Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2019-2638.NASLHistoryDec 18, 2019 - 12:00 a.m.
EulerOS 2.0 SP3 : OpenEXR (EulerOS-SA-2019-2638)
2019-12-1800:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
8.3 High
AI Score
Confidence
High
According to the versions of the OpenEXR package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
-
In OpenEXR 2.2.0, an invalid read of size 2 in the hufDecode function in ImfHuf.cpp could cause the application to crash.(CVE-2017-9110)
-
In OpenEXR 2.2.0, an invalid write of size 1 in the bufferedReadPixels function in ImfInputFile.cpp could cause the application to crash or execute arbitrary code.(CVE-2017-9113)
-
In OpenEXR 2.2.0, an invalid write of size 2 in the = operator function in half.h could cause the application to crash or execute arbitrary code.(CVE-2017-9115)
-
In OpenEXR 2.2.0, an invalid write of size 8 in the storeSSE function in ImfOptimizedPixelReading.h could cause the application to crash or execute arbitrary code.(CVE-2017-9111)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(132173);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/03");
script_cve_id(
"CVE-2017-9110",
"CVE-2017-9111",
"CVE-2017-9113",
"CVE-2017-9115"
);
script_name(english:"EulerOS 2.0 SP3 : OpenEXR (EulerOS-SA-2019-2638)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the OpenEXR package installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- In OpenEXR 2.2.0, an invalid read of size 2 in the
hufDecode function in ImfHuf.cpp could cause the
application to crash.(CVE-2017-9110)
- In OpenEXR 2.2.0, an invalid write of size 1 in the
bufferedReadPixels function in ImfInputFile.cpp could
cause the application to crash or execute arbitrary
code.(CVE-2017-9113)
- In OpenEXR 2.2.0, an invalid write of size 2 in the =
operator function in half.h could cause the application
to crash or execute arbitrary code.(CVE-2017-9115)
- In OpenEXR 2.2.0, an invalid write of size 8 in the
storeSSE function in ImfOptimizedPixelReading.h could
cause the application to crash or execute arbitrary
code.(CVE-2017-9111)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2638
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7eb5db2f");
script_set_attribute(attribute:"solution", value:
"Update the affected OpenEXR packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-9115");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"patch_publication_date", value:"2019/12/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/18");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:OpenEXR-libs");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["OpenEXR-libs-1.7.1-7.h2"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "OpenEXR");
}
Related
openvas
openvas
Huawei EulerOS: Security Advisory for OpenEXR (EulerOS-SA-2019-2638)
2020-01-23 00:00:00
openSUSE: Security Advisory for openexr (openSUSE-SU-2019:1826-1)
2020-01-09 00:00:00
SUSE: Security Advisory (SUSE-SU-2019:1963-1)
2021-06-09 00:00:00
nessus
nessus
SUSE SLED15 / SLES15 Security Update : openexr (SUSE-SU-2019:1963-1)
2019-07-25 00:00:00
openSUSE Security Update : openexr (openSUSE-2019-1826)
2019-08-12 00:00:00
openSUSE Security Update : openexr (openSUSE-2019-1816)
2019-08-12 00:00:00
suse
suse
Security update for openexr (moderate)
2019-08-01 00:00:00
Security update for openexr (moderate)
2019-07-30 00:00:00
slackware
slackware
[slackware-security] openexr
2017-10-01 20:31:10
freebsd
freebsd
fedora
fedora
[SECURITY] Fedora 26 Update: mingw-OpenEXR-2.2.0-6.fc26
2018-02-27 16:58:12
[SECURITY] Fedora 27 Update: mingw-OpenEXR-2.2.0-7.fc27
2018-02-27 17:28:13
ubuntu
ubuntu
OpenEXR vulnerabilities
2019-10-07 00:00:00
OpenEXR vulnerabilities
2020-04-27 00:00:00
cloudfoundry
cloudfoundry
USN-4148-1: OpenEXR vulnerabilities | Cloud Foundry
2019-11-06 00:00:00
USN-4339-1: OpenEXR vulnerabilities | Cloud Foundry
2020-05-14 00:00:00
osv
osv
veracode
veracode
Denial Of Service (DoS)
2020-12-06 03:19:57
Arbitrary Code Execution
2020-12-06 03:19:57
Denial Of Service (DoS)
2020-12-06 03:19:54
redhatcve
redhatcve
ubuntucve
ubuntucve
alpinelinux
alpinelinux
prion
prion
debiancve
debiancve
cve
cve
debian
debian
[SECURITY] [DLA 2358-1] openexr security update
2020-08-30 19:36:28
[SECURITY] [DSA 4755-1] openexr security update
2020-08-29 17:36:17
[SECURITY] [DLA 1083-1] openexr security update
2017-08-31 22:29:49
mageia
mageia
Updated OpenEXR packages fix security vulnerability
2018-01-03 17:22:14