Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2019-1793.NASL
HistoryAug 12, 2019 - 12:00 a.m.

EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1793)

2019-08-1200:00:00
This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
31
JSON

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  • The Linux kernel before 5.1-rc5 allows page-i1/4z_refcount reference count overflow, with resultant use-after-free issues, if about 140 GiB of RAM exists. This is related to fs/fuse/dev.c, fs/pipe.c, fs/splice.c, include/linux/mm.h, include/linux/pipe_fs_i.h, kernel/trace/trace.c, mm/gup.c, and mm/hugetlb.c. It can occur with FUSE requests.(CVE-2019-11487)

  • A flaw was found in the Linux kernel’s implementation of ext4 extent management. The kernel doesn’t correctly initialize memory regions in the extent tree block which may be exported to a local user to obtain sensitive information by reading empty/uninitialized data from the filesystem.(CVE-2019-11833)

  • A flaw was found in the Linux kernel’s implementation of the Bluetooth Human Interface Device Protocol (HIDP). A local attacker with access permissions to the Bluetooth device can issue an IOCTL which will trigger the do_hidp_sock_ioctl function in net/bluetooth/hidp/sock.c.c. This function can leak potentially sensitive information from the kernel stack memory via a HIDPCONNADD command because a name field may not be correctly NULL terminated.(CVE-2019-11884)

  • An information leakage issue was found in the way Linux kernel’s KVM hypervisor handled page fault exceptions while emulating instructions like VMXON, VMCLEAR, VMPTRLD, and VMWRITE with memory address as an operand.
    It occurs if the operand is a mmio address, as the returned exception object holds uninitialized stack memory contents. A guest user/process could use this flaw to leak host’s stack memory contents to a guest.(CVE-2019-7222)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(127564);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id(
    "CVE-2019-11487",
    "CVE-2019-11833",
    "CVE-2019-11884",
    "CVE-2019-7222"
  );

  script_name(english:"EulerOS 2.0 SP2 : kernel (EulerOS-SA-2019-1793)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - The Linux kernel before 5.1-rc5 allows
    page-i1/4z_refcount reference count overflow, with
    resultant use-after-free issues, if about 140 GiB of
    RAM exists. This is related to fs/fuse/dev.c,
    fs/pipe.c, fs/splice.c, include/linux/mm.h,
    include/linux/pipe_fs_i.h, kernel/trace/trace.c,
    mm/gup.c, and mm/hugetlb.c. It can occur with FUSE
    requests.(CVE-2019-11487)

  - A flaw was found in the Linux kernel's implementation
    of ext4 extent management. The kernel doesn't correctly
    initialize memory regions in the extent tree block
    which may be exported to a local user to obtain
    sensitive information by reading empty/uninitialized
    data from the filesystem.(CVE-2019-11833)

  - A flaw was found in the Linux kernel's implementation
    of the Bluetooth Human Interface Device Protocol
    (HIDP). A local attacker with access permissions to the
    Bluetooth device can issue an IOCTL which will trigger
    the do_hidp_sock_ioctl function in
    net/bluetooth/hidp/sock.c.c. This function can leak
    potentially sensitive information from the kernel stack
    memory via a HIDPCONNADD command because a name field
    may not be correctly NULL terminated.(CVE-2019-11884)

  - An information leakage issue was found in the way Linux
    kernel's KVM hypervisor handled page fault exceptions
    while emulating instructions like VMXON, VMCLEAR,
    VMPTRLD, and VMWRITE with memory address as an operand.
    It occurs if the operand is a mmio address, as the
    returned exception object holds uninitialized stack
    memory contents. A guest user/process could use this
    flaw to leak host's stack memory contents to a
    guest.(CVE-2019-7222)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1793
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7949efef");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/08/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debug");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debug-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["kernel-3.10.0-327.62.59.83.h167",
        "kernel-debug-3.10.0-327.62.59.83.h167",
        "kernel-debug-devel-3.10.0-327.62.59.83.h167",
        "kernel-debuginfo-3.10.0-327.62.59.83.h167",
        "kernel-debuginfo-common-x86_64-3.10.0-327.62.59.83.h167",
        "kernel-devel-3.10.0-327.62.59.83.h167",
        "kernel-headers-3.10.0-327.62.59.83.h167",
        "kernel-tools-3.10.0-327.62.59.83.h167",
        "kernel-tools-libs-3.10.0-327.62.59.83.h167",
        "perf-3.10.0-327.62.59.83.h167",
        "python-perf-3.10.0-327.62.59.83.h167"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
VendorProductVersionCPE
huaweieuleroskernelp-cpe:/a:huawei:euleros:kernel
huaweieuleroskernel-debugp-cpe:/a:huawei:euleros:kernel-debug
huaweieuleroskernel-debug-develp-cpe:/a:huawei:euleros:kernel-debug-devel
huaweieuleroskernel-debuginfop-cpe:/a:huawei:euleros:kernel-debuginfo
huaweieuleroskernel-debuginfo-common-x86_64p-cpe:/a:huawei:euleros:kernel-debuginfo-common-x86_64
huaweieuleroskernel-develp-cpe:/a:huawei:euleros:kernel-devel
huaweieuleroskernel-headersp-cpe:/a:huawei:euleros:kernel-headers
huaweieuleroskernel-toolsp-cpe:/a:huawei:euleros:kernel-tools
huaweieuleroskernel-tools-libsp-cpe:/a:huawei:euleros:kernel-tools-libs
huaweieulerosperfp-cpe:/a:huawei:euleros:perf
Rows per page:
1-10 of 121

Related

openvas 50
nessus 66
ubuntu 6
ibm 1
cloudfoundry 1
prion 4
oraclelinux 6
cve 5
redhat 8
veracode 4
redhatcve 4
centos 2
debiancve 4
f5 1
ubuntucve 4
fedora 11
amazon 4
mageia 3
altlinux 1
osv 3
debian 4
suse 5
slackware 1
myhack58 1
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1793)
2020-01-23 00:00:00
Ubuntu: Security Advisory (USN-4069-1)
2019-07-24 00:00:00
Ubuntu: Security Advisory (USN-4069-2)
2019-08-02 00:00:00
nessus
nessus
Ubuntu 19.04 : Linux kernel vulnerabilities (USN-4069-1)
2019-07-23 00:00:00
Ubuntu 18.04 LTS : Linux kernel (HWE) vulnerabilities (USN-4069-2)
2019-08-12 00:00:00
Ubuntu 16.04 LTS : Linux kernel (HWE) vulnerabilities (USN-4068-2)
2019-07-23 00:00:00
ubuntu
ubuntu
Linux kernel (HWE) vulnerabilities
2019-08-01 00:00:00
Linux kernel vulnerabilities
2019-07-23 00:00:00
Linux kernel (HWE) vulnerabilities
2019-07-23 00:00:00
ibm
ibm
Security Bulletin: IBM Security Guardium is affected by a kernel vulnerability
2020-10-07 16:07:22
cloudfoundry
cloudfoundry
USN-4068-2: Linux kernel (HWE) vulnerabilities | Cloud Foundry
2019-08-29 00:00:00
prion
prion
Design/Logic Flaw
2019-04-23 22:29:00
Information disclosure
2019-05-15 13:29:00
Design/Logic Flaw
2019-05-10 22:29:00
oraclelinux
oraclelinux
kernel security and bug fix update
2020-10-08 00:00:00
kernel security, bug fix, and enhancement update
2020-03-18 00:00:00
Unbreakable Enterprise kernel security update
2019-07-29 00:00:00
cve
cve
CVE-2019-11487
2019-04-23 22:29:00
CVE-2019-11833
2019-05-15 13:29:00
CVE-2019-7222
2019-03-21 16:01:00
redhat
redhat
(RHSA-2020:4182) Important: kernel security and bug fix update
2020-10-06 12:54:02
(RHSA-2020:3266) Important: kernel-rt security and bug fix update
2020-08-03 06:02:46
(RHSA-2020:3230) Important: kernel security and bug fix update
2020-07-29 21:04:32
veracode
veracode
Denial Of Service (DoS)
2020-03-18 00:55:52
Information Disclosure
2019-08-08 00:07:20
Information Disclosure
2019-11-06 00:20:57
redhatcve
redhatcve
CVE-2019-11487
2020-04-07 17:14:51
CVE-2019-11833
2020-05-06 10:34:21
CVE-2019-11884
2020-04-08 05:29:15
centos
centos
kernel, perf, python security update
2020-11-09 13:13:23
bpftool, kernel, perf, python security update
2020-03-18 19:22:23
debiancve
debiancve
CVE-2019-11487
2019-04-23 22:29:00
CVE-2019-11833
2019-05-15 13:29:00
CVE-2019-7222
2019-03-21 16:01:00
f5
f5
K14255532 : Linux kernel vulnerability CVE-2019-11487
2019-06-28 00:00:00
ubuntucve
ubuntucve
CVE-2019-11487
2019-04-23 00:00:00
CVE-2019-11833
2019-05-15 00:00:00
CVE-2019-11884
2019-05-10 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: kernel-tools-5.0.19-200.fc29
2019-06-04 02:23:02
[SECURITY] Fedora 29 Update: kernel-headers-5.0.19-200.fc29
2019-06-04 02:23:01
[SECURITY] Fedora 28 Update: kernel-headers-4.20.8-100.fc28
2019-02-16 01:25:12
amazon
amazon
Important: kernel
2019-05-29 18:59:00
Important: kernel
2019-02-26 18:55:00
Important: kernel
2019-03-07 18:24:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2019-05-30 12:01:50
Updated kernel-tmb packages fix security vulnerability
2019-06-21 04:07:01
Updated kernel-linus packages fix security vulnerability
2019-06-21 04:07:01
altlinux
altlinux
Security fix for the ALT Linux 9 package kernel-image-tegra version 4.9.140-alt2
2019-07-10 00:00:00
osv
osv
linux - security update
2019-06-17 00:00:00
linux-4.9 - security update
2019-06-17 00:00:00
linux - security update
2019-06-17 00:00:00
debian
debian
[SECURITY] [DLA 1823-1] linux security update
2019-06-17 23:42:52
[SECURITY] [DLA 1824-1] linux-4.9 security update
2019-06-18 10:23:55
[SECURITY] [DSA 4465-1] linux security update
2019-06-17 18:00:31
suse
suse
Security update for the Linux Kernel (important)
2019-05-31 00:00:00
Security update for the Linux Kernel (important)
2019-03-01 00:00:00
Security update for the Linux Kernel (important)
2019-06-18 00:00:00
slackware
slackware
[slackware-security] kernel
2019-06-18 22:33:08
myhack58
myhack58
Microsoft Patch Day: Word/DHCP/LNK remote code execution vulnerability alerts-a vulnerability alert-the black bar safety net
2019-08-14 00:00:00
JSON
Related for EULEROS_SA-2019-1793.NASL
openvas50nessus66ubuntu6ibm1cloudfoundry1prion4oraclelinux6cve5redhat8veracode4redhatcve4centos2debiancve4f51ubuntucve4fedora11amazon4mageia3altlinux1osv3debian4suse5slackware1myhack581