Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2020-1553.NASL
HistoryMay 01, 2020 - 12:00 a.m.

EulerOS Virtualization for ARM 64 3.0.2.0 : perl-Data-Dumper (EulerOS-SA-2020-1553)

2020-05-0100:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9

7.4 High

AI Score

Confidence

High

JSON

According to the version of the perl-Data-Dumper package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :

  • The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.(CVE-2014-4330)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(136256);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/13");

  script_cve_id("CVE-2014-4330");
  script_bugtraq_id(70142);

  script_name(english:"EulerOS Virtualization for ARM 64 3.0.2.0 : perl-Data-Dumper (EulerOS-SA-2020-1553)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization for ARM 64 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the version of the perl-Data-Dumper package installed,
the EulerOS Virtualization for ARM 64 installation on the remote host
is affected by the following vulnerability :

  - The Dumper method in Data::Dumper before 2.154, as used
    in Perl 5.20.1 and earlier, allows context-dependent
    attackers to cause a denial of service (stack
    consumption and crash) via an Array-Reference with many
    nested Array-References, which triggers a large number
    of recursive calls to the DD_dump
    function.(CVE-2014-4330)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1553
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?02f4b6e9");
  script_set_attribute(attribute:"solution", value:
"Update the affected perl-Data-Dumper package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-4330");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2020/04/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perl-Data-Dumper");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.2.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

flag = 0;

pkgs = ["perl-Data-Dumper-2.145-3.h1"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_NOTE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-Data-Dumper");
}
VendorProductVersionCPE
huaweieulerosperl-data-dumperp-cpe:/a:huawei:euleros:perl-data-dumper
huaweieulerosuvpcpe:/o:huawei:euleros:uvp:3.0.2.0

Related

nessus 17
cvelist 1
prion 1
packetstorm 1
openvas 19
cve 1
zdt 1
fedora 2
mageia 3
securityvulns 3
ubuntucve 1
debiancve 1
ubuntu 1
cloudfoundry 1
rosalinux 1
nessus
nessus
Oracle Solaris Third-Party Patch Update : perl (cve_2014_4330_buffer_errors)
2015-01-19 00:00:00
Fedora 19 : perl-Data-Dumper-2.154-1.fc19 (2014-11428)
2014-10-09 00:00:00
Mandriva Linux Security Advisory : perl (MDVSA-2015:136)
2015-03-30 00:00:00
cvelist
cvelist
CVE-2014-4330
2014-09-30 16:00:00
prion
prion
Design/Logic Flaw
2014-09-30 16:55:00
packetstorm
packetstorm
Perl 5.20.1 Deep Recursion Stack Overflow
2014-09-25 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2014-0406)
2022-01-28 00:00:00
Huawei EulerOS: Security Advisory for perl (EulerOS-SA-2020-2229)
2020-10-21 00:00:00
Mageia: Security Advisory (MGASA-2014-0407)
2022-01-28 00:00:00
cve
cve
CVE-2014-4330
2014-09-30 16:55:06
zdt
zdt
Perl 5.20.1 Deep Recursion Stack Overflow Vulnerability
2014-09-25 00:00:00
fedora
fedora
[SECURITY] Fedora 19 Update: perl-Data-Dumper-2.154-1.fc19
2014-10-08 19:17:22
[SECURITY] Fedora 20 Update: perl-Data-Dumper-2.154-1.fc20
2014-09-29 04:06:01
mageia
mageia
Updated perl package fixes CVE-2014-4330
2014-10-09 18:06:16
Updated perl packages fix CVE-2014-4330
2014-10-09 18:06:16
Updated perl-Data-Dumper package fixes CVE-2014-4330
2014-10-09 18:06:16
securityvulns
securityvulns
Perl stack overflow
2014-09-29 00:00:00
LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow
2014-09-29 00:00:00
ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities
2015-02-02 00:00:00
ubuntucve
ubuntucve
CVE-2014-4330
2014-09-30 00:00:00
debiancve
debiancve
CVE-2014-4330
2014-09-30 16:55:06
ubuntu
ubuntu
Perl vulnerabilities
2016-03-02 00:00:00
cloudfoundry
cloudfoundry
USN-2916-1 Perl vulnerabilities | Cloud Foundry
2016-03-24 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1949
2021-07-02 17:41:47

7.4 High

AI Score

Confidence

High

JSON
Related for EULEROS_SA-2020-1553.NASL
nessus17cvelist1prion1packetstorm1openvas19cve1zdt1fedora2mageia3securityvulns3ubuntucve1debiancve1ubuntu1cloudfoundry1rosalinux1