According to the versions of the libvirt packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :
It was discovered that libvirtd would permit read-only clients to use the virDomainSaveImageGetXMLDesc() API, specifying an arbitrary path which would be accessed with the permissions of the libvirtd process. An attacker with access to the libvirtd socket could use this to probe the existence of arbitrary files, cause denial of service or cause libvirtd to execute arbitrary programs. (CVE-2019-10161)
The virConnectGetDomainCapabilities() libvirt API accepts an ‘emulatorbin’ argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain’s capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges. (CVE-2019-10167)
The virConnectBaselineHypervisorCPU() and virConnectCompareHypervisorCPU() libvirt APIs accept an ‘emulator’ argument to specify the program providing emulation for a domain. Since v1.2.19, libvirt will execute that program to probe the domain’s capabilities. Read-only clients could specify an arbitrary path for this argument, causing libvirtd to execute a crafted executable with its own privileges.
(CVE-2019-10168)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(128960);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id(
"CVE-2019-10161",
"CVE-2019-10167",
"CVE-2019-10168"
);
script_name(english:"EulerOS Virtualization for ARM 64 3.0.2.0 : libvirt (EulerOS-SA-2019-1957)");
script_summary(english:"Checks the rpm output for the updated packages.");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization for ARM 64 host is missing multiple security
updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the libvirt packages installed, the
EulerOS Virtualization for ARM 64 installation on the remote host is
affected by the following vulnerabilities :
- It was discovered that libvirtd would permit read-only
clients to use the virDomainSaveImageGetXMLDesc() API,
specifying an arbitrary path which would be accessed
with the permissions of the libvirtd process. An
attacker with access to the libvirtd socket could use
this to probe the existence of arbitrary files, cause
denial of service or cause libvirtd to execute
arbitrary programs. (CVE-2019-10161)
- The virConnectGetDomainCapabilities() libvirt API
accepts an 'emulatorbin' argument to specify the
program providing emulation for a domain. Since
v1.2.19, libvirt will execute that program to probe the
domain's capabilities. Read-only clients could specify
an arbitrary path for this argument, causing libvirtd
to execute a crafted executable with its own
privileges. (CVE-2019-10167)
- The virConnectBaselineHypervisorCPU() and
virConnectCompareHypervisorCPU() libvirt APIs accept an
'emulator' argument to specify the program providing
emulation for a domain. Since v1.2.19, libvirt will
execute that program to probe the domain's
capabilities. Read-only clients could specify an
arbitrary path for this argument, causing libvirtd to
execute a crafted executable with its own privileges.
(CVE-2019-10168)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1957
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?adb0b4dc");
script_set_attribute(attribute:"solution", value:
"Update the affected libvirt packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"patch_publication_date", value:"2019/09/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/17");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-admin");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-client");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-config-network");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-config-nwfilter");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-interface");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-network");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nodedev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nwfilter");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-qemu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-secret");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-disk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-iscsi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-logical");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-mpath");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-driver-storage-scsi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-daemon-kvm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libvirt-libs");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.2.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
flag = 0;
pkgs = ["libvirt-3.2.0-269",
"libvirt-admin-3.2.0-269",
"libvirt-client-3.2.0-269",
"libvirt-daemon-3.2.0-269",
"libvirt-daemon-config-network-3.2.0-269",
"libvirt-daemon-config-nwfilter-3.2.0-269",
"libvirt-daemon-driver-interface-3.2.0-269",
"libvirt-daemon-driver-network-3.2.0-269",
"libvirt-daemon-driver-nodedev-3.2.0-269",
"libvirt-daemon-driver-nwfilter-3.2.0-269",
"libvirt-daemon-driver-qemu-3.2.0-269",
"libvirt-daemon-driver-secret-3.2.0-269",
"libvirt-daemon-driver-storage-3.2.0-269",
"libvirt-daemon-driver-storage-core-3.2.0-269",
"libvirt-daemon-driver-storage-disk-3.2.0-269",
"libvirt-daemon-driver-storage-iscsi-3.2.0-269",
"libvirt-daemon-driver-storage-logical-3.2.0-269",
"libvirt-daemon-driver-storage-mpath-3.2.0-269",
"libvirt-daemon-driver-storage-scsi-3.2.0-269",
"libvirt-daemon-kvm-3.2.0-269",
"libvirt-devel-3.2.0-269",
"libvirt-docs-3.2.0-269",
"libvirt-libs-3.2.0-269"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt");
}
Vendor | Product | Version | CPE |
---|---|---|---|
huawei | euleros | libvirt | p-cpe:/a:huawei:euleros:libvirt |
huawei | euleros | libvirt-admin | p-cpe:/a:huawei:euleros:libvirt-admin |
huawei | euleros | libvirt-client | p-cpe:/a:huawei:euleros:libvirt-client |
huawei | euleros | libvirt-daemon | p-cpe:/a:huawei:euleros:libvirt-daemon |
huawei | euleros | libvirt-daemon-config-network | p-cpe:/a:huawei:euleros:libvirt-daemon-config-network |
huawei | euleros | libvirt-daemon-config-nwfilter | p-cpe:/a:huawei:euleros:libvirt-daemon-config-nwfilter |
huawei | euleros | libvirt-daemon-driver-interface | p-cpe:/a:huawei:euleros:libvirt-daemon-driver-interface |
huawei | euleros | libvirt-daemon-driver-network | p-cpe:/a:huawei:euleros:libvirt-daemon-driver-network |
huawei | euleros | libvirt-daemon-driver-nodedev | p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nodedev |
huawei | euleros | libvirt-daemon-driver-nwfilter | p-cpe:/a:huawei:euleros:libvirt-daemon-driver-nwfilter |