EulerOS Virtualization 3.0.2.2 : gnupg2 (EulerOS-SA-2020-1489)

2020-04-16T00:00:00
ID EULEROS_SA-2020-1489.NASL
Type nessus
Reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
Modified 2020-04-16T00:00:00

Description

According to the versions of the gnupg2 package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  • The do_uncompress function in g10/compress.c in GnuPG 1.x before 1.4.17 and 2.x before 2.0.24 allows context-dependent attackers to cause a denial of service (infinite loop) via malformed compressed packets, as demonstrated by an a3 01 5b ff byte sequence.(CVE-2014-4617)

  • kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x before 2.0.27, and 2.1.x before 2.1.2 does not properly handle bitwise left-shifts, which allows remote attackers to cause a denial of service (invalid read operation) via a crafted keyring file, related to sign extensions and

                                        
                                            #
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(135651);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/24");

  script_cve_id(
    "CVE-2014-4617",
    "CVE-2015-1606",
    "CVE-2015-1607"
  );
  script_bugtraq_id(
    68156,
    72609,
    72610
  );

  script_name(english:"EulerOS Virtualization 3.0.2.2 : gnupg2 (EulerOS-SA-2020-1489)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security
updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the gnupg2 package installed, the
EulerOS Virtualization installation on the remote host is affected by
the following vulnerabilities :

  - The do_uncompress function in g10/compress.c in GnuPG
    1.x before 1.4.17 and 2.x before 2.0.24 allows
    context-dependent attackers to cause a denial of
    service (infinite loop) via malformed compressed
    packets, as demonstrated by an a3 01 5b ff byte
    sequence.(CVE-2014-4617)

  - kbx/keybox-search.c in GnuPG before 1.4.19, 2.0.x
    before 2.0.27, and 2.1.x before 2.1.2 does not properly
    handle bitwise left-shifts, which allows remote
    attackers to cause a denial of service (invalid read
    operation) via a crafted keyring file, related to sign
    extensions and 'memcpy with overlapping
    ranges.'(CVE-2015-1607)

  - The keyring DB in GnuPG before 2.1.2 does not properly
    handle invalid packets, which allows remote attackers
    to cause a denial of service (invalid read and
    use-after-free) via a crafted keyring
    file.(CVE-2015-1606)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1489
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?22e245b1");
  script_set_attribute(attribute:"solution", value:
"Update the affected gnupg2 packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"patch_publication_date", value:"2020/04/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gnupg2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.2.2") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.2");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["gnupg2-2.0.22-5.h2.eulerosv2r7"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnupg2");
}