According to glibc packages version, EulerOS Virtualization 2.5.4 is vulnerable to privilege escalation via mishandled RPATH/RUNPATH
Reporter | Title | Published | Views | Family All 72 |
---|---|---|---|---|
![]() | CVE-2017-16997 | 18 Dec 201705:20 | – | redhatcve |
![]() | Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-1257) | 23 Jan 202000:00 | – | openvas |
![]() | Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-1371) | 23 Jan 202000:00 | – | openvas |
![]() | Mageia: Security Advisory (MGASA-2018-0096) | 28 Jan 202200:00 | – | openvas |
![]() | Fedora Update for glibc FEDORA-2018-7714b514e2 | 24 Jan 201800:00 | – | openvas |
![]() | Mageia: Security Advisory (MGASA-2018-0098) | 28 Jan 202200:00 | – | openvas |
![]() | Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-1386) | 23 Jan 202000:00 | – | openvas |
![]() | Fedora Update for glibc FEDORA-2018-8e27ad96ed | 24 Jan 201800:00 | – | openvas |
![]() | Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2019-1667) | 23 Jan 202000:00 | – | openvas |
![]() | Ubuntu: Security Advisory (USN-3534-1) | 18 Jan 201800:00 | – | openvas |
Source | Link |
---|---|
cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
nessus | www.nessus.org/u |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(124749);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id(
"CVE-2017-16997"
);
script_name(english:"EulerOS Virtualization 2.5.4 : glibc (EulerOS-SA-2019-1371)");
script_summary(english:"Checks the rpm output for the updated package.");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the glibc packages installed, the EulerOS
Virtualization installation on the remote host is affected by the
following vulnerability :
- elf/dl-load.c in the GNU C Library (aka glibc or libc6)
2.19 through 2.26 mishandles RPATH and RUNPATH
containing $ORIGIN for a privileged (setuid or
AT_SECURE) program, which allows local users to gain
privileges via a Trojan horse library in the current
working directory, related to the fillin_rpath and
decompose_rpath functions. This is associated with
misinterpretion of an empty RPATH/RUNPATH token as the
'./' directory. NOTE: this configuration of
RPATH/RUNPATH for a privileged program is apparently
very uncommon most likely, no such program is shipped
with any common Linux distribution.i1/4^CVE-2017-16997i1/4%0
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1371
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d2fc8fb4");
script_set_attribute(attribute:"solution", value:
"Update the affected glibc package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"patch_publication_date", value:"2019/05/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:nscd");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.5.4");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.5.4") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.5.4");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["glibc-2.17-222.h9",
"glibc-common-2.17-222.h9",
"glibc-devel-2.17-222.h9",
"glibc-headers-2.17-222.h9",
"nscd-2.17-222.h9"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo