Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2020-1118.NASL
HistoryFeb 24, 2020 - 12:00 a.m.

EulerOS 2.0 SP5 : ncurses (EulerOS-SA-2020-1118)

2020-02-2400:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9

7 High

AI Score

Confidence

High

JSON

According to the versions of the ncurses packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  • There is an illegal address access in the
    _nc_safe_strcat function in strings.c in ncurses 6.0 that will lead to a remote denial of service attack.(CVE-2017-13734)

  • There is an illegal address access in the _nc_save_str function in alloc_entry.c in ncurses 6.0. It will lead to a remote denial of service attack.(CVE-2017-13729)

  • There is an illegal address access in the fmt_entry function in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.(CVE-2017-13733)

  • There is an illegal address access in the function
    _nc_read_entry_source() in progs/tic.c in ncurses 6.0 that might lead to a remote denial of service attack.(CVE-2017-13730)

  • There is an illegal address access in the function dump_uses() in progs/dump_entry.c in ncurses 6.0 that might lead to a remote denial of service attack.(CVE-2017-13732)

  • There is an illegal address access in the function postprocess_termcap() in parse_entry.c in ncurses 6.0 that will lead to a remote denial of service attack.(CVE-2017-13731)

  • There is an infinite loop in the next_char function in comp_scan.c in ncurses 6.0, related to libtic. A crafted input will lead to a remote denial of service attack.(CVE-2017-13728)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(133919);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/26");

  script_cve_id(
    "CVE-2017-13728",
    "CVE-2017-13729",
    "CVE-2017-13730",
    "CVE-2017-13731",
    "CVE-2017-13732",
    "CVE-2017-13733",
    "CVE-2017-13734"
  );

  script_name(english:"EulerOS 2.0 SP5 : ncurses (EulerOS-SA-2020-1118)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the ncurses packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - There is an illegal address access in the
    _nc_safe_strcat function in strings.c in ncurses 6.0
    that will lead to a remote denial of service
    attack.(CVE-2017-13734)

  - There is an illegal address access in the _nc_save_str
    function in alloc_entry.c in ncurses 6.0. It will lead
    to a remote denial of service attack.(CVE-2017-13729)

  - There is an illegal address access in the fmt_entry
    function in progs/dump_entry.c in ncurses 6.0 that
    might lead to a remote denial of service
    attack.(CVE-2017-13733)

  - There is an illegal address access in the function
    _nc_read_entry_source() in progs/tic.c in ncurses 6.0
    that might lead to a remote denial of service
    attack.(CVE-2017-13730)

  - There is an illegal address access in the function
    dump_uses() in progs/dump_entry.c in ncurses 6.0 that
    might lead to a remote denial of service
    attack.(CVE-2017-13732)

  - There is an illegal address access in the function
    postprocess_termcap() in parse_entry.c in ncurses 6.0
    that will lead to a remote denial of service
    attack.(CVE-2017-13731)

  - There is an infinite loop in the next_char function in
    comp_scan.c in ncurses 6.0, related to libtic. A
    crafted input will lead to a remote denial of service
    attack.(CVE-2017-13728)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1118
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a04506c4");
  script_set_attribute(attribute:"solution", value:
"Update the affected ncurses packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-13734");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2017-13728");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2020/02/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/24");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ncurses");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ncurses-base");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ncurses-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ncurses-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ncurses-term");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["ncurses-5.9-14.20130511.h7.eulerosv2r7",
        "ncurses-base-5.9-14.20130511.h7.eulerosv2r7",
        "ncurses-devel-5.9-14.20130511.h7.eulerosv2r7",
        "ncurses-libs-5.9-14.20130511.h7.eulerosv2r7",
        "ncurses-term-5.9-14.20130511.h7.eulerosv2r7"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ncurses");
}
VendorProductVersionCPE
huaweieulerosncursesp-cpe:/a:huawei:euleros:ncurses
huaweieulerosncurses-basep-cpe:/a:huawei:euleros:ncurses-base
huaweieulerosncurses-develp-cpe:/a:huawei:euleros:ncurses-devel
huaweieulerosncurses-libsp-cpe:/a:huawei:euleros:ncurses-libs
huaweieulerosncurses-termp-cpe:/a:huawei:euleros:ncurses-term
huaweieuleros2.0cpe:/o:huawei:euleros:2.0

Related

openvas 5
nessus 14
freebsd 1
ibm 7
suse 1
ubuntu 1
osv 8
gentoo 1
mageia 1
cve 7
prion 7
debiancve 7
redhatcve 7
ubuntucve 7
alpinelinux 7
photon 1
openvas
openvas
Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2020-1528)
2020-04-30 00:00:00
Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2020-1118)
2020-02-24 00:00:00
Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2020-1732)
2020-07-03 00:00:00
nessus
nessus
SUSE SLED12 / SLES12 Security Update : ncurses (SUSE-SU-2018:0284-1)
2018-01-31 00:00:00
FreeBSD : ncurses -- multiple issues (b84dbd94-e894-4c91-b8cd-d328537b1b2b)
2017-10-12 00:00:00
EulerOS Virtualization for ARM 64 3.0.2.0 : ncurses (EulerOS-SA-2020-1528)
2020-05-01 00:00:00
freebsd
freebsd
ncurses -- multiple issues
2017-08-29 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in Ncurses affect IBM Chassis Management Module (CMM)
2019-01-31 02:40:01
Security Bulletin: Vulnerabilities in Ncurses affect IBM BladeCenter Advanced Management Module (AMM)
2023-04-14 14:32:25
Security Bulletin: Vulnerabilities in Ncurses affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems
2023-04-14 14:32:25
suse
suse
Security update for ncurses (important)
2017-12-01 18:16:43
ubuntu
ubuntu
ncurses vulnerabilities
2022-05-26 00:00:00
osv
osv
ncurses vulnerabilities
2022-05-26 17:17:13
CVE-2017-13733
2017-08-29 06:29:00
CVE-2017-13731
2017-08-29 06:29:00
gentoo
gentoo
ncurses: Multiple vulnerabilities
2018-04-17 00:00:00
mageia
mageia
Updated ncurses packages fix security vulnerabilities
2018-01-01 04:17:34
cve
cve
CVE-2017-13733
2017-08-29 06:29:00
CVE-2017-13731
2017-08-29 06:29:00
CVE-2017-13729
2017-08-29 06:29:00
prion
prion
Design/Logic Flaw
2017-08-29 06:29:00
Design/Logic Flaw
2017-08-29 06:29:00
Design/Logic Flaw
2017-08-29 06:29:00
debiancve
debiancve
CVE-2017-13731
2017-08-29 06:29:00
CVE-2017-13728
2017-08-29 06:29:00
CVE-2017-13733
2017-08-29 06:29:00
redhatcve
redhatcve
CVE-2017-13732
2017-09-06 13:19:21
CVE-2017-13731
2017-09-06 13:19:09
CVE-2017-13733
2017-09-06 13:19:33
ubuntucve
ubuntucve
CVE-2017-13731
2017-08-29 00:00:00
CVE-2017-13733
2017-08-29 00:00:00
CVE-2017-13730
2017-08-29 00:00:00
alpinelinux
alpinelinux
CVE-2017-13731
2017-08-29 06:29:00
CVE-2017-13730
2017-08-29 06:29:00
CVE-2017-13733
2017-08-29 06:29:00
photon
photon
Critical Photon OS Security Update - PHSA-2017-0078
2017-10-19 00:00:00

7 High

AI Score

Confidence

High

JSON
Related for EULEROS_SA-2020-1118.NASL
openvas5nessus14freebsd1ibm7suse1ubuntu1osv8gentoo1mageia1cve7prion7debiancve7redhatcve7ubuntucve7alpinelinux7photon1