Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2020-1219.NASL
HistoryMar 13, 2020 - 12:00 a.m.

EulerOS Virtualization for ARM 64 3.0.2.0 : pcre (EulerOS-SA-2020-1219)

2020-03-1300:00:00
This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
JSON

According to the version of the pcre packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :

  • pcregrep in PCRE before 8.38 mishandles the -q option for binary files, which might allow remote attackers to obtain sensitive information via a crafted file, as demonstrated by a CGI script that sends stdout data to a client.(CVE-2015-8393)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(134508);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/03/23");

  script_cve_id("CVE-2015-8393");

  script_name(english:"EulerOS Virtualization for ARM 64 3.0.2.0 : pcre (EulerOS-SA-2020-1219)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization for ARM 64 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the version of the pcre packages installed, the EulerOS
Virtualization for ARM 64 installation on the remote host is affected
by the following vulnerability :

  - pcregrep in PCRE before 8.38 mishandles the -q option
    for binary files, which might allow remote attackers to
    obtain sensitive information via a crafted file, as
    demonstrated by a CGI script that sends stdout data to
    a client.(CVE-2015-8393)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1219
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?17288835");
  script_set_attribute(attribute:"solution", value:
"Update the affected pcre package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-8393");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"patch_publication_date", value:"2020/03/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:pcre");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:pcre-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.2.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

flag = 0;

pkgs = ["pcre-8.32-17.h10",
        "pcre-devel-8.32-17.h10"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "pcre");
}
VendorProductVersionCPE
huaweieulerospcrep-cpe:/a:huawei:euleros:pcre
huaweieulerospcre-develp-cpe:/a:huawei:euleros:pcre-devel
huaweieulerosuvpcpe:/o:huawei:euleros:uvp:3.0.2.0

Related

openvas 10
debiancve 1
f5 2
nessus 20
ubuntucve 1
prion 1
cve 1
fedora 3
freebsd 1
ibm 10
symantec 1
openwrt 1
rosalinux 1
gentoo 1
ubuntu 1
suse 2
openvas
openvas
Huawei EulerOS: Security Advisory for pcre (EulerOS-SA-2019-2486)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for pcre (EulerOS-SA-2020-1219)
2020-03-13 00:00:00
Huawei EulerOS: Security Advisory for pcre (EulerOS-SA-2020-1485)
2020-04-16 00:00:00
debiancve
debiancve
CVE-2015-8393
2015-12-02 01:59:00
f5
f5
K05428062 : pcregrep in PCRE vulnerability CVE-2015-8393
2016-02-08 00:00:00
SOL05428062 - pcregrep in PCRE vulnerability CVE-2015-8393
2016-02-08 00:00:00
nessus
nessus
EulerOS 2.0 SP2 : pcre (EulerOS-SA-2019-2486)
2019-12-04 00:00:00
EulerOS Virtualization 3.0.2.2 : pcre (EulerOS-SA-2020-1485)
2020-04-16 00:00:00
EulerOS 2.0 SP5 : pcre (EulerOS-SA-2019-2180)
2019-11-08 00:00:00
ubuntucve
ubuntucve
CVE-2015-8393
2015-12-01 00:00:00
prion
prion
Design/Logic Flaw
2015-12-02 01:59:00
cve
cve
CVE-2015-8393
2015-12-02 01:59:00
fedora
fedora
[SECURITY] Fedora 22 Update: pcre-8.38-1.fc22
2016-01-04 19:59:47
[SECURITY] Fedora 22 Update: mingw-pcre-8.38-1.fc22
2016-02-17 04:25:54
[SECURITY] Fedora 23 Update: mingw-pcre-8.38-1.fc23
2016-02-17 04:01:55
freebsd
freebsd
php -- multiple vulnerabilities
2016-02-04 00:00:00
ibm
ibm
Security Bulletin: IBM® Db2® is affected by multiple vulnerabilities in the consumed PCRE library.
2023-12-20 20:15:48
Security Bulletin: Multiple vulnerabilities Perl Compatible Regular Expression (PCRE) libraries - IBM Aspera Shares Application
2019-07-10 10:10:01
Security Bulletin: Multiple vulnerabilities with the open source Perl Compatible Regular Expression (PCRE) libraries used in IBM Aspera Shares Application
2018-06-15 07:08:32
symantec
symantec
SA128 : Multiple PCRE Vulnerabilities
2016-07-07 08:00:00
openwrt
openwrt
pcre: Security update (18 CVEs)
2016-01-28 12:40:02
rosalinux
rosalinux
Advisory ROSA-SA-2021-1947
2021-07-02 17:40:57
gentoo
gentoo
libpcre: Multiple Vulnerabilities
2016-07-09 00:00:00
ubuntu
ubuntu
PCRE vulnerabilities
2016-03-29 00:00:00
suse
suse
Security update for SLES 12 Docker image (important)
2017-10-11 03:06:53
Security update for SLES 12-SP1 Docker image (important)
2017-10-11 03:07:32
JSON
Related for EULEROS_SA-2020-1219.NASL
openvas10debiancve1f52nessus20ubuntucve1prion1cve1fedora3freebsd1ibm10symantec1openwrt1rosalinux1gentoo1ubuntu1suse2