According to the versions of the OpenEXR package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(136862);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/08");
script_cve_id(
"CVE-2017-12596",
"CVE-2017-14988",
"CVE-2017-9110",
"CVE-2017-9111",
"CVE-2017-9112",
"CVE-2017-9113",
"CVE-2017-9114",
"CVE-2017-9115",
"CVE-2017-9116"
);
script_name(english:"EulerOS 2.0 SP8 : OpenEXR (EulerOS-SA-2020-1584)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the OpenEXR package installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- OpenEXR is a high dynamic-range (HDR) image file format
developed by Industrial Light & Magic for use in
computer imaging applications. This package contains
libraries and sample applications for handling the
format.Security Fix(es):In OpenEXR 2.2.0, an invalid
write of size 2 in the = operator function in half.h
could cause the application to crash or execute
arbitrary code.(CVE-2017-9115)In OpenEXR 2.2.0, an
invalid write of size 8 in the storeSSE function in
ImfOptimizedPixelReading.h could cause the application
to crash or execute arbitrary code.(CVE-2017-9111)In
OpenEXR 2.2.0, a crafted image causes a heap-based
buffer over-read in the hufDecode function in
IlmImf/ImfHuf.cpp during exrmaketiled execution it may
result in denial of service or possibly unspecified
other impact.(CVE-2017-12596)In OpenEXR 2.2.0, an
invalid write of size 1 in the bufferedReadPixels
function in ImfInputFile.cpp could cause the
application to crash or execute arbitrary
code.(CVE-2017-9113)In OpenEXR 2.2.0, an invalid read
of size 1 in the uncompress function in ImfZip.cpp
could cause the application to crash.(CVE-2017-9116)In
OpenEXR 2.2.0, an invalid read of size 1 in the refill
function in ImfFastHuf.cpp could cause the application
to crash.(CVE-2017-9114)In OpenEXR 2.2.0, an invalid
read of size 1 in the getBits function in ImfHuf.cpp
could cause the application to crash.(CVE-2017-9112)In
OpenEXR 2.2.0, an invalid read of size 2 in the
hufDecode function in ImfHuf.cpp could cause the
application to crash.(CVE-2017-9110)Header::readfrom in
IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote
attackers to cause a denial of service (excessive
memory allocation) via a crafted file that is accessed
with the ImfOpenInputFile function in
IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and
multiple third parties believe that this vulnerability
isn't valid.(CVE-2017-14988)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1584
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?78467a42");
script_set_attribute(attribute:"solution", value:
"Update the affected OpenEXR packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-9115");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2020/05/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/26");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:OpenEXR-libs");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
flag = 0;
pkgs = ["OpenEXR-libs-2.2.0-15.h1.eulerosv2r8"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "OpenEXR");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12596
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14988
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9110
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9111
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9112
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9113
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9114
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9115
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9116
www.nessus.org/u?78467a42