Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2020-1123.NASLHistoryFeb 24, 2020 - 12:00 a.m.
EulerOS 2.0 SP5 : perl-Data-Dumper (EulerOS-SA-2020-1123)
2020-02-2400:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
7.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
47.4%
According to the version of the perl-Data-Dumper package installed, the EulerOS installation on the remote host is affected by the following vulnerability :
- The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.(CVE-2014-4330)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(133924);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/26");
script_cve_id("CVE-2014-4330");
script_bugtraq_id(70142);
script_name(english:"EulerOS 2.0 SP5 : perl-Data-Dumper (EulerOS-SA-2020-1123)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the perl-Data-Dumper package installed,
the EulerOS installation on the remote host is affected by the
following vulnerability :
- The Dumper method in Data::Dumper before 2.154, as used
in Perl 5.20.1 and earlier, allows context-dependent
attackers to cause a denial of service (stack
consumption and crash) via an Array-Reference with many
nested Array-References, which triggers a large number
of recursive calls to the DD_dump
function.(CVE-2014-4330)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1123
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8e038052");
script_set_attribute(attribute:"solution", value:
"Update the affected perl-Data-Dumper package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-4330");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2020/02/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/24");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perl-Data-Dumper");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["perl-Data-Dumper-2.145-3.h1.eulerosv2r7"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-Data-Dumper");
}
Related
cve
cve
CVE-2014-4330
2014-09-30 16:55:06
nessus
nessus
Oracle Solaris Third-Party Patch Update : perl (cve_2014_4330_buffer_errors)
2015-01-19 00:00:00
SuSE 11.3 Security Update : perl (SAT Patch Number 9858)
2014-10-24 00:00:00
Mandriva Linux Security Advisory : perl (MDVSA-2015:136)
2015-03-30 00:00:00
packetstorm
packetstorm
Perl 5.20.1 Deep Recursion Stack Overflow
2014-09-25 00:00:00
prion
prion
Design/Logic Flaw
2014-09-30 16:55:00
openvas
openvas
Huawei EulerOS: Security Advisory for perl (EulerOS-SA-2020-2229)
2020-10-21 00:00:00
Mageia: Security Advisory (MGASA-2014-0406)
2022-01-28 00:00:00
Fedora Update for perl-Data-Dumper FEDORA-2014-11428
2014-10-09 00:00:00
cvelist
cvelist
CVE-2014-4330
2014-09-30 16:00:00
debiancve
debiancve
CVE-2014-4330
2014-09-30 16:55:06
mageia
mageia
Updated perl-Data-Dumper package fixes CVE-2014-4330
2014-10-09 18:06:16
Updated perl package fixes CVE-2014-4330
2014-10-09 18:06:16
Updated perl packages fix CVE-2014-4330
2014-10-09 18:06:16
securityvulns
securityvulns
LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow
2014-09-29 00:00:00
Perl stack overflow
2014-09-29 00:00:00
ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities
2015-02-02 00:00:00
nvd
nvd
CVE-2014-4330
2014-09-30 16:55:06
ubuntucve
ubuntucve
CVE-2014-4330
2014-09-30 00:00:00
zdt
zdt
Perl 5.20.1 Deep Recursion Stack Overflow Vulnerability
2014-09-25 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: perl-Data-Dumper-2.154-1.fc20
2014-09-29 04:06:01
[SECURITY] Fedora 19 Update: perl-Data-Dumper-2.154-1.fc19
2014-10-08 19:17:22
cloudfoundry
cloudfoundry
USN-2916-1 Perl vulnerabilities | Cloud Foundry
2016-03-24 00:00:00
ubuntu
ubuntu
Perl vulnerabilities
2016-03-02 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1949
2021-07-02 17:41:47
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:N/A:P
7.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
47.4%
Related for EULEROS_SA-2020-1123.NASL