Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2019-2602.NASLHistoryDec 18, 2019 - 12:00 a.m.
EulerOS 2.0 SP3 : less (EulerOS-SA-2019-2602)
2019-12-1800:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
6.7 Medium
AI Score
Confidence
Low
According to the version of the less package installed, the EulerOS installation on the remote host is affected by the following vulnerability :
- The is_utf8_well_formed function in GNU less before 475 allows remote attackers to have unspecified impact via malformed UTF-8 characters, which triggers an out-of-bounds read.(CVE-2014-9488)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(132137);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/04");
script_cve_id("CVE-2014-9488");
script_bugtraq_id(74159);
script_name(english:"EulerOS 2.0 SP3 : less (EulerOS-SA-2019-2602)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the less package installed, the EulerOS
installation on the remote host is affected by the following
vulnerability :
- The is_utf8_well_formed function in GNU less before 475
allows remote attackers to have unspecified impact via
malformed UTF-8 characters, which triggers an
out-of-bounds read.(CVE-2014-9488)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2602
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5bc69ae6");
script_set_attribute(attribute:"solution", value:
"Update the affected less package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-9488");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"patch_publication_date", value:"2019/12/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/18");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:less");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["less-458-9.h1"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "less");
}
Related
openvas
openvas
Fedora Update for less FEDORA-2015-9357
2015-07-07 00:00:00
Huawei EulerOS: Security Advisory for less (EulerOS-SA-2019-2475)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for less (EulerOS-SA-2020-1238)
2020-03-13 00:00:00
debiancve
debiancve
CVE-2014-9488
2015-04-14 18:59:00
nessus
nessus
SUSE SLES12 Security Update : less (SUSE-SU-2020:2687-1)
2020-12-09 00:00:00
openSUSE Security Update : less (openSUSE-2015-260)
2015-03-26 00:00:00
EulerOS 2.0 SP5 : less (EulerOS-SA-2019-2164)
2019-11-12 00:00:00
fedora
fedora
[SECURITY] Fedora 22 Update: less-471-4.fc22
2015-06-05 23:40:53
[SECURITY] Fedora 21 Update: less-471-4.fc21
2015-06-10 19:06:45
cvelist
cvelist
CVE-2014-9488
2015-04-14 18:00:00
mageia
mageia
Updated less packages fix CVE-2014-9488
2015-04-10 01:44:14
cve
cve
CVE-2014-9488
2015-04-14 18:59:00
prion
prion
Out-of-bounds
2015-04-14 18:59:00
securityvulns
securityvulns
less uninitialized memory reference
2015-04-17 00:00:00
[ MDVSA-2015:199 ] less
2015-04-17 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1861
2021-07-02 17:08:28
ubuntucve
ubuntucve
CVE-2014-9488
2015-04-14 00:00:00