Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2019-1858.NASL
HistorySep 17, 2019 - 12:00 a.m.

EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2019-1858)

2019-09-1700:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
29
JSON

According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  • libxml2 in Apple iOS before 10, OS X before 10.12, tvOS before 10, and watchOS before 3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document.(CVE-2016-4658)

  • The xmlBufAttrSerializeTxtContent function in xmlsave.c in libxml2 allows context-dependent attackers to cause a denial of service (out-of-bounds read and application crash) via a non-UTF-8 attribute value, related to serialization. NOTE: this vulnerability may be a duplicate of CVE-2016-3627.(CVE-2016-4483)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(128910);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id(
    "CVE-2016-4483",
    "CVE-2016-4658"
  );

  script_name(english:"EulerOS 2.0 SP2 : libxml2 (EulerOS-SA-2019-1858)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the libxml2 packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - libxml2 in Apple iOS before 10, OS X before 10.12, tvOS
    before 10, and watchOS before 3 allows remote attackers
    to execute arbitrary code or cause a denial of service
    (memory corruption) via a crafted XML
    document.(CVE-2016-4658)

  - The xmlBufAttrSerializeTxtContent function in xmlsave.c
    in libxml2 allows context-dependent attackers to cause
    a denial of service (out-of-bounds read and application
    crash) via a non-UTF-8 attribute value, related to
    serialization. NOTE: this vulnerability may be a
    duplicate of CVE-2016-3627.(CVE-2016-4483)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1858
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ea70cd22");
  script_set_attribute(attribute:"solution", value:
"Update the affected libxml2 packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/09/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libxml2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libxml2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libxml2-python");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["libxml2-2.9.1-6.3.h14",
        "libxml2-devel-2.9.1-6.3.h14",
        "libxml2-python-2.9.1-6.3.h14"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2");
}
VendorProductVersionCPE
huaweieuleroslibxml2p-cpe:/a:huawei:euleros:libxml2
huaweieuleroslibxml2-develp-cpe:/a:huawei:euleros:libxml2-devel
huaweieuleroslibxml2-pythonp-cpe:/a:huawei:euleros:libxml2-python
huaweieuleros2.0cpe:/o:huawei:euleros:2.0

Related

openvas 28
nessus 41
ubuntucve 5
redhatcve 3
prion 5
debiancve 5
veracode 5
cve 5
github 1
ibm 28
osv 36
cloudlinux 1
redhat 1
oraclelinux 1
f5 3
centos 1
packetstorm 1
debian 6
amazon 1
archlinux 2
mageia 2
altlinux 3
rubygems 1
cloudfoundry 2
ubuntu 2
gentoo 1
suse 2
freebsd 1
fedora 2
rosalinux 1
symantec 1
apple 2
openvas
openvas
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-2013)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-1858)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-1798)
2020-01-23 00:00:00
nessus
nessus
EulerOS 2.0 SP3 : libxml2 (EulerOS-SA-2019-2013)
2019-09-24 00:00:00
EulerOS 2.0 SP5 : libxml2 (EulerOS-SA-2019-1798)
2019-08-23 00:00:00
EulerOS Virtualization for ARM 64 3.0.2.0 : libxml2 (EulerOS-SA-2020-1208)
2020-03-13 00:00:00
ubuntucve
ubuntucve
CVE-2016-4483
2016-05-04 00:00:00
CVE-2016-4658
2016-09-25 00:00:00
CVE-2016-3627
2016-05-17 00:00:00
redhatcve
redhatcve
CVE-2016-4483
2016-05-04 07:49:18
CVE-2016-4658
2016-10-13 09:47:26
CVE-2016-9598
2016-12-22 20:47:25
prion
prion
Out-of-bounds
2017-04-11 16:59:00
Memory corruption
2016-09-25 10:59:00
Code injection
2016-05-17 14:08:00
debiancve
debiancve
CVE-2016-4483
2017-04-11 16:59:00
CVE-2016-4658
2016-09-25 10:59:00
CVE-2016-3627
2016-05-17 14:08:00
veracode
veracode
Vulnerable Through Use Of C Library
2017-04-12 01:37:48
Remote Code Execution (RCE)
2018-05-23 05:14:44
Denial Of Service (DoS)
2019-05-02 05:34:53
cve
cve
CVE-2016-4483
2017-04-11 16:59:00
CVE-2016-4658
2016-09-25 10:59:00
CVE-2016-3627
2016-05-17 14:08:00
github
github
Nokogiri does not forbid namespace nodes in XPointer ranges
2018-08-21 19:03:26
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to arbitrary code execution due to [CVE-2016-4658]
2022-11-03 17:03:31
Security Bulletin: IBM QRadar Network Security is affected by an arbitrary code execution vulnerability (CVE-2016-4658)
2022-03-31 03:36:56
Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerability in libxml2 (CVE-2016-4658)
2019-01-31 02:25:02
osv
osv
Nokogiri does not forbid namespace nodes in XPointer ranges
2018-08-21 19:03:26
libxml2 - security update
2016-10-31 00:00:00
CVE-2016-3709
2022-07-28 17:15:07
cloudlinux
cloudlinux
libxml2: Fix of CVE-2016-4658
2023-11-07 18:21:51
redhat
redhat
(RHSA-2021:3810) Moderate: libxml2 security update
2021-10-12 13:23:35
oraclelinux
oraclelinux
libxml2 security update
2021-10-13 00:00:00
f5
f5
K49419538 : libxml2 vulnerability CVE 2016-4658
2022-04-05 00:00:00
SOL54225343 - libxml2 vulnerabilities CVE-2016-3627 and CVE-2016-3705
2016-07-18 00:00:00
K54225343 : libxml2 vulnerabilities CVE-2016-3627 and CVE-2016-3705
2016-07-18 00:00:00
centos
centos
libxml2 security update
2021-11-17 14:46:50
packetstorm
packetstorm
libxml 2.9.2 Stack Overflow
2016-05-03 00:00:00
debian
debian
[SECURITY] [DSA 3744-1] libxml2 security update
2016-12-23 18:31:42
[SECURITY] [DSA 3744-1] libxml2 security update
2016-12-23 18:31:42
[SECURITY] [DLA 691-1] libxml2 security update
2016-10-31 17:09:55
amazon
amazon
Medium: libxml2
2019-09-30 22:47:00
archlinux
archlinux
[ASA-201611-2] libxml2: arbitrary code execution
2016-11-01 00:00:00
libxml2: multiple issues
2016-05-26 00:00:00
mageia
mageia
Updated libxml2 packages fix security vulnerability
2016-05-20 14:38:30
Updated libxml2 & perl-XML-LibXML packages fix security vulnerabilities
2018-01-03 18:50:51
altlinux
altlinux
Security fix for the ALT Linux 10 package libxml2 version 1:2.9.4.0.12.e905-alt1
2017-03-03 00:00:00
Security fix for the ALT Linux 8 package libxml2 version 1:2.9.4.0.12.e905-alt1
2017-03-07 00:00:00
Security fix for the ALT Linux 9 package libxml2 version 1:2.9.4.0.12.e905-alt1
2017-03-03 00:00:00
rubygems
rubygems
Nokogiri gem contains several vulnerabilities in libxml2 and libxslt
2017-03-10 21:00:00
cloudfoundry
cloudfoundry
USN-3235-1: libxml2 vulnerabilities | Cloud Foundry
2017-03-31 00:00:00
USN-2994-1 libxml2 vulnerabilities | Cloud Foundry
2016-06-13 00:00:00
ubuntu
ubuntu
libxml2 vulnerabilities
2017-03-16 00:00:00
libxml2 vulnerabilities
2016-06-06 00:00:00
gentoo
gentoo
libxml2: Multiple vulnerabilities
2017-01-16 00:00:00
suse
suse
Security update for libxml2 (important)
2016-06-16 13:08:21
Security update for libxml2 (important)
2016-06-16 13:10:48
freebsd
freebsd
libxml2 -- multiple vulnerabilities
2016-05-23 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: libxml2-2.9.7-1.fc26
2018-02-14 17:11:02
[SECURITY] Fedora 27 Update: libxml2-2.9.7-1.fc27
2018-01-30 18:12:24
rosalinux
rosalinux
Advisory ROSA-SA-2021-1905
2021-07-02 17:25:35
symantec
symantec
SA129 : Multiple libxml2 Vulnerabilities
2016-09-01 08:00:00
apple
apple
About the security content of iCloud for Windows 5.2.1 - Apple Support
2017-06-10 11:43:45
About the security content of iTunes 12.4.2 for Windows - Apple Support
2017-06-10 11:47:52
JSON
Related for EULEROS_SA-2019-1858.NASL
openvas28nessus41ubuntucve5redhatcve3prion5debiancve5veracode5cve5github1ibm28osv36cloudlinux1redhat1oraclelinux1f53centos1packetstorm1debian6amazon1archlinux2mageia2altlinux3rubygems1cloudfoundry2ubuntu2gentoo1suse2freebsd1fedora2rosalinux1symantec1apple2