EulerOS Virtualization 3.0.1.0 RPM Vulnerabilit
Reporter | Title | Published | Views | Family All 106 |
---|---|---|---|---|
Tenable Nessus | EulerOS 2.0 SP3 : rpm (EulerOS-SA-2019-1043) | 15 Feb 201900:00 | – | nessus |
Tenable Nessus | EulerOS 2.0 SP5 : rpm (EulerOS-SA-2019-1011) | 8 Jan 201900:00 | – | nessus |
Tenable Nessus | EulerOS 2.0 SP2 : rpm (EulerOS-SA-2018-1353) | 6 Nov 201800:00 | – | nessus |
Tenable Nessus | EulerOS Virtualization 2.5.4 : rpm (EulerOS-SA-2019-1210) | 9 Apr 201900:00 | – | nessus |
Tenable Nessus | EulerOS Virtualization for ARM 64 3.0.2.0 : rpm (EulerOS-SA-2019-1616) | 30 May 201900:00 | – | nessus |
Tenable Nessus | Photon OS 1.0: Rpm PHSA-2017-1.0-0095 | 7 Feb 201900:00 | – | nessus |
Tenable Nessus | SUSE SLED12 / SLES12 Security Update : rpm (SUSE-SU-2018:3286-1) | 23 Oct 201800:00 | – | nessus |
Tenable Nessus | Fedora 26 : rpm (2017-9232eac8e8) | 8 Nov 201700:00 | – | nessus |
Tenable Nessus | SUSE SLED12 / SLES12 Security Update : rpm (SUSE-SU-2018:3884-1) | 26 Nov 201800:00 | – | nessus |
Tenable Nessus | Fedora 25 : rpm (2017-ab57a100f3) | 29 Nov 201700:00 | – | nessus |
Source | Link |
---|---|
nessus | www.nessus.org/u |
cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(124969);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id(
"CVE-2017-7501"
);
script_name(english:"EulerOS Virtualization 3.0.1.0 : rpm (EulerOS-SA-2019-1466)");
script_summary(english:"Checks the rpm output for the updated package.");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the rpm packages installed, the EulerOS
Virtualization installation on the remote host is affected by the
following vulnerability :
- It was found that rpm uses temporary files with
predictable names when installing an RPM. An attacker
with ability to write in a directory where files will
be installed could create symbolic links to an
arbitrary location and modify content, and possibly
permissions to arbitrary files, which could be used for
denial of service or possibly privilege
escalation.(CVE-2017-7501)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1466
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e4c43f29");
script_set_attribute(attribute:"solution", value:
"Update the affected rpm package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"patch_publication_date", value:"2019/05/07");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rpm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rpm-build");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rpm-build-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rpm-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rpm-python");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["rpm-4.11.3-32.h6",
"rpm-build-4.11.3-32.h6",
"rpm-build-libs-4.11.3-32.h6",
"rpm-libs-4.11.3-32.h6",
"rpm-python-4.11.3-32.h6"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rpm");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo