Lucene search

K

EulerOS 2.0 SP5 : golang (EulerOS-SA-2019-2529)

EulerOS 2.0 SP5 golang vulnerabilitie

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: IBM API Connect is impacted by vulnerabilities in Golang (CVE-2019-17596 CVE-2019-16276)
27 Feb 202019:03
ibm
IBM Security Bulletins
Security Bulletin: A Security Vulnerability affects IBM Cloud Automation Manager - Go (CVE-2019-17596)
4 May 202017:09
ibm
IBM Security Bulletins
Security Bulletin: A Security Vulnerability affects IBM Cloud Private - Go (CVE-2019-17596)
14 Feb 202023:48
ibm
IBM Security Bulletins
Security Bulletin: IBM MQ certified container is vulnerable to a denial of service vulnerability in golang (CVE-2019-17596)
26 Feb 202016:07
ibm
IBM Security Bulletins
Security Bulletin: Go can panic upon an attempt to process network traffic on IBM Watson Machine Learning on CP4D
3 May 202115:14
ibm
IBM Security Bulletins
Security Bulletin: IBM Event Streams is affected by Go vulnerability CVE-2019-16276
11 Jun 202016:15
ibm
IBM Security Bulletins
Security Bulletin: Vulnerability in Go programming language affects IBM Spectrum Protect Server (CVE-2019-16276)
12 Jun 202022:03
ibm
IBM Security Bulletins
Security Bulletin: A Security Vulnerability affects IBM Cloud Private - Go (CVE-2019-16276)
9 Jun 202016:56
ibm
IBM Security Bulletins
Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go
29 Aug 202008:59
ibm
IBM Security Bulletins
Security Bulletin: Security vulnerabilities in Go affect IBM Cloud Pak for Multicloud Management Hybrid GRC.
4 Feb 202121:36
ibm
Rows per page
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(131803);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/05");

  script_cve_id("CVE-2019-16276", "CVE-2019-17596");
  script_xref(name:"IAVB", value:"2019-B-0085-S");

  script_name(english:"EulerOS 2.0 SP5 : golang (EulerOS-SA-2019-2529)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the golang packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - Go before 1.12.10 and 1.13.x before 1.13.1 allow HTTP
    Request Smuggling.(CVE-2019-16276)

  - Go before 1.12.11 and 1.3.x before 1.13.2 can panic
    upon an attempt to process network traffic containing
    an invalid DSA public key. There are several attack
    scenarios, such as traffic from a client to a server
    that verifies client certificates.(CVE-2019-17596)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2529
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9c8b3840");
  script_set_attribute(attribute:"solution", value:
"Update the affected golang packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-16276");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/12/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:golang");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:golang-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:golang-src");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["golang-1.12-6.eulerosv2r7",
        "golang-bin-1.12-6.eulerosv2r7",
        "golang-src-1.12-6.eulerosv2r7"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "golang");
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
09 Dec 2019 00:00Current
7.6High risk
Vulners AI Score7.6
CVSS37.5
EPSS0.007
23
.json
Report