CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
90.2%
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(132605);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/01");
script_cve_id(
"CVE-2017-13693",
"CVE-2017-13694",
"CVE-2019-10220",
"CVE-2019-11191",
"CVE-2019-14901",
"CVE-2019-15291",
"CVE-2019-16229",
"CVE-2019-16231",
"CVE-2019-16232",
"CVE-2019-18660",
"CVE-2019-18675",
"CVE-2019-18683",
"CVE-2019-18786",
"CVE-2019-18808",
"CVE-2019-18814",
"CVE-2019-18885",
"CVE-2019-19045",
"CVE-2019-19046",
"CVE-2019-19049",
"CVE-2019-19051",
"CVE-2019-19052",
"CVE-2019-19054",
"CVE-2019-19056",
"CVE-2019-19057",
"CVE-2019-19058",
"CVE-2019-19059",
"CVE-2019-19060",
"CVE-2019-19061",
"CVE-2019-19063",
"CVE-2019-19065",
"CVE-2019-19066",
"CVE-2019-19067",
"CVE-2019-19068",
"CVE-2019-19070",
"CVE-2019-19071",
"CVE-2019-19072",
"CVE-2019-19073",
"CVE-2019-19074",
"CVE-2019-19075",
"CVE-2019-19077",
"CVE-2019-19078",
"CVE-2019-19079",
"CVE-2019-19080",
"CVE-2019-19081",
"CVE-2019-19082",
"CVE-2019-19083",
"CVE-2019-19227",
"CVE-2019-19252",
"CVE-2019-19523",
"CVE-2019-19524",
"CVE-2019-19525",
"CVE-2019-19526",
"CVE-2019-19527",
"CVE-2019-19528",
"CVE-2019-19529",
"CVE-2019-19530",
"CVE-2019-19531",
"CVE-2019-19532",
"CVE-2019-19533",
"CVE-2019-19534",
"CVE-2019-19535",
"CVE-2019-19536",
"CVE-2019-19537",
"CVE-2019-19767"
);
script_name(english:"EulerOS 2.0 SP8 : kernel (EulerOS-SA-2020-1012)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- The kernel package contains the Linux kernel (vmlinuz),
the core of any Linux operating system. The kernel
handles the basic functions of the operating system:
memory allocation, process allocation, device input and
output, etc.Security Fix(es):** DISPUTED ** A memory
leak in the __ipmi_bmc_register() function in
drivers/char/ipmi/ipmi_msghandler.c in the Linux kernel
through 5.3.11 allows attackers to cause a denial of
service (memory consumption) by triggering
ida_simple_get() failure, aka CID-4aa7afb0ee20. NOTE:
third parties dispute the relevance of this because an
attacker cannot realistically control this failure at
probe time.(CVE-2019-19046)A memory leak in the
bfad_im_get_stats() function in
drivers/scsi/bfa/bfad_attr.c in the Linux kernel
through 5.3.11 allows attackers to cause a denial of
service (memory consumption) by triggering
bfa_port_get_stats() failures, aka
CID-0e62395da2bd.(CVE-2019-19066)A memory leak in the
adis_update_scan_mode_burst() function in
drivers/iio/imu/adis_buffer.c in the Linux kernel
before 5.3.9 allows attackers to cause a denial of
service (memory consumption), aka
CID-9c0530e898f3.(CVE-2019-19061)In the Linux kernel
before 5.3.12, there is a use-after-free bug that can
be caused by a malicious USB device in the
drivers/input/ff-memless.c driver, aka
CID-fa3a5a1880c9.(CVE-2019-19524)The Linux kernel
through 5.0.7, when CONFIG_IA32_AOUT is enabled and
ia32_aout is loaded, allows local users to bypass ASLR
on setuid a.out programs (if any exist) because
install_exec_creds() is called too late in
load_aout_binary() in fs/binfmt_aout.c, and thus the
ptrace_may_access() check has a race condition when
reading /proc/pid/stat. NOTE: the software maintainer
disputes that this is a vulnerability because ASLR for
a.out format executables has never been
supported.(CVE-2019-11191)In the Linux kernel before
5.2.10, there is a use-after-free bug that can be
caused by a malicious USB device in the
drivers/hid/usbhid/hiddev.c driver, aka
CID-9c09b214f30e.(CVE-2019-19527)In the Linux kernel
before 5.3.9, there are multiple out-of-bounds write
bugs that can be caused by a malicious USB device in
the Linux kernel HID drivers, aka CID-d9d4b1e46d95.
This affects drivers/hid/hid-axff.c,
drivers/hid/hid-dr.c, drivers/hid/hid-emsff.c,
drivers/hid/hid-gaff.c, drivers/hid/hid-holtekff.c,
drivers/hid/hid-lg2ff.c, drivers/hid/hid-lg3ff.c,
drivers/hid/hid-lg4ff.c, drivers/hid/hid-lgff.c,
drivers/hid/hid-logitech-hidpp.c,
drivers/hid/hid-microsoft.c, drivers/hid/hid-sony.c,
drivers/hid/hid-tmff.c, and
drivers/hid/hid-zpff.c.(CVE-2019-19532)The
acpi_ps_complete_final_op() function in
drivers/acpi/acpica/psobject.c in the Linux kernel
through 4.12.9 does not flush the node and node_ext
caches and causes a kernel stack dump, which allows
local users to obtain sensitive information from kernel
memory and bypass the KASLR protection mechanism (in
the kernel through 4.9) via a crafted ACPI
table.(CVE-2017-13694)The acpi_ds_create_operands()
function in drivers/acpi/acpica/dsutils.c in the Linux
kernel through 4.12.9 does not flush the operand cache
and causes a kernel stack dump, which allows local
users to obtain sensitive information from kernel
memory and bypass the KASLR protection mechanism (in
the kernel through 4.9) via a crafted ACPI
table.(CVE-2017-13693)The Linux kernel before 5.4.1 on
powerpc allows Information Exposure because the
Spectre-RSB mitigation is not in place for all
applicable CPUs, aka CID-39e72bf96f58. This is related
to arch/powerpc/kernel/entry_64.S and
arch/powerpc/kernel/security.c.(CVE-2019-18660)In the
Linux kernel through 5.3.8, f->fmt.sdr.reserved is
uninitialized in rcar_drif_g_fmt_sdr_cap in
drivers/media/platform/rcar_drif.c, which could cause a
memory disclosure problem.(CVE-2019-18786)An issue was
discovered in drivers/media/platform/vivid in the Linux
kernel through 5.3.8. It is exploitable for privilege
escalation on some Linux distributions where local
users have /dev/video0 access, but only if the driver
happens to be loaded. There are multiple race
conditions during streaming stopping in this driver
(part of the V4L2 subsystem). These issues are caused
by wrong mutex locking in
vivid_stop_generating_vid_cap(),
vivid_stop_generating_vid_out(),
sdr_cap_stop_streaming(), and the corresponding
kthreads. At least one of these race conditions leads
to a use-after-free.(CVE-2019-18683)A memory leak in
the cx23888_ir_probe() function in
drivers/media/pci/cx23885/cx23888-ir.c in the Linux
kernel through 5.3.11 allows attackers to cause a
denial of service (memory consumption) by triggering
kfifo_alloc() failures, aka
CID-a7b2df76b42b.(CVE-2019-19054)A memory leak in the
mlx5_fpga_conn_create_cq() function in drivers
et/ethernet/mellanox/mlx5/core/fpga/conn.c in the Linux
kernel before 5.3.11 allows attackers to cause a denial
of service (memory consumption) by triggering
mlx5_vector2eqn() failures, aka
CID-c8c2a057fdc7.(CVE-2019-19045)A memory leak in the
i2400m_op_rfkill_sw_toggle() function in drivers
et/wimax/i2400m/op-rfkill.c in the Linux kernel before
5.3.11 allows attackers to cause a denial of service
(memory consumption), aka
CID-6f3ef5c25cc7.(CVE-2019-19051)A memory leak in the
alloc_sgtable() function in drivers
et/wireless/intel/iwlwifi/fw/dbg.c in the Linux kernel
through 5.3.11 allows attackers to cause a denial of
service (memory consumption) by triggering alloc_page()
failures, aka CID-b4b814fec1a5.(CVE-2019-19058)Multiple
memory leaks in the iwl_pcie_ctxt_info_gen3_init()
function in drivers
et/wireless/intel/iwlwifi/pcie/ctxt-info-gen3.c in the
Linux kernel through 5.3.11 allow attackers to cause a
denial of service (memory consumption) by triggering
iwl_pcie_init_fw_sec() or dma_alloc_coherent()
failures, aka CID-0f4f199443fa.(CVE-2019-19059)A memory
leak in the unittest_data_add() function in
drivers/of/unittest.c in the Linux kernel before 5.3.10
allows attackers to cause a denial of service (memory
consumption) by triggering of_fdt_unflatten_tree()
failures, aka CID-e13de8fe0d6a. NOTE: third parties
dispute the relevance of this because unittest.c can
only be reached during boot.(CVE-2019-19049)A memory
leak in the spi_gpio_probe() function in
drivers/spi/spi-gpio.c in the Linux kernel through
5.3.11 allows attackers to cause a denial of service
(memory consumption) by triggering
devm_add_action_or_reset() failures, aka
CID-d3b0ffa1d75d. NOTE: third parties dispute the
relevance of this because the system must have already
been out of memory before the probe
began.(CVE-2019-19070)A memory leak in the sdma_init()
function in drivers/infiniband/hw/hfi1/sdma.c in the
Linux kernel before 5.3.9 allows attackers to cause a
denial of service (memory consumption) by triggering
rhashtable_init() failures, aka
CID-34b3be18a04e.(CVE-2019-19065)** DISPUTED ** Four
memory leaks in the acp_hw_init() function in
drivers/gpu/drm/amd/amdgpu/amdgpu_acp.c in the Linux
kernel before 5.3.8 allow attackers to cause a denial
of service (memory consumption) by triggering
mfd_add_hotplug_devices() or pm_genpd_add_device()
failures, aka CID-57be09c6e874. NOTE: third parties
dispute the relevance of this because the attacker must
already have privileges for module
loading.(CVE-2019-19067)A memory leak in the
rtl8xxxu_submit_int_urb() function in drivers
et/wireless/realtek/rtl8xxxu/rtl8xxxu_core.c in the
Linux kernel through 5.3.11 allows attackers to cause a
denial of service (memory consumption) by triggering
usb_submit_urb() failures, aka
CID-a2cdd07488e6.(CVE-2019-19068)A memory leak in the
rsi_send_beacon() function in drivers
et/wireless/rsi/rsi_91x_mgmt.c in the Linux kernel
through 5.3.11 allows attackers to cause a denial of
service (memory consumption) by triggering
rsi_prepare_beacon() failures, aka
CID-d563131ef23c.(CVE-2019-19071)A memory leak in the
ca8210_probe() function in drivers
et/ieee802154/ca8210.c in the Linux kernel before 5.3.8
allows attackers to cause a denial of service (memory
consumption) by triggering ca8210_get_platform_data()
failures, aka CID-6402939ec86e.(CVE-2019-19075)A memory
leak in the bnxt_re_create_srq() function in
drivers/infiniband/hw/bnxt_re/ib_verbs.c in the Linux
kernel through 5.3.11 allows attackers to cause a
denial of service (memory consumption) by triggering
copy to udata failures, aka
CID-4a9d46a9fe14.(CVE-2019-19077)A memory leak in the
ath10k_usb_hif_tx_sg() function in drivers
et/wireless/ath/ath10k/usb.c in the Linux kernel
through 5.3.11 allows attackers to cause a denial of
service (memory consumption) by triggering
usb_submit_urb() failures, aka
CID-b8d17e7d93d2.(CVE-2019-19078)A memory leak in the
qrtr_tun_write_iter() function in net/qrtr/tun.c in the
Linux kernel before 5.3 allows attackers to cause a
denial of service (memory consumption), aka
CID-a21b7f0cff19.(CVE-2019-19079)Four memory leaks in
the nfp_flower_spawn_phy_reprs() function in drivers
et/ethernet etronome fp/flower/main.c in the Linux
kernel before 5.3.4 allow attackers to cause a denial
of service (memory consumption), aka
CID-8572cea1461a.(CVE-2019-19080)A memory leak in the
nfp_flower_spawn_vnic_reprs() function in drivers
et/ethernet etronome fp/flower/main.c in the Linux
kernel before 5.3.4 allows attackers to cause a denial
of service (memory consumption), aka
CID-8ce39eb5a67a.(CVE-2019-19081)Memory leaks in
*create_resource_pool() functions under
drivers/gpu/drm/amd/display/dc in the Linux kernel
through 5.3.11 allow attackers to cause a denial of
service (memory consumption). This affects the
dce120_create_resource_pool() function in
drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c
, the dce110_create_resource_pool() function in
drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c
, the dce100_create_resource_pool() function in
drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c
, the dcn10_create_resource_pool() function in
drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c,
and the dce112_create_resource_pool() function in
drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c
, aka CID-104c307147ad.(CVE-2019-19082)Memory leaks in
*clock_source_create() functions under
drivers/gpu/drm/amd/display/dc in the Linux kernel
before 5.3.8 allow attackers to cause a denial of
service (memory consumption). This affects the
dce112_clock_source_create() function in
drivers/gpu/drm/amd/display/dc/dce112/dce112_resource.c
, the dce100_clock_source_create() function in
drivers/gpu/drm/amd/display/dc/dce100/dce100_resource.c
, the dcn10_clock_source_create() function in
drivers/gpu/drm/amd/display/dc/dcn10/dcn10_resource.c,
the dcn20_clock_source_create() function in
drivers/gpu/drm/amd/display/dc/dcn20/dcn20_resource.c,
the dce120_clock_source_create() function in
drivers/gpu/drm/amd/display/dc/dce120/dce120_resource.c
, the dce110_clock_source_create() function in
drivers/gpu/drm/amd/display/dc/dce110/dce110_resource.c
, and the dce80_clock_source_create() function in
drivers/gpu/drm/amd/display/dc/dce80/dce80_resource.c,
aka CID-055e547478a1.(CVE-2019-19083)In the Linux
kernel before 5.2.9, there is an info-leak bug that can
be caused by a malicious USB device in the drivers
et/can/usb/peak_usb/pcan_usb_fd.c driver, aka
CID-30a8beeb3042.(CVE-2019-19535)fs/btrfs/volumes.c in
the Linux kernel before 5.1 allows a
btrfs_verify_dev_extents NULL pointer dereference via a
crafted btrfs image because fs_devices->devices is
mishandled within find_device, aka
CID-09ba3bc9dd15.(CVE-2019-18885)In the Linux kernel
before 5.2.9, there is an info-leak bug that can be
caused by a malicious USB device in the drivers
et/can/usb/peak_usb/pcan_usb_pro.c driver, aka
CID-ead16e53c2f0.(CVE-2019-19536)In the Linux kernel
before 5.3.6, there is a use-after-free bug that can be
caused by a malicious USB device in the drivers
et/ieee802154/atusb.c driver, aka
CID-7fd25e6fc035.(CVE-2019-19525)In the Linux kernel
before 5.3.9, there is a use-after-free bug that can be
caused by a malicious USB device in the drivers
fc/pn533/usb.c driver, aka
CID-6af3aa57a098.(CVE-2019-19526)In the Linux kernel
before 5.3.11, there is a use-after-free bug that can
be caused by a malicious USB device in the drivers
et/can/usb/mcba_usb.c driver, aka
CID-4d6636498c41.(CVE-2019-19529)A memory leak in the
adis_update_scan_mode() function in
drivers/iio/imu/adis_buffer.c in the Linux kernel
before 5.3.9 allows attackers to cause a denial of
service (memory consumption), aka
CID-ab612b1daf41.(CVE-2019-19060)In the Linux kernel
before 5.3.11, there is an info-leak bug that can be
caused by a malicious USB device in the drivers
et/can/usb/peak_usb/pcan_usb_core.c driver, aka
CID-f7a1337f0d29.(CVE-2019-19534)A memory leak in the
ccp_run_sha_cmd() function in
drivers/crypto/ccp/ccp-ops.c in the Linux kernel
through 5.3.9 allows attackers to cause a denial of
service (memory consumption), aka
CID-128c66429247.(CVE-2019-18808)drivers
et/wireless/marvell/libertas/if_sdio.c in the Linux
kernel 5.2.14 does not check the alloc_workqueue return
value, leading to a NULL pointer
dereference.(CVE-2019-16232)drivers et/fjes/fjes_main.c
in the Linux kernel 5.2.14 does not check the
alloc_workqueue return value, leading to a NULL pointer
dereference.(CVE-2019-16231)** DISPUTED **
drivers/gpu/drm/amd/amdkfd/kfd_interrupt.c in the Linux
kernel 5.2.14 does not check the alloc_workqueue return
value, leading to a NULL pointer dereference. NOTE: The
security community disputes this issues as not being
serious enough to be deserving a CVE
id.(CVE-2019-16229)Linux kernel CIFS implementation,
version 4.9.0 is vulnerable to a relative paths
injection in directory entry
lists.(CVE-2019-10220)Memory leaks in drivers
et/wireless/ath/ath9k/htc_hst.c in the Linux kernel
through 5.3.11 allow attackers to cause a denial of
service (memory consumption) by triggering
wait_for_completion_timeout() failures. This affects
the htc_config_pipe_credits() function, the
htc_setup_complete() function, and the
htc_connect_service() function, aka
CID-853acf7caf10.(CVE-2019-19073)Two memory leaks in
the mwifiex_pcie_init_evt_ring() function in drivers
et/wireless/marvell/mwifiex/pcie.c in the Linux kernel
through 5.3.11 allow attackers to cause a denial of
service (memory consumption) by triggering
mwifiex_map_pci_memory() failures, aka
CID-d10dcb615c8e.(CVE-2019-19057)A memory leak in the
gs_can_open() function in drivers et/can/usb/gs_usb.c
in the Linux kernel before 5.3.11 allows attackers to
cause a denial of service (memory consumption) by
triggering usb_submit_urb() failures, aka
CID-fb5be6a7b486.(CVE-2019-19052)A memory leak in the
mwifiex_pcie_alloc_cmdrsp_buf() function in drivers
et/wireless/marvell/mwifiex/pcie.c in the Linux kernel
through 5.3.11 allows attackers to cause a denial of
service (memory consumption) by triggering
mwifiex_map_pci_memory() failures, aka
CID-db8fd2cde932.(CVE-2019-19056)A memory leak in the
ath9k_wmi_cmd() function in drivers
et/wireless/ath/ath9k/wmi.c in the Linux kernel through
5.3.11 allows attackers to cause a denial of service
(memory consumption), aka
CID-728c1e2a05e4.(CVE-2019-19074)Two memory leaks in
the rtl_usb_probe() function in drivers
et/wireless/realtek/rtlwifi/usb.c in the Linux kernel
through 5.3.11 allow attackers to cause a denial of
service (memory consumption), aka
CID-3f9361695113.(CVE-2019-19063)An issue was
discovered in the Linux kernel through 5.3.9. There is
a use-after-free when aa_label_parse() fails in
aa_audit_rule_init() in
security/apparmor/audit.c.(CVE-2019-18814)A memory leak
in the predicate_parse() function in
kernel/trace/trace_events_filter.c in the Linux kernel
through 5.3.11 allows attackers to cause a denial of
service (memory consumption), aka
CID-96c5c6e6a5b6.(CVE-2019-19072)In the Linux kernel
before 5.3.7, there is a use-after-free bug that can be
caused by a malicious USB device in the
drivers/usb/misc/adutux.c driver, aka
CID-44efc269db79.(CVE-2019-19523)In the Linux kernel
before 5.3.7, there is a use-after-free bug that can be
caused by a malicious USB device in the
drivers/usb/misc/iowarrior.c driver, aka
CID-edc4746f253d.(CVE-2019-19528)In the Linux kernel
before 5.2.10, there is a use-after-free bug that can
be caused by a malicious USB device in the
drivers/usb/class/cdc-acm.c driver, aka
CID-c52873e5a1ef.(CVE-2019-19530)In the Linux kernel
before 5.3.4, there is an info-leak bug that can be
caused by a malicious USB device in the
drivers/media/usb/ttusb-dec/ttusb_dec.c driver, aka
CID-a10feaf8c464.(CVE-2019-19533)In the Linux kernel
before 5.2.10, there is a race condition bug that can
be caused by a malicious USB device in the USB
character device driver layer, aka CID-303911cfc5b9.
This affects drivers/usb/core/file.c.(CVE-2019-19537)In
the Linux kernel before 5.2.9, there is a
use-after-free bug that can be caused by a malicious
USB device in the drivers/usb/misc/yurex.c driver, aka
CID-fc05481b2fca.(CVE-2019-19531)The Linux kernel
through 5.3.13 has a start_offset+size Integer Overflow
in cpia2_remap_buffer in
drivers/media/usb/cpia2/cpia2_core.c because cpia2 has
its own mmap implementation. This allows local users
(with /dev/video0 access) to obtain read and write
permissions on kernel physical pages, which can
possibly result in a privilege
escalation.(CVE-2019-18675)In the AppleTalk subsystem
in the Linux kernel before 5.1, there is a potential
NULL pointer dereference because register_snap_client
may return NULL. This will lead to denial of service in
net/appletalk/aarp.c and net/appletalk/ddp.c, as
demonstrated by unregister_snap_client, aka
CID-9804501fa122.(CVE-2019-19227)vcs_write in
drivers/tty/vt/vc_screen.c in the Linux kernel through
5.3.13 does not prevent write access to vcsu devices,
aka CID-0c9acb1af77a.(CVE-2019-19252)The Linux kernel
before 5.4.2 mishandles ext4_expand_extra_isize, as
demonstrated by use-after-free errors in
__ext4_expand_extra_isize and ext4_xattr_set_entry,
related to fs/ext4/inode.c and fs/ext4/super.c, aka
CID-4ea99936a163.(CVE-2019-19767)A heap overflow flaw
was found in the Linux kernel, all versions 3.x.x and
4.x.x before 4.18.0, in Marvell WiFi chip driver. The
vulnerability allows a remote attacker to cause a
system crash, resulting in a denial of service, or
execute arbitrary code. The highest threat with this
vulnerability is with the availability of the system.
If code execution occurs, the code will run with the
permissions of root. This will affect both
confidentiality and integrity of files on the
system.(CVE-2019-14901)An issue was discovered in the
Linux kernel through 5.2.9. There is a NULL pointer
dereference caused by a malicious USB device in the
flexcop_usb_probe function in the
drivers/media/usb/b2c2/flexcop-usb.c
driver.(CVE-2019-15291)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1012
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f83f4799");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14901");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2019-18814");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2020/01/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/02");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:bpftool");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-source");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-perf");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
flag = 0;
pkgs = ["bpftool-4.19.36-vhulk1907.1.0.h619.eulerosv2r8",
"kernel-4.19.36-vhulk1907.1.0.h619.eulerosv2r8",
"kernel-devel-4.19.36-vhulk1907.1.0.h619.eulerosv2r8",
"kernel-headers-4.19.36-vhulk1907.1.0.h619.eulerosv2r8",
"kernel-source-4.19.36-vhulk1907.1.0.h619.eulerosv2r8",
"kernel-tools-4.19.36-vhulk1907.1.0.h619.eulerosv2r8",
"kernel-tools-libs-4.19.36-vhulk1907.1.0.h619.eulerosv2r8",
"perf-4.19.36-vhulk1907.1.0.h619.eulerosv2r8",
"python-perf-4.19.36-vhulk1907.1.0.h619.eulerosv2r8",
"python3-perf-4.19.36-vhulk1907.1.0.h619.eulerosv2r8"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13693
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-13694
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10220
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-11191
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14901
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15291
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16229
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16231
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-16232
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18660
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18675
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18683
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18786
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18808
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18814
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-18885
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19045
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19046
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19049
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19051
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19052
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19054
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19056
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19057
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19058
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19059
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19060
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19061
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19063
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19065
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19066
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19067
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19068
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19070
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19071
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19072
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19073
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19074
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19075
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19077
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19078
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19079
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19080
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19081
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19082
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19083
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19227
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19252
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19523
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19524
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19525
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19526
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19527
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19528
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19529
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19530
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19531
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19532
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19533
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19534
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19535
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19536
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19537
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19767
www.nessus.org/u?f83f4799
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
90.2%