Lucene search
K

EulerOS Virtualization for ARM 64 3.0.2.0 : python-pillow (EulerOS-SA-2020-1532)

🗓️ 01 May 2020 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 43 Views

EulerOS Virtualization for ARM 64 3.0.2.0 python-pillow vulnerabilitie

Related
Refs
Code
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(136235);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/13");

  script_cve_id(
    "CVE-2014-1932",
    "CVE-2014-1933",
    "CVE-2014-3007",
    "CVE-2014-3589",
    "CVE-2016-4009",
    "CVE-2019-16865",
    "CVE-2020-5312",
    "CVE-2020-5313"
  );
  script_bugtraq_id(
    65511,
    65513,
    67150,
    69352
  );

  script_name(english:"EulerOS Virtualization for ARM 64 3.0.2.0 : python-pillow (EulerOS-SA-2020-1532)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization for ARM 64 host is missing multiple security
updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the python-pillow package installed, the
EulerOS Virtualization for ARM 64 installation on the remote host is
affected by the following vulnerabilities :

  - Integer overflow in the ImagingResampleHorizontal
    function in libImaging/Resample.c in Pillow before
    3.1.1 allows remote attackers to have unspecified
    impact via negative values of the new size, which
    triggers a heap-based buffer overflow.(CVE-2016-4009)

  - An issue was discovered in urllib2 in Python 2.x
    through 2.7.17 and urllib in Python 3.x through 3.8.0.
    CRLF injection is possible if the attacker controls a
    url parameter, as demonstrated by the first argument to
    urllib.request.urlopen with \r\n (specifically in the
    host component of a URL) followed by an HTTP header.
    This is similar to the CVE-2019-9740 query string issue
    and the CVE-2019-9947 path string issue. (This is not
    exploitable when glibc has CVE-2016-10739
    fixed.)(CVE-2014-3589)

  - Python Image Library (PIL) 1.1.7 and earlier and Pillow
    2.3 might allow remote attackers to execute arbitrary
    commands via shell metacharacters in unspecified
    vectors related to CVE-2014-1932, possibly
    JpegImagePlugin.py.(CVE-2014-3007)

  - The documentation XML-RPC server in Python through
    2.7.16, 3.x through 3.6.9, and 3.7.x through 3.7.4 has
    XSS via the server_title field. This occurs in
    Lib/DocXMLRPCServer.py in Python 2.x, and in
    Lib/xmlrpc/server.py in Python 3.x. If set_server_title
    is called with untrusted input, arbitrary JavaScript
    can be delivered to clients that visit the http URL for
    this server.(CVE-2014-1933)

  - Directory traversal vulnerability in the (1) extract
    and (2) extractall functions in the tarfile module in
    Python allows user-assisted remote attackers to
    overwrite arbitrary files via a .. (dot dot) sequence
    in filenames in a TAR archive, a related issue to
    CVE-2001-1267.(CVE-2014-1932)

  - An issue was discovered in Pillow before 6.2.0. When
    reading specially crafted invalid image files, the
    library can either allocate very large amounts of
    memory or take an extremely long period of time to
    process the image.(CVE-2019-16865)

  - libImaging/FliDecode.c in Pillow before 6.2.2 has an
    FLI buffer overflow.(CVE-2020-5313)

  - libImaging/PcxDecode.c in Pillow before 6.2.2 has a PCX
    P mode buffer overflow.(CVE-2020-5312)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1532
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f1ea3d72");
  script_set_attribute(attribute:"solution", value:
"Update the affected python-pillow packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:U/RC:ND");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-4009");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-5312");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2020/04/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-pillow");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.2.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

flag = 0;

pkgs = ["python-pillow-2.0.0-19.h6.gitd1c6db8"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-pillow");
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation