Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2020-1029.NASLHistoryJan 02, 2020 - 12:00 a.m.
EulerOS 2.0 SP8 : qemu (EulerOS-SA-2020-1029)
2020-01-0200:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19
7.7 High
AI Score
Confidence
Low
According to the version of the qemu packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :
- In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.(CVE-2018-20815)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(132622);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/01");
script_cve_id("CVE-2018-20815");
script_name(english:"EulerOS 2.0 SP8 : qemu (EulerOS-SA-2020-1029)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the qemu packages installed, the EulerOS
installation on the remote host is affected by the following
vulnerability :
- In QEMU 3.1.0, load_device_tree in device_tree.c calls
the deprecated load_image function, which has a buffer
overflow risk.(CVE-2018-20815)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1029
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cd8b815a");
script_set_attribute(attribute:"solution", value:
"Update the affected qemu package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-20815");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"patch_publication_date", value:"2020/01/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/02");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qemu-audio-alsa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qemu-audio-oss");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qemu-audio-pa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qemu-audio-sdl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qemu-block-curl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qemu-block-dmg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qemu-block-gluster");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qemu-block-iscsi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qemu-block-nfs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qemu-block-rbd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qemu-block-ssh");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qemu-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qemu-img");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qemu-kvm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qemu-system-aarch64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qemu-system-aarch64-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qemu-ui-curses");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qemu-ui-gtk");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qemu-ui-sdl");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
flag = 0;
pkgs = ["qemu-audio-alsa-3.0.1-3.h4.eulerosv2r8",
"qemu-audio-oss-3.0.1-3.h4.eulerosv2r8",
"qemu-audio-pa-3.0.1-3.h4.eulerosv2r8",
"qemu-audio-sdl-3.0.1-3.h4.eulerosv2r8",
"qemu-block-curl-3.0.1-3.h4.eulerosv2r8",
"qemu-block-dmg-3.0.1-3.h4.eulerosv2r8",
"qemu-block-gluster-3.0.1-3.h4.eulerosv2r8",
"qemu-block-iscsi-3.0.1-3.h4.eulerosv2r8",
"qemu-block-nfs-3.0.1-3.h4.eulerosv2r8",
"qemu-block-rbd-3.0.1-3.h4.eulerosv2r8",
"qemu-block-ssh-3.0.1-3.h4.eulerosv2r8",
"qemu-common-3.0.1-3.h4.eulerosv2r8",
"qemu-img-3.0.1-3.h4.eulerosv2r8",
"qemu-kvm-3.0.1-3.h4.eulerosv2r8",
"qemu-system-aarch64-3.0.1-3.h4.eulerosv2r8",
"qemu-system-aarch64-core-3.0.1-3.h4.eulerosv2r8",
"qemu-ui-curses-3.0.1-3.h4.eulerosv2r8",
"qemu-ui-gtk-3.0.1-3.h4.eulerosv2r8",
"qemu-ui-sdl-3.0.1-3.h4.eulerosv2r8"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| huawei | euleros | qemu-audio-alsa | p-cpe:/a:huawei:euleros:qemu-audio-alsa |
| huawei | euleros | qemu-audio-oss | p-cpe:/a:huawei:euleros:qemu-audio-oss |
| huawei | euleros | qemu-audio-pa | p-cpe:/a:huawei:euleros:qemu-audio-pa |
| huawei | euleros | qemu-audio-sdl | p-cpe:/a:huawei:euleros:qemu-audio-sdl |
| huawei | euleros | qemu-block-curl | p-cpe:/a:huawei:euleros:qemu-block-curl |
| huawei | euleros | qemu-block-dmg | p-cpe:/a:huawei:euleros:qemu-block-dmg |
| huawei | euleros | qemu-block-gluster | p-cpe:/a:huawei:euleros:qemu-block-gluster |
| huawei | euleros | qemu-block-iscsi | p-cpe:/a:huawei:euleros:qemu-block-iscsi |
| huawei | euleros | qemu-block-nfs | p-cpe:/a:huawei:euleros:qemu-block-nfs |
| huawei | euleros | qemu-block-rbd | p-cpe:/a:huawei:euleros:qemu-block-rbd |
Related
cve
cve
CVE-2018-20815
2019-05-31 22:29:00
redhat
redhat
(RHSA-2019:1743) Important: qemu-kvm-rhev security update
2019-07-10 12:09:28
(RHSA-2019:1881) Important: qemu-kvm-ma security and bug fix update
2019-07-29 12:48:27
(RHSA-2019:1723) Important: qemu-kvm-rhev security update
2019-07-09 20:41:09
redhatcve
redhatcve
CVE-2018-20815
2019-10-10 05:41:46
openvas
openvas
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2020-1029)
2020-01-23 00:00:00
Debian Security Advisory DSA 4506-1 (qemu - security update)
2019-08-27 00:00:00
Debian LTS: Security Advisory for qemu (DLA-1781-1)
2019-05-10 00:00:00
prion
prion
Buffer overflow
2019-05-31 22:29:00
debiancve
debiancve
CVE-2018-20815
2019-05-31 22:29:00
veracode
veracode
Buffer Overflow
2019-07-08 00:07:31
ubuntucve
ubuntucve
CVE-2018-20815
2018-12-31 00:00:00
nessus
nessus
RHEL 7 : qemu-kvm-ma (RHSA-2019:1881)
2019-08-12 00:00:00
GLSA-201904-25 : QEMU: Multiple vulnerabilities
2019-04-25 00:00:00
Scientific Linux Security Update : qemu-kvm on SL7.x x86_64 (20190729)
2019-08-12 00:00:00
osv
osv
CVE-2018-20815
2019-05-31 22:29:00
qemu - security update
2019-08-24 00:00:00
qemu - security update
2019-05-09 00:00:00
gentoo
gentoo
QEMU: Multiple vulnerabilities
2019-04-24 00:00:00
debian
debian
[SECURITY] [DSA 4506-1] qemu security update
2019-08-24 09:55:59
[SECURITY] [DLA 1781-1] qemu security update
2019-05-09 18:42:13
oraclelinux
oraclelinux
qemu security update
2019-05-14 00:00:00
virt:rhel security update
2019-07-30 00:00:00
qemu security update
2019-05-14 00:00:00
amazon
amazon
Important: qemu
2019-07-18 17:45:00
suse
suse
Security update for qemu (important)
2019-04-25 00:00:00
Security update for xen (important)
2019-05-20 00:00:00
Security update for qemu (important)
2019-05-17 00:00:00
ubuntu
ubuntu
QEMU update
2019-05-14 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: qemu-3.1.0-9.fc30
2019-07-09 00:56:39
[SECURITY] Fedora 29 Update: qemu-3.0.1-4.fc29
2019-07-09 02:25:09