Lucene search

K

EulerOS 2.0 SP8 : glib2 (EulerOS-SA-2019-2077)

EulerOS 2.0 SP8 glib2 vulnerabilitie

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
Debian CVE
CVE-2019-13012
28 Jun 201915:15
debiancve
Debian CVE
CVE-2019-12450
29 May 201917:29
debiancve
CVE
CVE-2019-13012
28 Jun 201915:15
cve
CVE
CVE-2019-12450
29 May 201917:29
cve
RedhatCVE
CVE-2019-13012
10 Jul 201910:51
redhatcve
RedhatCVE
CVE-2019-12450
29 Dec 201921:44
redhatcve
Tenable Nessus
EulerOS Virtualization for ARM 64 3.0.2.0 : glib2 (EulerOS-SA-2019-1927)
17 Sep 201900:00
nessus
Tenable Nessus
EulerOS 2.0 SP3 : glib2 (EulerOS-SA-2020-1387)
15 Apr 202000:00
nessus
Tenable Nessus
EulerOS 2.0 SP5 : glib2 (EulerOS-SA-2019-1894)
16 Sep 201900:00
nessus
Tenable Nessus
NewStart CGSL MAIN 6.02 : glib2 Multiple Vulnerabilities (NS-SA-2022-0053)
10 May 202200:00
nessus
Rows per page
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(129436);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/22");

  script_cve_id("CVE-2019-12450", "CVE-2019-13012");

  script_name(english:"EulerOS 2.0 SP8 : glib2 (EulerOS-SA-2019-2077)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the glib2 packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - file_copy_fallback in gio/gfile.c in GNOME GLib 2.15.0
    through 2.61.1 does not properly restrict file
    permissions while a copy operation is in progress.
    Instead, default permissions are used.(CVE-2019-12450)

  - The keyfile settings backend in GNOME GLib (aka
    glib2.0) before 2.60.0 creates directories using
    g_file_make_directory_with_parents (kfsb-i1/4zdir, NULL,
    NULL) and files using g_file_replace_contents
    (kfsb-i1/4zfile, contents, length, NULL, FALSE,
    G_FILE_CREATE_REPLACE_DESTINATION, NULL, NULL, NULL).
    Consequently, it does not properly restrict directory
    (and file) permissions. Instead, for directories, 0777
    permissions are used for files, default file
    permissions are used.(CVE-2019-13012)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2077
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a0243b2f");
  script_set_attribute(attribute:"solution", value:
"Update the affected glib2 packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-12450");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/09/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glib2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glib2-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glib2-fam");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glib2-tests");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

flag = 0;

pkgs = ["glib2-2.58.1-1.h2.eulerosv2r8",
        "glib2-devel-2.58.1-1.h2.eulerosv2r8",
        "glib2-fam-2.58.1-1.h2.eulerosv2r8",
        "glib2-tests-2.58.1-1.h2.eulerosv2r8"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glib2");
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
30 Sep 2019 00:00Current
8.0High risk
Vulners AI Score8.0
CVSS27.5
CVSS39.8
EPSS0.014
23
.json
Report