu-stack has been\nfound.\n\nCVE-2018-16062\nBy using an AddressSanitizer a heap-buffer-overflow has been found.\n\nCVE-2017-7613\nBy using fuzzing it was found that an allocation failure was not\nhandled properly.\n\nCVE-2017-7612\nBy using a crafted ELF file, containing an invalid sh_entsize, a\nremote attackers could cause a denial of service (application crash).\n\nCVE-2017-7611\nBy using a crafted ELF file a remote attackers could cause a denial\nof service (application crash).\n\nCVE-2017-7610\nBy using a crafted ELF file a remote attackers could cause a denial\nof service (application crash).\n\nCVE-2017-7608\nBy fuzzing a heap based buffer overflow has been detected.", "modified": "2020-01-29T00:00:00", "published": "2019-02-26T00:00:00", "id": "OPENVAS:1361412562310891689", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891689", "type": "openvas", "title": "Debian LTS: Security Advisory for elfutils (DLA-1689-1)", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891689\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2017-7608\", \"CVE-2017-7610\", \"CVE-2017-7611\", \"CVE-2017-7612\", \"CVE-2017-7613\",\n \"CVE-2018-16062\", \"CVE-2018-18310\", \"CVE-2018-18520\", \"CVE-2018-18521\", \"CVE-2019-7149\",\n \"CVE-2019-7150\", \"CVE-2019-7665\");\n script_name(\"Debian LTS: Security Advisory for elfutils (DLA-1689-1)\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-02-26 00:00:00 +0100 (Tue, 26 Feb 2019)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/02/msg00036.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_tag(name:\"affected\", value:\"elfutils on Debian Linux\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n0.159-4.2+deb8u1.\n\nWe recommend that you upgrade your elfutils packages.\");\n\n script_tag(name:\"summary\", value:\"Several issues in elfutils, a collection of utilities to handle ELF\nobjects, have been found either by fuzzing or by using an\nAddressSanitizer.\n\nCVE-2019-7665\nDue to a heap-buffer-overflow problem in function elf32_xlatetom()\na crafted ELF input can cause segmentation faults.\n\nCVE-2019-7150\nAdd sanity check for partial core file dynamic data read.\n\nCVE-2019-7149\nDue to a heap-buffer-overflow problem in function read_srclines()\na crafted ELF input can cause segmentation faults.\n\nCVE-2018-18521\nBy using a crafted ELF file, containing a zero sh_entsize, a\ndivide-by-zero vulnerability could allow remote attackers to\ncause a denial of service (application crash).\n\nCVE-2018-18520\nBy fuzzing an Invalid Address Deference problem in function elf_end\nhas been found.\n\nCVE-2018-18310\nBy fuzzing an Invalid Address Read problem in eu-stack has been\nfound.\n\nCVE-2018-16062\nBy using an AddressSanitizer a heap-buffer-overflow has been found.\n\nCVE-2017-7613\nBy using fuzzing it was found that an allocation failure was not\nhandled properly.\n\nCVE-2017-7612\nBy using a crafted ELF file, containing an invalid sh_entsize, a\nremote attackers could cause a denial of service (application crash).\n\nCVE-2017-7611\nBy using a crafted ELF file a remote attackers could cause a denial\nof service (application crash).\n\nCVE-2017-7610\nBy using a crafted ELF file a remote attackers could cause a denial\nof service (application crash).\n\nCVE-2017-7608\nBy fuzzing a heap based buffer overflow has been detected.\");\n\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"elfutils\", ver:\"0.159-4.2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libasm-dev\", ver:\"0.159-4.2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libasm1\", ver:\"0.159-4.2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libdw-dev\", ver:\"0.159-4.2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libdw1\", ver:\"0.159-4.2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libelf-dev\", ver:\"0.159-4.2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"libelf1\", ver:\"0.159-4.2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99);\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2021-01-07T08:55:22", "description": "According to the versions of the elfutils packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An Invalid Memory Address Dereference exists in the\n function elf_end in libelf in elfutils through v0.174.\n Although eu-size is intended to support ar files inside\n ar files, handle_ar in size.c closes the outer ar file\n before handling all inner entries. The vulnerability\n allows attackers to cause a denial of service\n (application crash) with a crafted ELF\n file.i1/4^CVE-2018-18520i1/4%0\n\n - An invalid memory address dereference was discovered in\n dwfl_segment_report_module.c in libdwfl in elfutils\n through v0.174. The vulnerability allows attackers to\n cause a denial of service (application crash) with a\n crafted ELF file, as demonstrated by\n consider_notes.i1/4^CVE-2018-18310i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 10, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-04-04T00:00:00", "title": "EulerOS Virtualization 2.5.3 : elfutils (EulerOS-SA-2019-1261)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-18520", "CVE-2018-18310"], "modified": "2019-04-04T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:elfutils-libs", "p-cpe:/a:huawei:euleros:elfutils-default-yama-scope", "p-cpe:/a:huawei:euleros:elfutils", "cpe:/o:huawei:euleros:uvp:2.5.3", "p-cpe:/a:huawei:euleros:elfutils-libelf"], "id": "EULEROS_SA-2019-1261.NASL", "href": "https://www.tenable.com/plugins/nessus/123729", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123729);\n script_version(\"1.26\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-18310\",\n \"CVE-2018-18520\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.3 : elfutils (EulerOS-SA-2019-1261)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the elfutils packages installed, the\nEulerOS Virtualization installation on the remote host is affected by\nthe following vulnerabilities :\n\n - An Invalid Memory Address Dereference exists in the\n function elf_end in libelf in elfutils through v0.174.\n Although eu-size is intended to support ar files inside\n ar files, handle_ar in size.c closes the outer ar file\n before handling all inner entries. The vulnerability\n allows attackers to cause a denial of service\n (application crash) with a crafted ELF\n file.i1/4^CVE-2018-18520i1/4%0\n\n - An invalid memory address dereference was discovered in\n dwfl_segment_report_module.c in libdwfl in elfutils\n through v0.174. The vulnerability allows attackers to\n cause a denial of service (application crash) with a\n crafted ELF file, as demonstrated by\n consider_notes.i1/4^CVE-2018-18310i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1261\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e9e0920e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected elfutils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-18520\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils-default-yama-scope\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils-libelf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.3\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.3\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.3\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"elfutils-0.168-8.h1\",\n \"elfutils-default-yama-scope-0.168-8.h1\",\n \"elfutils-libelf-0.168-8.h1\",\n \"elfutils-libs-0.168-8.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"elfutils\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T08:55:24", "description": "According to the versions of the elfutils packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An Invalid Memory Address Dereference exists in the\n function elf_end in libelf in elfutils through v0.174.\n Although eu-size is intended to support ar files inside\n ar files, handle_ar in size.c closes the outer ar file\n before handling all inner entries. The vulnerability\n allows attackers to cause a denial of service\n (application crash) with a crafted ELF\n file.(CVE-2018-18520)\n\n - An invalid memory address dereference was discovered in\n dwfl_segment_report_module.c in libdwfl in elfutils\n through v0.174. The vulnerability allows attackers to\n cause a denial of service (application crash) with a\n crafted ELF file, as demonstrated by\n consider_notes.(CVE-2018-18310)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-04-30T00:00:00", "title": "EulerOS 2.0 SP3 : elfutils (EulerOS-SA-2019-1281)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-18520", "CVE-2018-18310"], "modified": "2019-04-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:elfutils-libs", "p-cpe:/a:huawei:euleros:elfutils-devel", "p-cpe:/a:huawei:euleros:elfutils-libelf-devel", "p-cpe:/a:huawei:euleros:elfutils", "p-cpe:/a:huawei:euleros:elfutils-libelf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1281.NASL", "href": "https://www.tenable.com/plugins/nessus/124377", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124377);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-18310\",\n \"CVE-2018-18520\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : elfutils (EulerOS-SA-2019-1281)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the elfutils packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An Invalid Memory Address Dereference exists in the\n function elf_end in libelf in elfutils through v0.174.\n Although eu-size is intended to support ar files inside\n ar files, handle_ar in size.c closes the outer ar file\n before handling all inner entries. The vulnerability\n allows attackers to cause a denial of service\n (application crash) with a crafted ELF\n file.(CVE-2018-18520)\n\n - An invalid memory address dereference was discovered in\n dwfl_segment_report_module.c in libdwfl in elfutils\n through v0.174. The vulnerability allows attackers to\n cause a denial of service (application crash) with a\n crafted ELF file, as demonstrated by\n consider_notes.(CVE-2018-18310)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1281\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?33a687e2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected elfutils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-18520\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils-libelf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils-libelf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"elfutils-0.163-3.h2\",\n \"elfutils-devel-0.163-3.h2\",\n \"elfutils-libelf-0.163-3.h2\",\n \"elfutils-libelf-devel-0.163-3.h2\",\n \"elfutils-libs-0.163-3.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"elfutils\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T08:54:56", "description": "According to the versions of the elfutils packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An Invalid Memory Address Dereference exists in the\n function elf_end in libelf in elfutils through v0.174.\n Although eu-size is intended to support ar files inside\n ar files, handle_ar in size.c closes the outer ar file\n before handling all inner entries. The vulnerability\n allows attackers to cause a denial of service\n (application crash) with a crafted ELF\n file.(CVE-2018-18520)\n\n - An invalid memory address dereference was discovered in\n dwfl_segment_report_module.c in libdwfl in elfutils\n through v0.174. The vulnerability allows attackers to\n cause a denial of service (application crash) with a\n crafted ELF file, as demonstrated by\n consider_notes.(CVE-2018-18310)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 13, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-04-02T00:00:00", "title": "EulerOS 2.0 SP5 : elfutils (EulerOS-SA-2019-1133)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-18520", "CVE-2018-18310"], "modified": "2019-04-02T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:elfutils-libs", "p-cpe:/a:huawei:euleros:elfutils-devel", "p-cpe:/a:huawei:euleros:elfutils-default-yama-scope", "p-cpe:/a:huawei:euleros:elfutils-libelf-devel", "p-cpe:/a:huawei:euleros:elfutils", "p-cpe:/a:huawei:euleros:elfutils-libelf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1133.NASL", "href": "https://www.tenable.com/plugins/nessus/123607", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123607);\n script_version(\"1.21\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-18310\",\n \"CVE-2018-18520\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : elfutils (EulerOS-SA-2019-1133)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the elfutils packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An Invalid Memory Address Dereference exists in the\n function elf_end in libelf in elfutils through v0.174.\n Although eu-size is intended to support ar files inside\n ar files, handle_ar in size.c closes the outer ar file\n before handling all inner entries. The vulnerability\n allows attackers to cause a denial of service\n (application crash) with a crafted ELF\n file.(CVE-2018-18520)\n\n - An invalid memory address dereference was discovered in\n dwfl_segment_report_module.c in libdwfl in elfutils\n through v0.174. The vulnerability allows attackers to\n cause a denial of service (application crash) with a\n crafted ELF file, as demonstrated by\n consider_notes.(CVE-2018-18310)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1133\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d409f8bf\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected elfutils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-18520\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils-default-yama-scope\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils-libelf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils-libelf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"elfutils-0.170-4.h1.eulerosv2r7\",\n \"elfutils-default-yama-scope-0.170-4.h1.eulerosv2r7\",\n \"elfutils-devel-0.170-4.h1.eulerosv2r7\",\n \"elfutils-libelf-0.170-4.h1.eulerosv2r7\",\n \"elfutils-libelf-devel-0.170-4.h1.eulerosv2r7\",\n \"elfutils-libs-0.170-4.h1.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"elfutils\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:19:32", "description": "Add support for ELF version, gnu property and gnu attrbutes notes. Fix\neu-strip/eu-unstrip section group handling. Fixes CVE-2018-18310,\nCVE-2018-18520 and CVE-2018-18521.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 12, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-01-03T00:00:00", "title": "Fedora 29 : elfutils (2018-91382c7bd3)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-18520", "CVE-2018-18521", "CVE-2018-18310"], "modified": "2019-01-03T00:00:00", "cpe": ["cpe:/o:fedoraproject:fedora:29", "p-cpe:/a:fedoraproject:fedora:elfutils"], "id": "FEDORA_2018-91382C7BD3.NASL", "href": "https://www.tenable.com/plugins/nessus/120617", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-91382c7bd3.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120617);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-18310\", \"CVE-2018-18520\", \"CVE-2018-18521\");\n script_xref(name:\"FEDORA\", value:\"2018-91382c7bd3\");\n\n script_name(english:\"Fedora 29 : elfutils (2018-91382c7bd3)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Add support for ELF version, gnu property and gnu attrbutes notes. Fix\neu-strip/eu-unstrip section group handling. Fixes CVE-2018-18310,\nCVE-2018-18520 and CVE-2018-18521.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-91382c7bd3\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected elfutils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-18521\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:elfutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:29\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^29([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 29\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC29\", reference:\"elfutils-0.174-5.fc29\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"elfutils\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T10:21:38", "description": "Add support for ELF version, gnu property and gnu attrbutes notes. Fix\neu-strip/eu-unstrip section group handling. Fixes CVE-2018-18310,\nCVE-2018-18520 and CVE-2018-18521.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.", "edition": 12, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-01-03T00:00:00", "title": "Fedora 28 : elfutils (2018-cb25ae4b94)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-18520", "CVE-2018-18521", "CVE-2018-18310"], "modified": "2019-01-03T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:elfutils", "cpe:/o:fedoraproject:fedora:28"], "id": "FEDORA_2018-CB25AE4B94.NASL", "href": "https://www.tenable.com/plugins/nessus/120790", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2018-cb25ae4b94.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120790);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2018-18310\", \"CVE-2018-18520\", \"CVE-2018-18521\");\n script_xref(name:\"FEDORA\", value:\"2018-cb25ae4b94\");\n\n script_name(english:\"Fedora 28 : elfutils (2018-cb25ae4b94)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Add support for ELF version, gnu property and gnu attrbutes notes. Fix\neu-strip/eu-unstrip section group handling. Fixes CVE-2018-18310,\nCVE-2018-18520 and CVE-2018-18521.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2018-cb25ae4b94\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected elfutils package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-18521\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:elfutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:28\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^28([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 28\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC28\", reference:\"elfutils-0.174-5.fc28\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"elfutils\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T01:07:35", "description": "An update of the elfutils package has been released.", "edition": 17, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-05-15T00:00:00", "title": "Photon OS 1.0: Elfutils PHSA-2019-1.0-0226", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-18520", "CVE-2018-18521", "CVE-2018-18310", "CVE-2018-20615"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:elfutils", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2019-1_0-0226_ELFUTILS.NASL", "href": "https://www.tenable.com/plugins/nessus/125088", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2019-1.0-0226. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125088);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/16\");\n\n script_cve_id(\"CVE-2018-18310\", \"CVE-2018-18520\", \"CVE-2018-18521\");\n\n script_name(english:\"Photon OS 1.0: Elfutils PHSA-2019-1.0-0226\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the elfutils package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-226.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-20615\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:elfutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"elfutils-0.169-4.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"elfutils-debuginfo-0.169-4.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"elfutils-devel-0.169-4.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"elfutils-devel-static-0.169-4.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"elfutils-libelf-0.169-4.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"elfutils-libelf-devel-0.169-4.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"elfutils-libelf-devel-static-0.169-4.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"elfutils\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T08:59:42", "description": "According to the versions of the elfutils packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An invalid memory address dereference was discovered in\n dwfl_segment_report_module.c in libdwfl in elfutils\n through v0.174. The vulnerability allows attackers to\n cause a denial of service (application crash) with a\n crafted ELF file, as demonstrated by\n consider_notes.(CVE-2018-18310)\n\n - An Invalid Memory Address Dereference exists in the\n function elf_end in libelf in elfutils through v0.174.\n Although eu-size is intended to support ar files inside\n ar files, handle_ar in size.c closes the outer ar file\n before handling all inner entries. The vulnerability\n allows attackers to cause a denial of service\n (application crash) with a crafted ELF\n file.(CVE-2018-18520)\n\n - Divide-by-zero vulnerabilities in the function\n arlib_add_symbols() in arlib.c in elfutils 0.174 allow\n remote attackers to cause a denial of service\n (application crash) with a crafted ELF file, as\n demonstrated by eu-ranlib, because a zero sh_entsize is\n mishandled.(CVE-2018-18521)\n\n - An attempted excessive memory allocation was discovered\n in the function read_long_names in elf_begin.c in\n libelf in elfutils 0.174. Remote attackers could\n leverage this vulnerability to cause a\n denial-of-service via crafted elf input, which leads to\n an out-of-memory exception. NOTE: The maintainers\n believe this is not a real issue, but instead a\n 'warning caused by ASAN because the allocation is big.\n By setting ASAN_OPTIONS=allocator_may_return_null=1 and\n running the reproducer, nothing\n happens.'(CVE-2019-7148)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 12, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2019-11-12T00:00:00", "title": "EulerOS 2.0 SP8 : elfutils (EulerOS-SA-2019-2102)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-18520", "CVE-2018-18521", "CVE-2018-18310", "CVE-2019-7148"], "modified": "2019-11-12T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:elfutils-libs", "p-cpe:/a:huawei:euleros:elfutils-devel-static", "p-cpe:/a:huawei:euleros:elfutils-devel", "p-cpe:/a:huawei:euleros:elfutils-default-yama-scope", "p-cpe:/a:huawei:euleros:elfutils-libelf-devel", "p-cpe:/a:huawei:euleros:elfutils", "p-cpe:/a:huawei:euleros:elfutils-libelf-devel-static", "p-cpe:/a:huawei:euleros:elfutils-libelf", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2102.NASL", "href": "https://www.tenable.com/plugins/nessus/130811", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(130811);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-18310\",\n \"CVE-2018-18520\",\n \"CVE-2018-18521\",\n \"CVE-2019-7148\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : elfutils (EulerOS-SA-2019-2102)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the elfutils packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - An invalid memory address dereference was discovered in\n dwfl_segment_report_module.c in libdwfl in elfutils\n through v0.174. The vulnerability allows attackers to\n cause a denial of service (application crash) with a\n crafted ELF file, as demonstrated by\n consider_notes.(CVE-2018-18310)\n\n - An Invalid Memory Address Dereference exists in the\n function elf_end in libelf in elfutils through v0.174.\n Although eu-size is intended to support ar files inside\n ar files, handle_ar in size.c closes the outer ar file\n before handling all inner entries. The vulnerability\n allows attackers to cause a denial of service\n (application crash) with a crafted ELF\n file.(CVE-2018-18520)\n\n - Divide-by-zero vulnerabilities in the function\n arlib_add_symbols() in arlib.c in elfutils 0.174 allow\n remote attackers to cause a denial of service\n (application crash) with a crafted ELF file, as\n demonstrated by eu-ranlib, because a zero sh_entsize is\n mishandled.(CVE-2018-18521)\n\n - An attempted excessive memory allocation was discovered\n in the function read_long_names in elf_begin.c in\n libelf in elfutils 0.174. Remote attackers could\n leverage this vulnerability to cause a\n denial-of-service via crafted elf input, which leads to\n an out-of-memory exception. NOTE: The maintainers\n believe this is not a real issue, but instead a\n 'warning caused by ASAN because the allocation is big.\n By setting ASAN_OPTIONS=allocator_may_return_null=1 and\n running the reproducer, nothing\n happens.'(CVE-2019-7148)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2102\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?542cbd17\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected elfutils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7148\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/10/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils-default-yama-scope\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils-libelf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils-libelf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils-libelf-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"elfutils-0.174-1.h3.eulerosv2r8\",\n \"elfutils-default-yama-scope-0.174-1.h3.eulerosv2r8\",\n \"elfutils-devel-0.174-1.h3.eulerosv2r8\",\n \"elfutils-devel-static-0.174-1.h3.eulerosv2r8\",\n \"elfutils-libelf-0.174-1.h3.eulerosv2r8\",\n \"elfutils-libelf-devel-0.174-1.h3.eulerosv2r8\",\n \"elfutils-libelf-devel-static-0.174-1.h3.eulerosv2r8\",\n \"elfutils-libs-0.174-1.h3.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"elfutils\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-07T09:01:56", "description": "According to the versions of the elfutils packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - An invalid memory address dereference was discovered in\n dwfl_segment_report_module.c in libdwfl in elfutils\n through v0.174. The vulnerability allows attackers to\n cause a denial of service (application crash) with a\n crafted ELF file, as demonstrated by\n consider_notes.(CVE-2018-18310)\n\n - An Invalid Memory Address Dereference exists in the\n function elf_end in libelf in elfutils through v0.174.\n Although eu-size is intended to support ar files inside\n ar files, handle_ar in size.c closes the outer ar file\n before handling all inner entries. The vulnerability\n allows attackers to cause a denial of service\n (application crash) with a crafted ELF\n file.(CVE-2018-18520)\n\n - Divide-by-zero vulnerabilities in the function\n arlib_add_symbols() in arlib.c in elfutils 0.174 allow\n remote attackers to cause a denial of service\n (application crash) with a crafted ELF file, as\n demonstrated by eu-ranlib, because a zero sh_entsize is\n mishandled.(CVE-2018-18521)\n\n - An attempted excessive memory allocation was discovered\n in the function read_long_names in elf_begin.c in\n libelf in elfutils 0.174. Remote attackers could\n leverage this vulnerability to cause a\n denial-of-service via crafted elf input, which leads to\n an out-of-memory exception. NOTE: The maintainers\n believe this is not a real issue, but instead a\n 'warning caused by ASAN because the allocation is big.\n By setting ASAN_OPTIONS=allocator_may_return_null=1 and\n running the reproducer, nothing\n happens.'(CVE-2019-7148)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 15, "cvss3": {"score": 6.5, "vector": "AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}, "published": "2020-01-13T00:00:00", "title": "EulerOS Virtualization for ARM 64 3.0.5.0 : elfutils (EulerOS-SA-2020-1055)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-18520", "CVE-2018-18521", "CVE-2018-18310", "CVE-2019-7148"], "modified": "2020-01-13T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.5.0", "p-cpe:/a:huawei:euleros:elfutils-libs", "p-cpe:/a:huawei:euleros:elfutils-default-yama-scope", "p-cpe:/a:huawei:euleros:elfutils", "p-cpe:/a:huawei:euleros:elfutils-libelf"], "id": "EULEROS_SA-2020-1055.NASL", "href": "https://www.tenable.com/plugins/nessus/132809", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132809);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2018-18310\",\n \"CVE-2018-18520\",\n \"CVE-2018-18521\",\n \"CVE-2019-7148\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.5.0 : elfutils (EulerOS-SA-2020-1055)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing multiple security\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the elfutils packages installed, the\nEulerOS Virtualization for ARM 64 installation on the remote host is\naffected by the following vulnerabilities :\n\n - An invalid memory address dereference was discovered in\n dwfl_segment_report_module.c in libdwfl in elfutils\n through v0.174. The vulnerability allows attackers to\n cause a denial of service (application crash) with a\n crafted ELF file, as demonstrated by\n consider_notes.(CVE-2018-18310)\n\n - An Invalid Memory Address Dereference exists in the\n function elf_end in libelf in elfutils through v0.174.\n Although eu-size is intended to support ar files inside\n ar files, handle_ar in size.c closes the outer ar file\n before handling all inner entries. The vulnerability\n allows attackers to cause a denial of service\n (application crash) with a crafted ELF\n file.(CVE-2018-18520)\n\n - Divide-by-zero vulnerabilities in the function\n arlib_add_symbols() in arlib.c in elfutils 0.174 allow\n remote attackers to cause a denial of service\n (application crash) with a crafted ELF file, as\n demonstrated by eu-ranlib, because a zero sh_entsize is\n mishandled.(CVE-2018-18521)\n\n - An attempted excessive memory allocation was discovered\n in the function read_long_names in elf_begin.c in\n libelf in elfutils 0.174. Remote attackers could\n leverage this vulnerability to cause a\n denial-of-service via crafted elf input, which leads to\n an out-of-memory exception. NOTE: The maintainers\n believe this is not a real issue, but instead a\n 'warning caused by ASAN because the allocation is big.\n By setting ASAN_OPTIONS=allocator_may_return_null=1 and\n running the reproducer, nothing\n happens.'(CVE-2019-7148)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1055\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?faa1de91\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected elfutils packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-7148\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils-default-yama-scope\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils-libelf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:elfutils-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.5.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.5.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.5.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"elfutils-0.174-1.h4.eulerosv2r8\",\n \"elfutils-default-yama-scope-0.174-1.h4.eulerosv2r8\",\n \"elfutils-libelf-0.174-1.h4.eulerosv2r8\",\n \"elfutils-libs-0.174-1.h4.eulerosv2r8\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"elfutils\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-01-01T06:51:28", "description": "It was discovered that elfutils incorrectly handled certain malformed\nfiles. If a user or automated system were tricked into processing a\nspecially crafted file, elfutils could be made to crash or consume\nresources, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 17, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-06-11T00:00:00", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 18.10 : elfutils vulnerabilities (USN-4012-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-18520", "CVE-2018-18521", "CVE-2018-18310", "CVE-2018-16062", "CVE-2018-16403", "CVE-2019-7149", "CVE-2018-16402", "CVE-2019-7150", "CVE-2019-7665"], "modified": "2021-01-02T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:libdw1", "p-cpe:/a:canonical:ubuntu_linux:libasm1", "cpe:/o:canonical:ubuntu_linux:18.10", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:elfutils", "p-cpe:/a:canonical:ubuntu_linux:libelf1"], "id": "UBUNTU_USN-4012-1.NASL", "href": "https://www.tenable.com/plugins/nessus/125811", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4012-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(125811);\n script_version(\"1.3\");\n script_cvs_date(\"Date: 2020/01/10\");\n\n script_cve_id(\"CVE-2018-16062\", \"CVE-2018-16402\", \"CVE-2018-16403\", \"CVE-2018-18310\", \"CVE-2018-18520\", \"CVE-2018-18521\", \"CVE-2019-7149\", \"CVE-2019-7150\", \"CVE-2019-7665\");\n script_xref(name:\"USN\", value:\"4012-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 18.10 : elfutils vulnerabilities (USN-4012-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that elfutils incorrectly handled certain malformed\nfiles. If a user or automated system were tricked into processing a\nspecially crafted file, elfutils could be made to crash or consume\nresources, resulting in a denial of service.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4012-1/\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:elfutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libasm1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libdw1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libelf1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/06/11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|18\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 18.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"elfutils\", pkgver:\"0.165-3ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libasm1\", pkgver:\"0.165-3ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libdw1\", pkgver:\"0.165-3ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"libelf1\", pkgver:\"0.165-3ubuntu1.2\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"elfutils\", pkgver:\"0.170-0.4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libasm1\", pkgver:\"0.170-0.4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libdw1\", pkgver:\"0.170-0.4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"libelf1\", pkgver:\"0.170-0.4ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"elfutils\", pkgver:\"0.170-0.5.0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libasm1\", pkgver:\"0.170-0.5.0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libdw1\", pkgver:\"0.170-0.5.0ubuntu1.1\")) flag++;\nif (ubuntu_check(osver:\"18.10\", pkgname:\"libelf1\", pkgver:\"0.170-0.5.0ubuntu1.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"elfutils / libasm1 / libdw1 / libelf1\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-03-18T02:50:28", "description": "The following packages have been upgraded to a later upstream version:\nelfutils (0.176).\n\nSecurity Fix(es) :\n\n - elfutils: Heap-based buffer over-read in\n libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted\n file (CVE-2018-16062)\n\n - elfutils: Double-free due to double decompression of\n sections in crafted ELF causes crash (CVE-2018-16402)\n\n - elfutils: Heap-based buffer over-read in\n libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes\n crash (CVE-2018-16403)\n\n - elfutils: invalid memory address dereference was\n discovered in dwfl_segment_report_module.c in libdwfl\n (CVE-2018-18310)\n\n - elfutils: eu-size cannot handle recursive ar files\n (CVE-2018-18520)\n\n - elfutils: Divide-by-zero in arlib_add_symbols function\n in arlib.c (CVE-2018-18521)\n\n - elfutils: heap-based buffer over-read in read_srclines\n in dwarf_getsrclines.c in libdw (CVE-2019-7149)\n\n - elfutils: segmentation fault in elf64_xlatetom in\n libelf/elf32_xlatetom.c (CVE-2019-7150)\n\n - elfutils: Out of bound write in elf_cvt_note in\n libelf/note_xlate.h (CVE-2019-7664)\n\n - elfutils: heap-based buffer over-read in function\n elf32_xlatetom in elf32_xlatetom.c (CVE-2019-7665)", "edition": 7, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2019-08-27T00:00:00", "title": "Scientific Linux Security Update : elfutils on SL7.x x86_64 (20190806)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2018-18520", "CVE-2018-18521", "CVE-2018-18310", "CVE-2019-7664", "CVE-2018-16062", "CVE-2018-16403", "CVE-2019-7149", "CVE-2018-16402", "CVE-2019-7150", "CVE-2019-7665"], "modified": "2019-08-27T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:elfutils-devel", "p-cpe:/a:fermilab:scientific_linux:elfutils-default-yama-scope", "p-cpe:/a:fermilab:scientific_linux:elfutils-libelf-devel", "p-cpe:/a:fermilab:scientific_linux:elfutils-libelf", "p-cpe:/a:fermilab:scientific_linux:elfutils-libelf-devel-static", "p-cpe:/a:fermilab:scientific_linux:elfutils-libs", "p-cpe:/a:fermilab:scientific_linux:elfutils-debuginfo", "p-cpe:/a:fermilab:scientific_linux:elfutils", "p-cpe:/a:fermilab:scientific_linux:elfutils-devel-static", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20190806_ELFUTILS_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/128214", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(128214);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/02/24\");\n\n script_cve_id(\"CVE-2018-16062\", \"CVE-2018-16402\", \"CVE-2018-16403\", \"CVE-2018-18310\", \"CVE-2018-18520\", \"CVE-2018-18521\", \"CVE-2019-7149\", \"CVE-2019-7150\", \"CVE-2019-7664\", \"CVE-2019-7665\");\n\n script_name(english:\"Scientific Linux Security Update : elfutils on SL7.x x86_64 (20190806)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Scientific Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The following packages have been upgraded to a later upstream version:\nelfutils (0.176).\n\nSecurity Fix(es) :\n\n - elfutils: Heap-based buffer over-read in\n libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted\n file (CVE-2018-16062)\n\n - elfutils: Double-free due to double decompression of\n sections in crafted ELF causes crash (CVE-2018-16402)\n\n - elfutils: Heap-based buffer over-read in\n libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes\n crash (CVE-2018-16403)\n\n - elfutils: invalid memory address dereference was\n discovered in dwfl_segment_report_module.c in libdwfl\n (CVE-2018-18310)\n\n - elfutils: eu-size cannot handle recursive ar files\n (CVE-2018-18520)\n\n - elfutils: Divide-by-zero in arlib_add_symbols function\n in arlib.c (CVE-2018-18521)\n\n - elfutils: heap-based buffer over-read in read_srclines\n in dwarf_getsrclines.c in libdw (CVE-2019-7149)\n\n - elfutils: segmentation fault in elf64_xlatetom in\n libelf/elf32_xlatetom.c (CVE-2019-7150)\n\n - elfutils: Out of bound write in elf_cvt_note in\n libelf/note_xlate.h (CVE-2019-7664)\n\n - elfutils: heap-based buffer over-read in function\n elf32_xlatetom in elf32_xlatetom.c (CVE-2019-7665)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind1908&L=SCIENTIFIC-LINUX-ERRATA&P=22086\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?5d9aff1e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:elfutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:elfutils-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:elfutils-default-yama-scope\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:elfutils-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:elfutils-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:elfutils-libelf\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:elfutils-libelf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:elfutils-libelf-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:elfutils-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/08/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"elfutils-0.176-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"elfutils-debuginfo-0.176-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", reference:\"elfutils-default-yama-scope-0.176-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"elfutils-default-yama-scope-0.176-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"elfutils-devel-0.176-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"elfutils-devel-static-0.176-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"elfutils-libelf-0.176-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"elfutils-libelf-devel-0.176-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"elfutils-libelf-devel-static-0.176-2.el7\")) flag++;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"elfutils-libs-0.176-2.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"elfutils / elfutils-debuginfo / elfutils-default-yama-scope / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "archlinux": [{"lastseen": "2020-09-22T18:36:40", "bulletinFamily": "unix", "cvelist": ["CVE-2018-18310", "CVE-2018-18520", "CVE-2018-18521"], "description": "Arch Linux Security Advisory ASA-201901-3\n=========================================\n\nSeverity: Medium\nDate : 2019-01-08\nCVE-ID : CVE-2018-18310 CVE-2018-18520 CVE-2018-18521\nPackage : elfutils\nType : denial of service\nRemote : Yes\nLink : https://security.archlinux.org/AVG-785\n\nSummary\n=======\n\nThe package elfutils before version 0.175-1 is vulnerable to denial of\nservice.\n\nResolution\n==========\n\nUpgrade to 0.175-1.\n\n# pacman -Syu \"elfutils>=0.175-1\"\n\nThe problems have been fixed upstream in version 0.175.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2018-18310 (denial of service)\n\nAn invalid memory address dereference was discovered in\ndwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The\nvulnerability allows attackers to cause a denial of service\n(application crash) with a crafted ELF file.\n\n- CVE-2018-18520 (denial of service)\n\nAn Invalid Memory Address Dereference exists in the function elf_end in\nlibelf in elfutils through v0.174. Although eu-size is intended to\nsupport ar files inside ar files, handle_ar in size.c closes the outer\nar file before handling all inner entries. The vulnerability allows\nattackers to cause a denial of service (application crash) with a\ncrafted ELF file.\n\n- CVE-2018-18521 (denial of service)\n\nDivide-by-zero vulnerabilities in the function arlib_add_symbols() in\narlib.c in elfutils 0.174 allow remote attackers to cause a denial of\nservice (application crash) with a crafted ELF file, as demonstrated by\neu-ranlib, because a zero sh_entsize is mishandled.\n\nImpact\n======\n\nAn attacker can crash an application using one of the elfutils\nlibraries to parse files via a crafted ELF file.\n\nReferences\n==========\n\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=23752\nhttps://sourceware.org/ml/elfutils-devel/2018-q4/msg00022.html\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=23787\nhttps://sourceware.org/ml/elfutils-devel/2018-q4/msg00057.html\nhttps://sourceware.org/bugzilla/show_bug.cgi?id=23786\nhttps://sourceware.org/ml/elfutils-devel/2018-q4/msg00055.html\nhttps://security.archlinux.org/CVE-2018-18310\nhttps://security.archlinux.org/CVE-2018-18520\nhttps://security.archlinux.org/CVE-2018-18521", "modified": "2019-01-08T00:00:00", "published": "2019-01-08T00:00:00", "id": "ASA-201901-3", "href": "https://security.archlinux.org/ASA-201901-3", "type": "archlinux", "title": "[ASA-201901-3] elfutils: denial of service", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "fedora": [{"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-18310", "CVE-2018-18520", "CVE-2018-18521"], "description": "Elfutils is a collection of utilities, including stack (to show backtraces), nm (for listing symbols from object files), size (for listing the section sizes of an object or archive file), strip (for discarding symbols), readelf (to see the raw ELF file structures), elflint (to check for well-formed ELF files) and elfcompress (to compress or decompress ELF sections). ", "modified": "2018-11-18T04:00:18", "published": "2018-11-18T04:00:18", "id": "FEDORA:E56C76217CD7", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: elfutils-0.174-5.fc29", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16062", "CVE-2018-16402", "CVE-2018-16403", "CVE-2018-18310", "CVE-2018-18520", "CVE-2018-18521"], "description": "Elfutils is a collection of utilities, including stack (to show backtraces), nm (for listing symbols from object files), size (for listing the section sizes of an object or archive file), strip (for discarding symbols), readelf (to see the raw ELF file structures), elflint (to check for well-formed ELF files) and elfcompress (to compress or decompress ELF sections). ", "modified": "2018-11-21T03:14:18", "published": "2018-11-21T03:14:18", "id": "FEDORA:59AD36087F11", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 28 Update: elfutils-0.174-5.fc28", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-12-21T08:17:55", "bulletinFamily": "unix", "cvelist": ["CVE-2018-18310", "CVE-2018-18520", "CVE-2018-18521", "CVE-2019-7146", "CVE-2019-7148", "CVE-2019-7149", "CVE-2019-7150", "CVE-2019-7664", "CVE-2019-7665"], "description": "Elfutils is a collection of utilities, including stack (to show backtraces), nm (for listing symbols from object files), size (for listing the section sizes of an object or archive file), strip (for discarding symbols), readelf (to see the raw ELF file structures), elflint (to check for well-formed ELF files) and elfcompress (to compress or decompress ELF sections). ", "modified": "2019-02-18T02:05:55", "published": "2019-02-18T02:05:55", "id": "FEDORA:F30E5644359D", "href": "", "type": "fedora", "title": "[SECURITY] Fedora 29 Update: elfutils-0.176-1.fc29", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2020-07-02T11:33:07", "bulletinFamily": "unix", "cvelist": ["CVE-2018-18520", "CVE-2018-18521", "CVE-2018-18310", "CVE-2018-16062", "CVE-2018-16403", "CVE-2019-7149", "CVE-2018-16402", "CVE-2019-7150", "CVE-2019-7665"], "description": "It was discovered that elfutils incorrectly handled certain malformed \nfiles. If a user or automated system were tricked into processing a \nspecially crafted file, elfutils could be made to crash or consume \nresources, resulting in a denial of service.", "edition": 2, "modified": "2019-06-10T00:00:00", "published": "2019-06-10T00:00:00", "id": "USN-4012-1", "href": "https://ubuntu.com/security/notices/USN-4012-1", "title": "elfutils vulnerabilities", "type": "ubuntu", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "cloudfoundry": [{"lastseen": "2019-06-20T00:42:48", "bulletinFamily": "software", "cvelist": ["CVE-2018-18520", "CVE-2018-18521", "CVE-2018-18310", "CVE-2018-16062", "CVE-2018-16403", "CVE-2019-7149", "CVE-2018-16402", "CVE-2019-7150", "CVE-2019-7665"], "description": "# \n\n# Severity\n\nLow\n\n# Vendor\n\nCanonical Ubuntu\n\n# Versions Affected\n\n * Canonical Ubuntu 16.04\n * Canonical Ubuntu 18.04\n\n# Description\n\nIt was discovered that elfutils incorrectly handled certain malformed files. If a user or automated system were tricked into processing a specially crafted file, elfutils could be made to crash or consume resources, resulting in a denial of service.\n\nCVEs contained in this USN include: CVE-2018-16062, CVE-2018-16402, CVE-2018-16403, CVE-2018-18310, CVE-2018-18520, CVE-2018-18521, CVE-2019-7149, CVE-2019-7150, CVE-2019-7665\n\n# Affected Cloud Foundry Products and Versions\n\n_Severity is low unless otherwise noted._\n\n * Cloud Foundry BOSH xenial-stemcells are vulnerable, including: \n * 315.x versions prior to 315.41\n * 250.x versions prior to 250.63\n * 170.x versions prior to 170.82\n * 97.x versions prior to 97.113\n * All other stemcells not listed.\n * All versions of Cloud Foundry cflinuxfs3 prior to 0.99.0\n\n# Mitigation\n\nUsers of affected products are strongly encouraged to follow one of the mitigations below:\n\n * The Cloud Foundry project recommends upgrading the following BOSH xenial-stemcells: \n * Upgrade 315.x versions to 315.41\n * Upgrade 250.x versions to 250.63\n * Upgrade 170.x versions to 170.82\n * Upgrade 97.x versions to 97.113\n * All other stemcells should be upgraded to the latest version available on [bosh.io](<https://bosh.io/stemcells/#ubuntu-xenial>).\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs3 version 0.99.0 or later.\n\n# References\n\n * [USN-4012-1](<https://usn.ubuntu.com/4012-1>)\n * [CVE-2018-16062](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16062>)\n * [CVE-2018-16402](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16402>)\n * [CVE-2018-16403](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16403>)\n * [CVE-2018-18310](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18310>)\n * [CVE-2018-18520](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18520>)\n * [CVE-2018-18521](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18521>)\n * [CVE-2019-7149](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7149>)\n * [CVE-2019-7150](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7150>)\n * [CVE-2019-7665](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7665>)\n", "edition": 1, "modified": "2019-06-18T00:00:00", "published": "2019-06-18T00:00:00", "id": "CFOUNDRY:E196CD01F392E90101CA4586833C4A40", "href": "https://www.cloudfoundry.org/blog/usn-4012-1/", "title": "USN-4012-1: elfutils vulnerabilities | Cloud Foundry", "type": "cloudfoundry", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "centos": [{"lastseen": "2019-12-20T18:27:41", "bulletinFamily": "unix", "cvelist": ["CVE-2018-18520", "CVE-2018-18521", "CVE-2018-18310", "CVE-2019-7664", "CVE-2018-16062", "CVE-2018-16403", "CVE-2019-7149", "CVE-2018-16402", "CVE-2019-7150", "CVE-2019-7665"], "description": "**CentOS Errata and Security Advisory** CESA-2019:2197\n\n\nThe elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code.\n\nThe following packages have been upgraded to a later upstream version: elfutils (0.176). (BZ#1676504)\n\nSecurity Fix(es):\n\n* elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file (CVE-2018-16062)\n\n* elfutils: Double-free due to double decompression of sections in crafted ELF causes crash (CVE-2018-16402)\n\n* elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash (CVE-2018-16403)\n\n* elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl (CVE-2018-18310)\n\n* elfutils: eu-size cannot handle recursive ar files (CVE-2018-18520)\n\n* elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c (CVE-2018-18521)\n\n* elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw (CVE-2019-7149)\n\n* elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c (CVE-2019-7150)\n\n* elfutils: Out of bound write in elf_cvt_note in libelf/note_xlate.h (CVE-2019-7664)\n\n* elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c (CVE-2019-7665)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2019-August/005856.html\n\n**Affected packages:**\nelfutils\nelfutils-default-yama-scope\nelfutils-devel\nelfutils-devel-static\nelfutils-libelf\nelfutils-libelf-devel\nelfutils-libelf-devel-static\nelfutils-libs\n\n**Upstream details at:**\n", "edition": 2, "modified": "2019-08-30T02:43:56", "published": "2019-08-30T02:43:56", "id": "CESA-2019:2197", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2019-August/005856.html", "title": "elfutils security update", "type": "centos", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "amazon": [{"lastseen": "2020-11-10T12:37:21", "bulletinFamily": "unix", "cvelist": ["CVE-2018-18520", "CVE-2018-18521", "CVE-2018-18310", "CVE-2019-7664", "CVE-2018-16062", "CVE-2018-16403", "CVE-2019-7149", "CVE-2018-16402", "CVE-2019-7150", "CVE-2019-7665"], "description": "**Issue Overview:**\n\nAn out-of-bounds read was discovered in elfutils in the way it reads DWARF address ranges information. Function dwarf_getaranges() in dwarf_getaranges.c does not properly check whether it reads beyond the limits of the ELF section. An attacker could use this flaw to cause a denial of service via a crafted file.([CVE-2018-16062 __](<https://access.redhat.com/security/cve/CVE-2018-16062>))\n\nlibelf/elf_end.c in elfutils 0.173 allows remote attackers to cause a denial of service (double free and application crash) or possibly have unspecified other impact because it tries to decompress twice.([CVE-2018-16402 __](<https://access.redhat.com/security/cve/CVE-2018-16402>))\n\nlibdw in elfutils 0.173 checks the end of the attributes list incorrectly in dwarf_getabbrev in dwarf_getabbrev.c and dwarf_hasattr in dwarf_hasattr.c, leading to a heap-based buffer over-read and an application crash.([CVE-2018-16403 __](<https://access.redhat.com/security/cve/CVE-2018-16403>))\n\nAn invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl in elfutils through v0.174. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by consider_notes.([CVE-2018-18310 __](<https://access.redhat.com/security/cve/CVE-2018-18310>))\n\nAn Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.([CVE-2018-18520 __](<https://access.redhat.com/security/cve/CVE-2018-18520>))\n\nDivide-by-zero vulnerabilities in the function arlib_add_symbols() in arlib.c in elfutils 0.174 allow remote attackers to cause a denial of service (application crash) with a crafted ELF file, as demonstrated by eu-ranlib, because a zero sh_entsize is mishandled.([CVE-2018-18521 __](<https://access.redhat.com/security/cve/CVE-2018-18521>))\n\nA heap-based buffer over-read was discovered in the function read_srclines in dwarf_getsrclines.c in libdw in elfutils 0.175. A crafted input can cause segmentation faults, leading to denial-of-service, as demonstrated by eu-nm.([CVE-2019-7149 __](<https://access.redhat.com/security/cve/CVE-2019-7149>))\n\nAn issue was discovered in elfutils 0.175. A segmentation fault can occur in the function elf64_xlatetom in libelf/elf32_xlatetom.c, due to dwfl_segment_report_module not checking whether the dyn data read from a core file is truncated. A crafted input can cause a program crash, leading to denial-of-service, as demonstrated by eu-stack.([CVE-2019-7150 __](<https://access.redhat.com/security/cve/CVE-2019-7150>))\n\nIn elfutils 0.175, a negative-sized memcpy is attempted in elf_cvt_note in libelf/note_xlate.h because of an incorrect overflow check. Crafted elf input causes a segmentation fault, leading to denial of service (program crash).([CVE-2019-7664 __](<https://access.redhat.com/security/cve/CVE-2019-7664>))\n\nIn elfutils 0.175, a heap-based buffer over-read was discovered in the function elf32_xlatetom in elf32_xlatetom.c in libelf. A crafted ELF input can cause a segmentation fault leading to denial of service (program crash) because ebl_core_note does not reject malformed core file notes.([CVE-2019-7665 __](<https://access.redhat.com/security/cve/CVE-2019-7665>))\n\n \n**Affected Packages:** \n\n\nelfutils\n\n \n**Issue Correction:** \nRun _yum update elfutils_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n aarch64: \n elfutils-0.176-2.amzn2.aarch64 \n elfutils-libs-0.176-2.amzn2.aarch64 \n elfutils-devel-0.176-2.amzn2.aarch64 \n elfutils-devel-static-0.176-2.amzn2.aarch64 \n elfutils-libelf-0.176-2.amzn2.aarch64 \n elfutils-libelf-devel-0.176-2.amzn2.aarch64 \n elfutils-libelf-devel-static-0.176-2.amzn2.aarch64 \n elfutils-debuginfo-0.176-2.amzn2.aarch64 \n \n i686: \n elfutils-0.176-2.amzn2.i686 \n elfutils-libs-0.176-2.amzn2.i686 \n elfutils-devel-0.176-2.amzn2.i686 \n elfutils-devel-static-0.176-2.amzn2.i686 \n elfutils-libelf-0.176-2.amzn2.i686 \n elfutils-libelf-devel-0.176-2.amzn2.i686 \n elfutils-libelf-devel-static-0.176-2.amzn2.i686 \n elfutils-debuginfo-0.176-2.amzn2.i686 \n \n noarch: \n elfutils-default-yama-scope-0.176-2.amzn2.noarch \n \n src: \n elfutils-0.176-2.amzn2.src \n \n x86_64: \n elfutils-0.176-2.amzn2.x86_64 \n elfutils-libs-0.176-2.amzn2.x86_64 \n elfutils-devel-0.176-2.amzn2.x86_64 \n elfutils-devel-static-0.176-2.amzn2.x86_64 \n elfutils-libelf-0.176-2.amzn2.x86_64 \n elfutils-libelf-devel-0.176-2.amzn2.x86_64 \n elfutils-libelf-devel-static-0.176-2.amzn2.x86_64 \n elfutils-debuginfo-0.176-2.amzn2.x86_64 \n \n \n", "edition": 1, "modified": "2019-10-21T18:01:00", "published": "2019-10-21T18:01:00", "id": "ALAS2-2019-1337", "href": "https://alas.aws.amazon.com/AL2/ALAS-2019-1337.html", "title": "Low: elfutils", "type": "amazon", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "redhat": [{"lastseen": "2019-08-15T00:46:22", "bulletinFamily": "unix", "cvelist": ["CVE-2018-16062", "CVE-2018-16402", "CVE-2018-16403", "CVE-2018-18310", "CVE-2018-18520", "CVE-2018-18521", "CVE-2019-7149", "CVE-2019-7150", "CVE-2019-7664", "CVE-2019-7665"], "description": "The elfutils packages contain a number of utility programs and libraries related to the creation and maintenance of executable code.\n\nThe following packages have been upgraded to a later upstream version: elfutils (0.176). (BZ#1676504)\n\nSecurity Fix(es):\n\n* elfutils: Heap-based buffer over-read in libdw/dwarf_getaranges.c:dwarf_getaranges() via crafted file (CVE-2018-16062)\n\n* elfutils: Double-free due to double decompression of sections in crafted ELF causes crash (CVE-2018-16402)\n\n* elfutils: Heap-based buffer over-read in libdw/dwarf_getabbrev.c and libwd/dwarf_hasattr.c causes crash (CVE-2018-16403)\n\n* elfutils: invalid memory address dereference was discovered in dwfl_segment_report_module.c in libdwfl (CVE-2018-18310)\n\n* elfutils: eu-size cannot handle recursive ar files (CVE-2018-18520)\n\n* elfutils: Divide-by-zero in arlib_add_symbols function in arlib.c (CVE-2018-18521)\n\n* elfutils: heap-based buffer over-read in read_srclines in dwarf_getsrclines.c in libdw (CVE-2019-7149)\n\n* elfutils: segmentation fault in elf64_xlatetom in libelf/elf32_xlatetom.c (CVE-2019-7150)\n\n* elfutils: Out of bound write in elf_cvt_note in libelf/note_xlate.h (CVE-2019-7664)\n\n* elfutils: heap-based buffer over-read in function elf32_xlatetom in elf32_xlatetom.c (CVE-2019-7665)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.7 Release Notes linked from the References section.", "modified": "2019-08-06T13:41:32", "published": "2019-08-06T12:12:18", "id": "RHSA-2019:2197", "href": "https://access.redhat.com/errata/RHSA-2019:2197", "type": "redhat", "title": "(RHSA-2019:2197) Low: elfutils security, bug fix, and enhancement update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "oraclelinux": [{"lastseen": "2019-08-14T08:35:12", "bulletinFamily": "unix", "cvelist": ["CVE-2018-18520", "CVE-2019-7146", "CVE-2018-18521", "CVE-2018-18310", "CVE-2019-7664", "CVE-2018-16062", "CVE-2018-16403", "CVE-2019-7149", "CVE-2018-16402", "CVE-2019-7148", "CVE-2019-7150", "CVE-2019-7665"], "description": "[0.176-2]\n- Add elfutils-0.176-xlate-note.patch (#1704754)\n[0.176-1]\n- New upstream release (#1676504)\n CVE-2019-7146, CVE-2019-7148, CVE-2019-7149, CVE-2019-7150,\n CVE-2019-7664, CVE-2019-7665, CVE-2018-16062, CVE-2018-16402,\n CVE-2018-16403, CVE-2018-18310, CVE-2018-18521, CVE-2018-18520.", "edition": 1, "modified": "2019-08-13T00:00:00", "published": "2019-08-13T00:00:00", "id": "ELSA-2019-2197", "href": "http://linux.oracle.com/errata/ELSA-2019-2197.html", "title": "elfutils security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2020-08-12T01:07:37", "bulletinFamily": "unix", "cvelist": ["CVE-2018-18520", "CVE-2017-7613", "CVE-2018-18521", "CVE-2018-18310", "CVE-2017-7611", "CVE-2018-16062", "CVE-2017-7612", "CVE-2019-7149", "CVE-2017-7610", "CVE-2017-7608", "CVE-2019-7150", "CVE-2019-7665"], "description": "Package : elfutils\nVersion : 0.159-4.2+deb8u1\nCVE ID : CVE-2017-7608 CVE-2017-7610 CVE-2017-7611 CVE-2017-7612\n CVE-2017-7613 CVE-2018-16062 CVE-2018-18310 CVE-2018-18520\n CVE-2018-18521 CVE-2019-7149 CVE-2019-7150 CVE-2019-7665\n\n\nSeveral issues in elfutils, a collection of utilities to handle ELF \nobjects, have been found either by fuzzing or by using an \nAddressSanitizer.\n\n\nCVE-2019-7665\n Due to a heap-buffer-overflow problem in function elf32_xlatetom()\n a crafted ELF input can cause segmentation faults.\n\nCVE-2019-7150\n Add sanity check for partial core file dynamic data read.\n\nCVE-2019-7149\n Due to a heap-buffer-overflow problem in function read_srclines()\n a crafted ELF input can cause segmentation faults.\n\nCVE-2018-18521\n By using a crafted ELF file, containing a zero sh_entsize, a\n divide-by-zero vulnerability could allow remote attackers to\n cause a denial of service (application crash).\n\nCVE-2018-18520\n By fuzzing an Invalid Address Deference problem in function elf_end\n has been found.\n\nCVE-2018-18310\n By fuzzing an Invalid Address Read problem in eu-stack has been\n found.\n\nCVE-2018-16062\n By using an AddressSanitizer a heap-buffer-overflow has been found.\n\nCVE-2017-7613\n By using fuzzing it was found that an allocation failure was not\n handled properly.\n\nCVE-2017-7612\n By using a crafted ELF file, containing an invalid sh_entsize, a\n remote attackers could cause a denial of service (application crash).\n\nCVE-2017-7611\n By using a crafted ELF file a remote attackers could cause a denial\n of service (application crash).\n\nCVE-2017-7610\n By using a crafted ELF file a remote attackers could cause a denial\n of service (application crash).\n\nCVE-2017-7608\n By fuzzing a heap based buffer overflow has been detected.\n\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n0.159-4.2+deb8u1.\n\nWe recommend that you upgrade your elfutils packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n", "edition": 10, "modified": "2019-02-25T21:40:32", "published": "2019-02-25T21:40:32", "id": "DEBIAN:DLA-1689-1:0C7A0", "href": "https://lists.debian.org/debian-lts-announce/2019/debian-lts-announce-201902/msg00036.html", "title": "[SECURITY] [DLA 1689-1] elfutils security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}], "suse": [{"lastseen": "2019-06-20T04:41:45", "bulletinFamily": "unix", "cvelist": ["CVE-2018-18520", "CVE-2017-7613", "CVE-2017-7609", "CVE-2018-18521", "CVE-2018-18310", "CVE-2017-7611", "CVE-2018-16062", "CVE-2017-7612", "CVE-2018-16403", "CVE-2018-16402", "CVE-2017-7610", "CVE-2017-7607", "CVE-2017-7608", "CVE-2019-7150", "CVE-2019-7665"], "description": "This update for elfutils fixes the following issues:\n\n Security issues fixed:\n\n - CVE-2017-7607: Fixed a heap-based buffer overflow in handle_gnu_hash\n (bsc#1033084)\n - CVE-2017-7608: Fixed a heap-based buffer overflow in\n ebl_object_note_type_name() (bsc#1033085)\n - CVE-2017-7609: Fixed a memory allocation failure in __libelf_decompress\n (bsc#1033086)\n - CVE-2017-7610: Fixed a heap-based buffer overflow in check_group\n (bsc#1033087)\n - CVE-2017-7611: Fixed a denial of service via a crafted ELF file\n (bsc#1033088)\n - CVE-2017-7612: Fixed a denial of service in check_sysv_hash() via a\n crafted ELF file (bsc#1033089)\n - CVE-2017-7613: Fixed denial of service caused by the missing validation\n of the number of sections and the number of segments in a crafted ELF\n file (bsc#1033090)\n - CVE-2018-16062: Fixed a heap-buffer overflow in\n /elfutils/libdw/dwarf_getaranges.c:156 (bsc#1106390)\n - CVE-2018-16402: Fixed a denial of service/double free on an attempt to\n decompress the same section twice (bsc#1107066)\n - CVE-2018-16403: Fixed a heap buffer overflow in readelf (bsc#1107067)\n - CVE-2018-18310: Fixed an invalid address read problem in\n dwfl_segment_report_module.c (bsc#1111973)\n - CVE-2018-18520: Fixed bad handling of ar files inside are files\n (bsc#1112726)\n - CVE-2018-18521: Fixed a denial of service vulnerabilities in the\n function arlib_add_symbols() used by eu-ranlib (bsc#1112723)\n - CVE-2019-7150: dwfl_segment_report_module doesn't check whether the dyn\n data read from core file is truncated (bsc#1123685)\n - CVE-2019-7665: NT_PLATFORM core file note should be a zero terminated\n string (bsc#1125007)\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "edition": 1, "modified": "2019-06-20T03:13:15", "published": "2019-06-20T03:13:15", "id": "OPENSUSE-SU-2019:1590-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00052.html", "title": "Security update for elfutils (moderate)", "type": "suse", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "hackerone": [{"lastseen": "2019-12-16T18:22:07", "bulletinFamily": "bugbounty", "bounty": 3000.0, "cvelist": ["CVE-2010-4052", "CVE-2014-3488", "CVE-2016-10228", "CVE-2017-12794", "CVE-2017-16997", "CVE-2017-18269", "CVE-2018-1000001", "CVE-2018-1000201", "CVE-2018-16869", "CVE-2018-18311", "CVE-2018-18520", "CVE-2019-15591"], "description": "Hi GitLab Security team\n\n### Summary\n\nGitLab makes the container scanning and dependency scanning information available as part of a JSON endpoint for merge requests. These reports are output of the CI job and should only be displayed if the visiting user has access to CI. However, right now GitLab displays the the container scanning and dependency scanning reports regardless of this permission, making it available to whoever has access to the merge request.\n\nFor public projects, GitLab allows to restrict CI pipelines to project members only (public pipelines disabled). However, in this case, the merge request widget still renders the scanning reports result, which is the outcome of a CI pipeline.\n\n### Steps to reproduce\n\nThis is reproducible on gitlab.com. It requires at least a gold plan to have the container scanning and dependency scanning feature available.\n\n1. Create a public project, restrict CI pipeline access to project members, and disable public pipelines\n2. Push a new branch and add .gitlab-ci.yml file with the following content:\n\n```yml\ntest:\n script: |\n echo '{\"image\": \"registry.gitlab.com/groulot/container-scanning-test/master:5f21de6956aee99ddb68ae49498662d9872f50ff\",\"unapproved\": [\"CVE-2017-18269\",\"CVE-2017-16997\",\"CVE-2018-1000001\",\"CVE-2016-10228\",\"CVE-2018-18520\",\"CVE-2010-4052\",\"CVE-2018-16869\",\"CVE-2018-18311\"],\"vulnerabilities\": [{ \"featurename\": \"glibc\", \"featureversion\": \"2.24-11+deb9u3\", \"vulnerability\": \"CVE-2017-18269\", \"namespace\": \"debian:9\", \"description\": \"SSE2-optimized memmove implementation problem.\", \"link\": \"https://security-tracker.debian.org/tracker/CVE-2017-18269\", \"severity\": \"Defcon1\", \"fixedby\": \"2.24-11+deb9u4\"},{ \"featurename\": \"glibc\", \"featureversion\": \"2.24-11+deb9u3\", \"vulnerability\": \"CVE-2017-16997\", \"namespace\": \"debian:9\", \"description\": \"elf/dl-load.c in the GNU C Library (aka glibc or libc6) 2.19 through 2.26 mishandles RPATH and RUNPATH containing $ORIGIN for a privileged (setuid or AT_SECURE) program, which allows local users to gain privileges via a Trojan horse library in the current working directory, related to the fillin_rpath and decompose_rpath functions. This is associated with misinterpretion of an empty RPATH/RUNPATH token as the \\\"./\\\" directory. NOTE: this configuration of RPATH/RUNPATH for a privileged program is apparently very uncommon; most likely, no such program is shipped with any common Linux distribution.\", \"link\": \"https://security-tracker.debian.org/tracker/CVE-2017-16997\", \"severity\": \"Critical\", \"fixedby\": \"\"},{ \"featurename\": \"glibc\", \"featureversion\": \"2.24-11+deb9u3\", \"vulnerability\": \"CVE-2018-1000001\", \"namespace\": \"debian:9\", \"description\": \"In glibc 2.26 and earlier there is confusion in the usage of getcwd() by realpath() which can be used to write before the destination buffer leading to a buffer underflow and potential code execution.\", \"link\": \"https://security-tracker.debian.org/tracker/CVE-2018-1000001\", \"severity\": \"High\", \"fixedby\": \"\"},{ \"featurename\": \"glibc\", \"featureversion\": \"2.24-11+deb9u3\", \"vulnerability\": \"CVE-2016-10228\", \"namespace\": \"debian:9\", \"description\": \"The iconv program in the GNU C Library (aka glibc or libc6) 2.25 and earlier, when invoked with the -c option, enters an infinite loop when processing invalid multi-byte input sequences, leading to a denial of service.\", \"link\": \"https://security-tracker.debian.org/tracker/CVE-2016-10228\", \"severity\": \"Medium\", \"fixedby\": \"\"},{ \"featurename\": \"elfutils\", \"featureversion\": \"0.168-1\", \"vulnerability\": \"CVE-2018-18520\", \"namespace\": \"debian:9\", \"description\": \"An Invalid Memory Address Dereference exists in the function elf_end in libelf in elfutils through v0.174. Although eu-size is intended to support ar files inside ar files, handle_ar in size.c closes the outer ar file before handling all inner entries. The vulnerability allows attackers to cause a denial of service (application crash) with a crafted ELF file.\", \"link\": \"https://security-tracker.debian.org/tracker/CVE-2018-18520\", \"severity\": \"Low\", \"fixedby\": \"\"},{ \"featurename\": \"glibc\", \"featureversion\": \"2.24-11+deb9u3\", \"vulnerability\": \"CVE-2010-4052\", \"namespace\": \"debian:9\", \"description\": \"Stack consumption vulnerability in the regcomp implementation in the GNU C Library (aka glibc or libc6) through 2.11.3, and 2.12.x through 2.12.2, allows context-dependent attackers to cause a denial of service (resource exhaustion) via a regular expression containing adjacent repetition operators, as demonstrated by a {10,}{10,}{10,}{10,} sequence in the proftpd.gnu.c exploit for ProFTPD.\", \"link\": \"https://security-tracker.debian.org/tracker/CVE-2010-4052\", \"severity\": \"Negligible\", \"fixedby\": \"\"},{ \"featurename\": \"nettle\", \"featureversion\": \"3.3-1\", \"vulnerability\": \"CVE-2018-16869\", \"namespace\": \"debian:9\", \"description\": \"A Bleichenbacher type side-channel based padding oracle attack was found in the way nettle handles endian conversion of RSA decrypted PKCS#1 v1.5 data. An attacker who is able to run a process on the same physical core as the victim process, could use this flaw extract plaintext or in some cases downgrade any TLS connections to a vulnerable server.\", \"link\": \"https://security-tracker.debian.org/tracker/CVE-2018-16869\", \"severity\": \"Unknown\", \"fixedby\": \"\"},{ \"featurename\": \"perl\", \"featureversion\": \"5.24.1-3+deb9u4\", \"vulnerability\": \"CVE-2018-18311\", \"namespace\": \"debian:9\", \"description\": \"Perl before 5.26.3 and 5.28.x before 5.28.1 has a buffer overflow via a crafted regular expression that triggers invalid write operations.\", \"link\": \"https://security-tracker.debian.org/tracker/CVE-2018-18311\", \"severity\": \"Unknown\", \"fixedby\": \"5.24.1-3+deb9u5\"},{ \"featurename\": \"foo\", \"featureversion\": \"1.3\", \"vulnerability\": \"CVE-2018-666\", \"namespace\": \"debian:9\", \"description\": \"Foo has a vulnerability nobody cares about and whitelist.\", \"link\": \"https://security-tracker.debian.org/tracker/CVE-2018-666\", \"severity\": \"Unknown\", \"fixedby\": \"1.4\"}]}' > gl-container-scanning-report.json\n echo '{\"version\": \"1.3\",\"vulnerabilities\": [{\"category\": \"dependency_scanning\",\"name\": \"io.netty/netty - CVE-2014-3488\",\"message\": \"DoS by CPU exhaustion when using malicious SSL packets\",\"cve\": \"app/pom.xml:io.netty/netty@3.9.1.Final:CVE-2014-3488\",\"severity\": \"Unknown\",\"solution\": \"Upgrade to the latest version\",\"scanner\": {\"id\": \"gemnasium\",\"name\": \"Gemnasium\"},\"location\": {\"file\": \"app/pom.xml\",\"dependency\": {\"package\": {\"name\": \"io.netty/netty\"},\"version\": \"3.9.1.Final\"}},\"identifiers\": [{\"type\": \"gemnasium\",\"name\": \"Gemnasium-d1bf36d9-9f07-46cd-9cfc-8675338ada8f\",\"value\": \"d1bf36d9-9f07-46cd-9cfc-8675338ada8f\",\"url\": \"https://deps.sec.gitlab.com/packages/maven/io.netty/netty/versions/3.9.1.Final/advisories\"},{\"type\": \"cve\",\"name\": \"CVE-2014-3488\",\"value\": \"CVE-2014-3488\",\"url\": \"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3488\"}],\"links\": [{\"url\": \"https://bugzilla.redhat.com/CVE-2014-3488\"},{\"url\": \"http://netty.io/news/2014/06/11/3.html\"},{\"url\": \"https://github.com/netty/netty/issues/2562\"}],\"priority\": \"Unknown\",\"file\": \"app/pom.xml\",\"url\": \"https://bugzilla.redhat.com/CVE-2014-3488\",\"tool\": \"gemnasium\"},{\"category\": \"dependency_scanning\",\"name\": \"Django - CVE-2017-12794\",\"message\": \"Possible XSS in traceback section of technical 500 debug page\",\"cve\": \"app/requirements.txt:Django@1.11.3:CVE-2017-12794\",\"severity\": \"Unknown\",\"solution\": \"Upgrade to latest version or apply patch.\",\"scanner\": {\"id\": \"gemnasium\",\"name\": \"Gemnasium\"},\"location\": {\"file\": \"app/requirements.txt\",\"dependency\": {\"package\": {\"name\": \"Django\"},\"version\": \"1.11.3\"}},\"identifiers\": [{\"type\": \"gemnasium\",\"name\": \"Gemnasium-6162a015-8635-4a15-8d7c-dc9321db366f\",\"value\": \"6162a015-8635-4a15-8d7c-dc9321db366f\",\"url\": \"https://deps.sec.gitlab.com/packages/pypi/Django/versions/1.11.3/advisories\"},{\"type\": \"cve\",\"name\": \"CVE-2017-12794\",\"value\": \"CVE-2017-12794\",\"url\": \"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12794\"}],\"links\": [{\"url\": \"https://www.djangoproject.com/weblog/2017/sep/05/security-releases/\"}],\"priority\": \"Unknown\",\"file\": \"app/requirements.txt\",\"url\": \"https://www.djangoproject.com/weblog/2017/sep/05/security-releases/\",\"tool\": \"gemnasium\"},{\"category\": \"dependency_scanning\",\"name\": \"nokogiri - USN-3424-1\",\"message\": \"Vulnerabilities in libxml2\",\"cve\": \"rails/Gemfile.lock:nokogiri@1.8.0:USN-3424-1\",\"severity\": \"Unknown\",\"solution\": \"Upgrade to latest version.\",\"scanner\": {\"id\": \"gemnasium\",\"name\": \"Gemnasium\"},\"location\": {\"file\": \"rails/Gemfile.lock\",\"dependency\": {\"package\": {\"name\": \"nokogiri\"},\"version\": \"1.8.0\"}},\"identifiers\": [{\"type\": \"gemnasium\",\"name\": \"Gemnasium-06565b64-486d-4326-b906-890d9915804d\",\"value\": \"06565b64-486d-4326-b906-890d9915804d\",\"url\": \"https://deps.sec.gitlab.com/packages/gem/nokogiri/versions/1.8.0/advisories\"},{\"type\": \"usn\",\"name\": \"USN-3424-1\",\"value\": \"USN-3424-1\",\"url\": \"https://usn.ubuntu.com/3424-1/\"}],\"links\": [{\"url\": \"https://github.com/sparklemotion/nokogiri/issues/1673\"}],\"priority\": \"Unknown\",\"file\": \"rails/Gemfile.lock\",\"url\": \"https://github.com/sparklemotion/nokogiri/issues/1673\",\"tool\": \"gemnasium\"},{\"category\": \"dependency_scanning\",\"name\": \"ffi - CVE-2018-1000201\",\"message\": \"ruby-ffi DDL loading issue on Windows OS\",\"cve\": \"ffi:1.9.18:CVE-2018-1000201\",\"severity\": \"High\",\"solution\": \"upgrade to \\u003e= 1.9.24\",\"scanner\": {\"id\": \"bundler_audit\",\"name\": \"bundler-audit\"},\"location\": {\"file\": \"sast-sample-rails/Gemfile.lock\",\"dependency\": {\"package\": {\"name\": \"ffi\"},\"version\": \"1.9.18\"}},\"identifiers\": [{\"type\": \"cve\",\"name\": \"CVE-2018-1000201\",\"value\": \"CVE-2018-1000201\",\"url\": \"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000201\"}],\"links\": [{\"url\": \"https://github.com/ffi/ffi/releases/tag/1.9.24\"}],\"priority\": \"High\",\"file\": \"sast-sample-rails/Gemfile.lock\",\"url\": \"https://github.com/ffi/ffi/releases/tag/1.9.24\",\"tool\": \"bundler_audit\"}]}' > gl-dependency-scanning-report.json\n artifacts:\n reports:\n container_scanning: gl-container-scanning-report.json\n dependency_scanning: gl-dependency-scanning-report.json\n\n```\n3. Create a merge request with those changes\n4. As an unauthorized user, visit the page `https://example.gitlab.com/<namespace>/<public-project-name>/merge_requests/1/merge_requests/1/container_scanning_reports` and `https://example.gitlab.com/<namespace>/<public-project-name>/merge_requests/1/merge_requests/1/dependency_scanning_reports`\n\nThese two endpoints are now leaking the container scanning dependency scanning information to unauthorized users, who do not have access to CI. \n\n### Impact\n\nUnauthorized users have access to critical information like the container scanning or dependency scanning report, thus have a lot of insight of an application. By knowing the found vulnerabilities (or still existing), they could attack the target application.\n\n### Examples\n\nThis happens on gitlab.com. I've setup a test project, where the CI pipeline access is restricted to project members. However, you can access the container scanning and dependency scanning report from CI via the following endpoints:\n\n* https://gitlab.com/test-group-wter/test-reports/merge_requests/1/container_scanning_reports\n* https://gitlab.com/test-group-wter/test-reports/merge_requests/1/dependency_scanning_reports\n\n### What is the current *bug* behavior?\n\nContainer scanning and dependency scanning reports are leaked on merge requests endpoints. \n\n### What is the expected *correct* behavior?\n\nContainer scanning and dependency scanning report endpoints on merge requests require proper access control to avoid leaking it to unauthorized users.\n\nBest regards,\nXanbanx\n\n## Impact\n\nSee above", "modified": "2019-12-13T14:53:19", "published": "2019-08-19T22:30:30", "id": "H1:676976", "href": "https://hackerone.com/reports/676976", "type": "hackerone", "title": "GitLab: Container scanning and Dependency scanning report leaked to unauthorized users", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}
