EulerOS 2.0 SP3 : policycoreutils (EulerOS-SA-2020-1423)

2020-04-1500:00:00

www.tenable.com

3.3 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:P/A:N

4.4 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

0.0004 Low

EPSS

Percentile

12.6%

JSON

According to the version of the policycoreutils packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

Context relabeling of filesystems is vulnerable to symbolic link attack, allowing a local, unprivileged malicious entity to change the SELinux context of an arbitrary file to a context with few restrictions. This only happens when the relabeling process is done, usually when taking SELinux state from disabled to enable (permissive or enforcing). The issue was found in policycoreutils 2.5-11.(CVE-2018-1063)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(135552);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/13");

  script_cve_id("CVE-2018-1063");

  script_name(english:"EulerOS 2.0 SP3 : policycoreutils (EulerOS-SA-2020-1423)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the version of the policycoreutils packages installed,
the EulerOS installation on the remote host is affected by the
following vulnerability :

  - Context relabeling of filesystems is vulnerable to
    symbolic link attack, allowing a local, unprivileged
    malicious entity to change the SELinux context of an
    arbitrary file to a context with few restrictions. This
    only happens when the relabeling process is done,
    usually when taking SELinux state from disabled to
    enable (permissive or enforcing). The issue was found
    in policycoreutils 2.5-11.(CVE-2018-1063)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1423
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4ceaf82f");
  script_set_attribute(attribute:"solution", value:
"Update the affected policycoreutils package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1063");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"patch_publication_date", value:"2020/04/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:policycoreutils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:policycoreutils-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:policycoreutils-gui");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:policycoreutils-newrole");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:policycoreutils-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:policycoreutils-sandbox");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["policycoreutils-2.5-11.h1",
        "policycoreutils-devel-2.5-11.h1",
        "policycoreutils-gui-2.5-11.h1",
        "policycoreutils-newrole-2.5-11.h1",
        "policycoreutils-python-2.5-11.h1",
        "policycoreutils-sandbox-2.5-11.h1"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_NOTE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "policycoreutils");
}

VendorProductVersionCPE
huaweieulerospolicycoreutilsp-cpe:/a:huawei:euleros:policycoreutils
huaweieulerospolicycoreutils-develp-cpe:/a:huawei:euleros:policycoreutils-devel
huaweieulerospolicycoreutils-guip-cpe:/a:huawei:euleros:policycoreutils-gui
huaweieulerospolicycoreutils-newrolep-cpe:/a:huawei:euleros:policycoreutils-newrole
huaweieulerospolicycoreutils-pythonp-cpe:/a:huawei:euleros:policycoreutils-python
huaweieulerospolicycoreutils-sandboxp-cpe:/a:huawei:euleros:policycoreutils-sandbox
huaweieuleros2.0cpe:/o:huawei:euleros:2.0

Vendor	Product	Version	CPE
huawei	euleros	policycoreutils	p-cpe:/a:huawei:euleros:policycoreutils
huawei	euleros	policycoreutils-devel	p-cpe:/a:huawei:euleros:policycoreutils-devel
huawei	euleros	policycoreutils-gui	p-cpe:/a:huawei:euleros:policycoreutils-gui
huawei	euleros	policycoreutils-newrole	p-cpe:/a:huawei:euleros:policycoreutils-newrole
huawei	euleros	policycoreutils-python	p-cpe:/a:huawei:euleros:policycoreutils-python
huawei	euleros	policycoreutils-sandbox	p-cpe:/a:huawei:euleros:policycoreutils-sandbox
huawei	euleros	2.0	cpe:/o:huawei:euleros:2.0