EulerOS 2.0 SP8 : OpenEXR (EulerOS-SA-2020-1584)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(136862);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/08");

  script_cve_id(
    "CVE-2017-12596",
    "CVE-2017-14988",
    "CVE-2017-9110",
    "CVE-2017-9111",
    "CVE-2017-9112",
    "CVE-2017-9113",
    "CVE-2017-9114",
    "CVE-2017-9115",
    "CVE-2017-9116"
  );

  script_name(english:"EulerOS 2.0 SP8 : OpenEXR (EulerOS-SA-2020-1584)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the OpenEXR package installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - OpenEXR is a high dynamic-range (HDR) image file format
    developed by Industrial Light & Magic for use in
    computer imaging applications. This package contains
    libraries and sample applications for handling the
    format.Security Fix(es):In OpenEXR 2.2.0, an invalid
    write of size 2 in the = operator function in half.h
    could cause the application to crash or execute
    arbitrary code.(CVE-2017-9115)In OpenEXR 2.2.0, an
    invalid write of size 8 in the storeSSE function in
    ImfOptimizedPixelReading.h could cause the application
    to crash or execute arbitrary code.(CVE-2017-9111)In
    OpenEXR 2.2.0, a crafted image causes a heap-based
    buffer over-read in the hufDecode function in
    IlmImf/ImfHuf.cpp during exrmaketiled execution it may
    result in denial of service or possibly unspecified
    other impact.(CVE-2017-12596)In OpenEXR 2.2.0, an
    invalid write of size 1 in the bufferedReadPixels
    function in ImfInputFile.cpp could cause the
    application to crash or execute arbitrary
    code.(CVE-2017-9113)In OpenEXR 2.2.0, an invalid read
    of size 1 in the uncompress function in ImfZip.cpp
    could cause the application to crash.(CVE-2017-9116)In
    OpenEXR 2.2.0, an invalid read of size 1 in the refill
    function in ImfFastHuf.cpp could cause the application
    to crash.(CVE-2017-9114)In OpenEXR 2.2.0, an invalid
    read of size 1 in the getBits function in ImfHuf.cpp
    could cause the application to crash.(CVE-2017-9112)In
    OpenEXR 2.2.0, an invalid read of size 2 in the
    hufDecode function in ImfHuf.cpp could cause the
    application to crash.(CVE-2017-9110)Header::readfrom in
    IlmImf/ImfHeader.cpp in OpenEXR 2.2.0 allows remote
    attackers to cause a denial of service (excessive
    memory allocation) via a crafted file that is accessed
    with the ImfOpenInputFile function in
    IlmImf/ImfCRgbaFile.cpp. NOTE: The maintainer and
    multiple third parties believe that this vulnerability
    isn't valid.(CVE-2017-14988)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1584
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?78467a42");
  script_set_attribute(attribute:"solution", value:
"Update the affected OpenEXR packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-9115");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2020/05/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/26");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:OpenEXR-libs");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

flag = 0;

pkgs = ["OpenEXR-libs-2.2.0-15.h1.eulerosv2r8"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "OpenEXR");
}