Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2020-1336.NASLHistoryApr 02, 2020 - 12:00 a.m.
EulerOS Virtualization for ARM 64 3.0.6.0 : cyrus-sasl (EulerOS-SA-2020-1336)
2020-04-0200:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
7.7 High
AI Score
Confidence
High
According to the version of the cyrus-sasl packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :
- In GNU patch through 2.7.6, the following of symlinks is mishandled in certain cases other than input files.
This affects inp.c and util.c.(CVE-2019-19906)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(135123);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/20");
script_cve_id("CVE-2019-19906");
script_name(english:"EulerOS Virtualization for ARM 64 3.0.6.0 : cyrus-sasl (EulerOS-SA-2020-1336)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization for ARM 64 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the cyrus-sasl packages installed, the
EulerOS Virtualization for ARM 64 installation on the remote host is
affected by the following vulnerability :
- In GNU patch through 2.7.6, the following of symlinks
is mishandled in certain cases other than input files.
This affects inp.c and util.c.(CVE-2019-19906)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1336
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e9d1b33b");
script_set_attribute(attribute:"solution", value:
"Update the affected cyrus-sasl package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19906");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2020/04/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/02");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-gssapi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-lib");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-md5");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cyrus-sasl-plain");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.6.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.6.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.6.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
flag = 0;
pkgs = ["cyrus-sasl-2.1.27-0.3rc7.h2.eulerosv2r8",
"cyrus-sasl-gssapi-2.1.27-0.3rc7.h2.eulerosv2r8",
"cyrus-sasl-lib-2.1.27-0.3rc7.h2.eulerosv2r8",
"cyrus-sasl-md5-2.1.27-0.3rc7.h2.eulerosv2r8",
"cyrus-sasl-plain-2.1.27-0.3rc7.h2.eulerosv2r8"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cyrus-sasl");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| huawei | euleros | cyrus-sasl | p-cpe:/a:huawei:euleros:cyrus-sasl |
| huawei | euleros | cyrus-sasl-gssapi | p-cpe:/a:huawei:euleros:cyrus-sasl-gssapi |
| huawei | euleros | cyrus-sasl-lib | p-cpe:/a:huawei:euleros:cyrus-sasl-lib |
| huawei | euleros | cyrus-sasl-md5 | p-cpe:/a:huawei:euleros:cyrus-sasl-md5 |
| huawei | euleros | cyrus-sasl-plain | p-cpe:/a:huawei:euleros:cyrus-sasl-plain |
| huawei | euleros | uvp | cpe:/o:huawei:euleros:uvp:3.0.6.0 |
Related
openvas
openvas
Debian Security Advisory DSA 4591-1 (cyrus-sasl2 - security update)
2019-12-21 00:00:00
Fedora: Security Advisory for cyrus-sasl (FEDORA-2020-bf829f9a84)
2020-04-05 00:00:00
Debian LTS: Security Advisory for cyrus-sasl2 (DLA-2044-1)
2019-12-21 00:00:00
prion
prion
Out-of-bounds
2019-12-19 18:15:00
nessus
nessus
SUSE SLES11 Security Update : cyrus-sasl (SUSE-SU-2020:14579-1)
2021-06-10 00:00:00
Photon OS 1.0: Cyrus PHSA-2020-1.0-0283
2020-03-11 00:00:00
Debian DLA-2044-1 : cyrus-sasl2 security update
2019-12-23 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: cyrus-sasl-2.1.27-3.fc31
2020-04-04 03:22:19
[SECURITY] Fedora 32 Update: cyrus-sasl-2.1.27-4.fc32
2020-04-01 16:34:38
veracode
veracode
Denial Of Service (DoS)
2020-11-05 03:18:22
oraclelinux
oraclelinux
cyrus-sasl security, bug fix, and enhancement update
2020-11-10 00:00:00
osv
osv
CVE-2019-19906
2019-12-19 18:15:12
cyrus-sasl2 - security update
2019-12-20 00:00:00
Moderate: cyrus-sasl security, bug fix, and enhancement update
2020-11-03 12:10:00
mageia
mageia
Updated cyrus-sasl packages fix security vulnerability
2020-01-05 18:37:51
ibm
ibm
debian
debian
[SECURITY] [DLA 2044-1] cyrus-sasl2 security update
2019-12-20 14:38:49
[SECURITY] [DSA 4591-1] cyrus-sasl2 security update
2019-12-20 21:10:08
[SECURITY] [DSA 4591-1] cyrus-sasl2 security update
2019-12-20 21:10:08
redhatcve
redhatcve
CVE-2019-19906
2020-01-16 16:05:01
cve
cve
CVE-2019-19906
2019-12-19 18:15:00
rocky
rocky
cyrus-sasl security, bug fix, and enhancement update
2020-11-03 12:10:00
freebsd
freebsd
cyrus-sasl -- Fix off by one error
2019-12-19 00:00:00
cbl_mariner
cbl_mariner
CVE-2019-19906 affecting package cyrus-sasl 2.1.27-10
2022-04-09 06:51:52
CVE-2019-19906 affecting package cyrus-sasl 2.1.27-4
2020-09-09 06:09:11
alpinelinux
alpinelinux
CVE-2019-19906
2019-12-19 18:15:00
debiancve
debiancve
CVE-2019-19906
2019-12-19 18:15:00
ubuntu
ubuntu
Cyrus SASL vulnerability
2020-01-28 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2020-0077
2020-04-07 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2020-2.0-0216
2020-03-07 00:00:00
Important Photon OS Security Update - PHSA-2020-3.0-0077
2020-04-06 00:00:00
ubuntucve
ubuntucve
CVE-2019-19906
2019-12-19 00:00:00
cloudfoundry
cloudfoundry
USN-4256-1: Cyrus SASL vulnerability | Cloud Foundry
2020-02-12 00:00:00
almalinux
almalinux
Moderate: cyrus-sasl security, bug fix, and enhancement update
2020-11-03 12:10:00
redhat
redhat
(RHSA-2021:0146) Moderate: Release of OpenShift Serverless 1.12.0
2021-01-14 13:24:22
(RHSA-2020:5149) Moderate: Release of OpenShift Serverless 1.11.0
2020-11-18 13:59:56
slackware
slackware
[slackware-security] cyrus-sasl
2022-02-25 00:10:10
apple
apple
About the security content of iOS 13.6 and iPadOS 13.6
2020-07-15 00:00:00
About the security content of iOS 13.6 and iPadOS 13.6 - Apple Support
2020-12-15 05:18:44
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00