EulerOS Virtualization 3.0.2.2 libxml2 security vulnerabilities descriptio
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
OpenVAS | Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1474) | 16 Apr 202000:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1208) | 13 Mar 202000:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-1798) | 23 Jan 202000:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-1858) | 23 Jan 202000:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2019-2013) | 23 Jan 202000:00 | – | openvas |
OpenVAS | openSUSE: Security Advisory for libxml2 (openSUSE-SU-2020:0781-1) | 9 Jun 202000:00 | – | openvas |
OpenVAS | Huawei EulerOS: Security Advisory for libxml2 (EulerOS-SA-2020-1117) | 24 Feb 202000:00 | – | openvas |
OpenVAS | Debian: Security Advisory (DLA-2048-1) | 29 Dec 201900:00 | – | openvas |
OpenVAS | SUSE: Security Advisory (SUSE-SU-2020:1532-2) | 9 Jun 202100:00 | – | openvas |
OpenVAS | Mageia: Security Advisory (MGASA-2020-0020) | 28 Jan 202200:00 | – | openvas |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(135636);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/15");
script_cve_id(
"CVE-2015-8806",
"CVE-2016-4483",
"CVE-2017-5969",
"CVE-2019-19956"
);
script_name(english:"EulerOS Virtualization 3.0.2.2 : libxml2 (EulerOS-SA-2020-1474)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security
updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the libxml2 packages installed, the
EulerOS Virtualization installation on the remote host is affected by
the following vulnerabilities :
- The xmlBufAttrSerializeTxtContent function in xmlsave.c
in libxml2 allows context-dependent attackers to cause
a denial of service (out-of-bounds read and application
crash) via a non-UTF-8 attribute value, related to
serialization. NOTE: this vulnerability may be a
duplicate of CVE-2016-3627.(CVE-2016-4483)
- xmlParseBalancedChunkMemoryRecover in parser.c in
libxml2 before 2.9.10 has a memory leak related to
newDoc->oldNs.(CVE-2019-19956)
- dict.c in libxml2 allows remote attackers to cause a
denial of service (heap-based buffer over-read and
application crash) via an unexpected character
immediately after the '<!DOCTYPE html' substring in a
crafted HTML document.(CVE-2015-8806)
- ** DISPUTED ** libxml2 2.9.4, when used in recover
mode, allows remote attackers to cause a denial of
service (NULL pointer dereference) via a crafted XML
document. NOTE: The maintainer states 'I would disagree
of a CVE with the Recover parsing option which should
only be used for manual recovery at least for XML
parser.'(CVE-2017-5969)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1474
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b6838193");
script_set_attribute(attribute:"solution", value:
"Update the affected libxml2 packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-19956");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2020/04/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libxml2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libxml2-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libxml2-python");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.2.2") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.2");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["libxml2-2.9.1-6.3.h22.eulerosv2r7",
"libxml2-devel-2.9.1-6.3.h22.eulerosv2r7",
"libxml2-python-2.9.1-6.3.h22.eulerosv2r7"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo