Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2020-1410.NASLHistoryApr 15, 2020 - 12:00 a.m.
EulerOS 2.0 SP3 : lynx (EulerOS-SA-2020-1410)
2020-04-1500:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.8 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.6%
According to the version of the lynx package installed, the EulerOS installation on the remote host is affected by the following vulnerability :
- Lynx is a text-based Web browser. Lynx does not display any images,but it does support frames, tables, and most other HTML tags. One advantage Lynx has over graphical browsers is speed Lynx starts and exits quickly and swiftly displays web pages.Security Fix(es):Lynx before 2.8.9dev.16 is vulnerable to a use after free in the HTML parser resulting in memory disclosure, because HTML_put_string() can append a chunk onto itself.(CVE-2017-1000211)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(135539);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/18");
script_cve_id("CVE-2017-1000211");
script_name(english:"EulerOS 2.0 SP3 : lynx (EulerOS-SA-2020-1410)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the lynx package installed, the EulerOS
installation on the remote host is affected by the following
vulnerability :
- Lynx is a text-based Web browser. Lynx does not display
any images,but it does support frames, tables, and most
other HTML tags. One advantage Lynx has over graphical
browsers is speed Lynx starts and exits quickly and
swiftly displays web pages.Security Fix(es):Lynx before
2.8.9dev.16 is vulnerable to a use after free in the
HTML parser resulting in memory disclosure, because
HTML_put_string() can append a chunk onto
itself.(CVE-2017-1000211)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1410
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f86d6dfa");
script_set_attribute(attribute:"solution", value:
"Update the affected lynx package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-1000211");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"patch_publication_date", value:"2020/04/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:lynx");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["lynx-2.8.8-0.3.dev15.h1"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "lynx");
}
Related
mageia
mageia
Updated lynx package fixes security vulnerability
2017-12-17 02:20:04
openvas
openvas
Huawei EulerOS: Security Advisory for lynx (EulerOS-SA-2020-1410)
2020-04-16 00:00:00
Mageia: Security Advisory (MGASA-2017-0451)
2022-01-28 00:00:00
Debian: Security Advisory (DLA-1175-1)
2023-03-08 00:00:00
fedora
fedora
[SECURITY] Fedora 26 Update: lynx-2.8.9-0.20.dev16.fc26
2017-12-26 16:32:39
redhatcve
redhatcve
CVE-2017-1000211
2017-12-06 06:27:25
ubuntucve
ubuntucve
CVE-2017-1000211
2017-11-17 00:00:00
cve
cve
CVE-2017-1000211
2017-11-17 15:29:00
nessus
nessus
openSUSE Security Update : lynx (openSUSE-2017-1332)
2017-12-14 00:00:00
Debian DLA-1175-1 : lynx-cur security update
2017-11-20 00:00:00
Fedora 26 : lynx (2017-bf172b2035)
2017-12-28 00:00:00
debiancve
debiancve
CVE-2017-1000211
2017-11-17 15:29:00
nvd
nvd
CVE-2017-1000211
2017-11-17 15:29:00
prion
prion
Design/Logic Flaw
2017-11-17 15:29:00
osv
osv
lynx-cur - security update
2017-11-18 00:00:00
CVE-2017-1000211
2017-11-17 15:29:00
lynx vulnerabilities
2021-03-15 21:24:24
cvelist
cvelist
CVE-2017-1000211
2017-11-17 15:00:00
debian
debian
[SECURITY] [DLA 1175-1] lynx-cur security update
2017-11-18 01:47:06
ubuntu
ubuntu
Lynx vulnerabilities
2021-03-15 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5.8 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
52.6%
Related for EULEROS_SA-2020-1410.NASL