Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2019-1304.NASL
HistoryMay 01, 2019 - 12:00 a.m.

EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1304)

2019-05-0100:00:00
This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
JSON

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  • An elevation of privilege vulnerability in the kernel scsi driver. Product: Android. Versions: Android kernel. Android ID A-65023233.(CVE-2017-13168)

  • Non-optimized code for key handling of shared futexes was found in the Linux kernel in the form of unbounded contention time due to the page lock for real-time users. Before the fix, the page lock was an unnecessarily heavy lock for the futex path that protected too much. After the fix, the page lock is only required in a specific corner case.(CVE-2018-9422)

  • A flaw in the load_elf_binary() function in the Linux kernel allows a local attacker to leak the base address of .text and stack sections for setuid binaries and bypass ASLR because install_exec_creds() is called too late in this function.(CVE-2019-11190)

  • A flaw was found in the Linux kernel ext4 filesystem.
    An out-of-bound access is possible in the ext4_ext_drop_refs() function when operating on a crafted ext4 filesystem image.(CVE-2018-10877)

  • A vulnerability was found in polkit. When authentication is performed by a non-root user to perform an administrative task, the authentication is temporarily cached in such a way that a local attacker could impersonate the authorized process, thus gaining access to elevated privileges.(CVE-2019-6133)

  • A flaw was found in the Linux kernel in the function hso_probe() which reads if_num value from the USB device (as an u8) and uses it without a length check to index an array, resulting in an OOB memory read in hso_probe() or hso_get_config_data(). An attacker with a forged USB device and physical access to a system (needed to connect such a device) can cause a system crash and a denial of service.(CVE-2018-19985)

  • A flaw was found in the Linux kernel’s implementation of logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack in the l2cap_parse_conf_rsp and l2cap_parse_conf_req functions. An attacker with physical access within the range of standard Bluetooth transmission can create a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack.(CVE-2019-3460)

  • A flaw was found in the Linux kernels implementation of Logical link control and adaptation protocol (L2CAP), part of the Bluetooth stack. An attacker with physical access within the range of standard Bluetooth transmission can create a specially crafted packet. The response to this specially crafted packet can contain part of the kernel stack which can be used in a further attack.(CVE-2019-3459)

  • A flaw was found in the Linux kernel’s NFS41+ subsystem. NFS41+ shares mounted in different network namespaces at the same time can make bc_svc_process() use wrong back-channel IDs and cause a use-after-free vulnerability. Thus a malicious container user can cause a host kernel memory corruption and a system panic. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.(CVE-2018-16884)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(124431);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/20");

  script_cve_id(
    "CVE-2017-13168",
    "CVE-2018-9422",
    "CVE-2018-10877",
    "CVE-2018-16884",
    "CVE-2018-19985",
    "CVE-2019-3459",
    "CVE-2019-3460",
    "CVE-2019-6133",
    "CVE-2019-11190"
  );

  script_name(english:"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2019-1304)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - An elevation of privilege vulnerability in the kernel
    scsi driver. Product: Android. Versions: Android
    kernel. Android ID A-65023233.(CVE-2017-13168)

  - Non-optimized code for key handling of shared futexes
    was found in the Linux kernel in the form of unbounded
    contention time due to the page lock for real-time
    users. Before the fix, the page lock was an
    unnecessarily heavy lock for the futex path that
    protected too much. After the fix, the page lock is
    only required in a specific corner case.(CVE-2018-9422)

  - A flaw in the load_elf_binary() function in the Linux
    kernel allows a local attacker to leak the base address
    of .text and stack sections for setuid binaries and
    bypass ASLR because install_exec_creds() is called too
    late in this function.(CVE-2019-11190)

  - A flaw was found in the Linux kernel ext4 filesystem.
    An out-of-bound access is possible in the
    ext4_ext_drop_refs() function when operating on a
    crafted ext4 filesystem image.(CVE-2018-10877)

  - A vulnerability was found in polkit. When
    authentication is performed by a non-root user to
    perform an administrative task, the authentication is
    temporarily cached in such a way that a local attacker
    could impersonate the authorized process, thus gaining
    access to elevated privileges.(CVE-2019-6133)

  - A flaw was found in the Linux kernel in the function
    hso_probe() which reads if_num value from the USB
    device (as an u8) and uses it without a length check to
    index an array, resulting in an OOB memory read in
    hso_probe() or hso_get_config_data(). An attacker with
    a forged USB device and physical access to a system
    (needed to connect such a device) can cause a system
    crash and a denial of service.(CVE-2018-19985)

  - A flaw was found in the Linux kernel's implementation
    of logical link control and adaptation protocol
    (L2CAP), part of the Bluetooth stack in the
    l2cap_parse_conf_rsp and l2cap_parse_conf_req
    functions. An attacker with physical access within the
    range of standard Bluetooth transmission can create a
    specially crafted packet. The response to this
    specially crafted packet can contain part of the kernel
    stack which can be used in a further
    attack.(CVE-2019-3460)

  - A flaw was found in the Linux kernels implementation of
    Logical link control and adaptation protocol (L2CAP),
    part of the Bluetooth stack. An attacker with physical
    access within the range of standard Bluetooth
    transmission can create a specially crafted packet. The
    response to this specially crafted packet can contain
    part of the kernel stack which can be used in a further
    attack.(CVE-2019-3459)

  - A flaw was found in the Linux kernel's NFS41+
    subsystem. NFS41+ shares mounted in different network
    namespaces at the same time can make bc_svc_process()
    use wrong back-channel IDs and cause a use-after-free
    vulnerability. Thus a malicious container user can
    cause a host kernel memory corruption and a system
    panic. Due to the nature of the flaw, privilege
    escalation cannot be fully ruled out.(CVE-2018-16884)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1304
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dffc7b05");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-9422");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2018-16884");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/04/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["kernel-3.10.0-862.14.0.1.h137.eulerosv2r7",
        "kernel-debuginfo-3.10.0-862.14.0.1.h137.eulerosv2r7",
        "kernel-debuginfo-common-x86_64-3.10.0-862.14.0.1.h137.eulerosv2r7",
        "kernel-devel-3.10.0-862.14.0.1.h137.eulerosv2r7",
        "kernel-headers-3.10.0-862.14.0.1.h137.eulerosv2r7",
        "kernel-tools-3.10.0-862.14.0.1.h137.eulerosv2r7",
        "kernel-tools-libs-3.10.0-862.14.0.1.h137.eulerosv2r7",
        "perf-3.10.0-862.14.0.1.h137.eulerosv2r7",
        "python-perf-3.10.0-862.14.0.1.h137.eulerosv2r7"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
VendorProductVersionCPE
huaweieuleroskernelp-cpe:/a:huawei:euleros:kernel
huaweieuleroskernel-debuginfop-cpe:/a:huawei:euleros:kernel-debuginfo
huaweieuleroskernel-debuginfo-common-x86_64p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64
huaweieuleroskernel-develp-cpe:/a:huawei:euleros:kernel-devel
huaweieuleroskernel-headersp-cpe:/a:huawei:euleros:kernel-headers
huaweieuleroskernel-toolsp-cpe:/a:huawei:euleros:kernel-tools
huaweieuleroskernel-tools-libsp-cpe:/a:huawei:euleros:kernel-tools-libs
huaweieulerosperfp-cpe:/a:huawei:euleros:perf
huaweieulerospython-perfp-cpe:/a:huawei:euleros:python-perf
huaweieuleros2.0cpe:/o:huawei:euleros:2.0

Related

openvas 34
nessus 58
oraclelinux 9
fedora 5
amazon 5
suse 4
redhatcve 8
ubuntucve 9
cve 9
debiancve 9
prion 9
ubuntu 6
veracode 6
cloudfoundry 1
redhat 5
f5 4
centos 2
ibm 1
osv 6
photon 2
alpinelinux 1
virtuozzo 1
debian 4
mageia 1
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1304)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1586)
2020-01-23 00:00:00
Fedora Update for kernel-headers FEDORA-2019-509c133845
2019-01-17 00:00:00
nessus
nessus
EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1586)
2019-05-29 00:00:00
Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4646)
2019-05-17 00:00:00
Fedora 29 : kernel / kernel-headers (2019-f812c9fb22)
2019-01-17 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2019-05-16 00:00:00
Unbreakable Enterprise kernel security update
2019-05-15 00:00:00
polkit security update
2019-02-01 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: kernel-headers-4.19.15-300.fc29
2019-01-17 02:17:41
[SECURITY] Fedora 28 Update: kernel-headers-4.19.15-200.fc28
2019-01-17 01:43:05
[SECURITY] Fedora 28 Update: kernel-tools-4.19.16-200.fc28
2019-01-22 01:35:57
amazon
amazon
Important: kernel
2019-05-02 17:22:00
Important: kernel
2019-05-02 18:45:00
Important: polkit
2019-03-07 05:58:00
suse
suse
Security update for the Linux Kernel (important)
2019-02-06 00:00:00
Security update for polkit (important)
2019-08-15 00:00:00
Security update for the Linux Kernel (important)
2019-03-01 00:00:00
redhatcve
redhatcve
CVE-2017-13168
2018-12-13 11:07:48
CVE-2019-11190
2020-03-18 07:37:38
CVE-2018-10877
2019-10-25 00:36:29
ubuntucve
ubuntucve
CVE-2017-13168
2017-12-06 00:00:00
CVE-2019-11190
2019-04-11 00:00:00
CVE-2018-10877
2018-07-18 00:00:00
cve
cve
CVE-2017-13168
2017-12-06 14:29:00
CVE-2019-11190
2019-04-12 00:29:00
CVE-2018-19985
2019-03-21 16:00:00
debiancve
debiancve
CVE-2017-13168
2017-12-06 14:29:00
CVE-2019-11190
2019-04-12 00:29:00
CVE-2018-19985
2019-03-21 16:00:00
prion
prion
Race condition
2019-04-12 00:29:00
Privilege escalation
2017-12-06 14:29:00
Design/Logic Flaw
2018-07-18 15:29:00
ubuntu
ubuntu
Linux kernel vulnerabilities
2019-03-15 00:00:00
Linux kernel (Xenial HWE) vulnerabilities
2019-03-15 00:00:00
PolicyKit vulnerability
2019-09-02 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-04-03 00:40:30
Denial Of Service (DoS)
2019-11-06 00:20:54
Privilege Escalation
2019-08-05 00:16:14
cloudfoundry
cloudfoundry
USN-3910-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2019-04-12 00:00:00
redhat
redhat
(RHSA-2019:2699) Important: polkit security update
2019-09-10 10:02:54
(RHSA-2019:0230) Important: polkit security update
2019-01-31 17:03:03
(RHSA-2019:0832) Important: polkit security update
2019-04-23 12:40:26
f5
f5
K22715344 : PolicyKit vulnerability CVE-2019-6133
2019-03-31 00:00:00
K21430012 : Linux kernel vulnerability CVE-2018-16884
2019-04-09 00:00:00
K15122200 : Linux kernel vulnerability CVE-2019-3460
2022-06-02 00:00:00
centos
centos
polkit security update
2019-03-08 15:46:15
polkit security update
2019-02-26 20:22:22
ibm
ibm
Security Bulletin: A vulnerability in Polkit affects PowerKVM
2019-03-04 05:55:02
osv
osv
CVE-2019-6133
2019-01-11 14:29:00
CVE-2019-3460
2019-04-11 16:29:02
linux-4.9 - security update
2019-04-29 00:00:00
photon
photon
Moderate Photon OS Security Update - PHSA-2019-0151
2019-04-11 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-1.0-0224
2019-04-19 00:00:00
alpinelinux
alpinelinux
CVE-2019-6133
2019-01-11 14:29:00
virtuozzo
virtuozzo
Important kernel security update: Virtuozzo ReadyKernel patch 69.0 for Virtuozzo 7.0.4 HF3 to 7.0.8 HF1
2018-12-24 00:00:00
debian
debian
[SECURITY] [DLA 1771-1] linux-4.9 security update
2019-05-03 10:07:46
[SECURITY] [DLA 1799-2] linux security update
2019-05-28 16:26:35
[SECURITY] [DLA 1799-1] linux security update
2019-05-28 15:39:04
mageia
mageia
Updated kernel packages fix security vulnerabilities
2019-02-21 02:50:36
JSON
Related for EULEROS_SA-2019-1304.NASL
openvas34nessus58oraclelinux9fedora5amazon5suse4redhatcve8ubuntucve9cve9debiancve9prion9ubuntu6veracode6cloudfoundry1redhat5f54centos2ibm1osv6photon2alpinelinux1virtuozzo1debian4mageia1