Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2020-1688.NASL
HistoryJun 25, 2020 - 12:00 a.m.

EulerOS Virtualization for ARM 64 3.0.6.0 : qemu-kvm (EulerOS-SA-2020-1688)

2020-06-2500:00:00
This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
JSON

According to the versions of the qemu-kvm packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :

  • In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c misuses snprintf return values, leading to a buffer overflow in later code.(CVE-2020-8608)

  • tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in QEMU 4.2.0, mismanages memory, as demonstrated by IRC DCC commands in EMU_IRC. This can cause a heap-based buffer overflow or other out-of-bounds access which can lead to a DoS or potential execute arbitrary code.(CVE-2020-7039)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(137795);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id(
    "CVE-2020-7039",
    "CVE-2020-8608"
  );

  script_name(english:"EulerOS Virtualization for ARM 64 3.0.6.0 : qemu-kvm (EulerOS-SA-2020-1688)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization for ARM 64 host is missing multiple security
updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the qemu-kvm packages installed, the
EulerOS Virtualization for ARM 64 installation on the remote host is
affected by the following vulnerabilities :

  - In libslirp 4.1.0, as used in QEMU 4.2.0, tcp_subr.c
    misuses snprintf return values, leading to a buffer
    overflow in later code.(CVE-2020-8608)

  - tcp_emu in tcp_subr.c in libslirp 4.1.0, as used in
    QEMU 4.2.0, mismanages memory, as demonstrated by IRC
    DCC commands in EMU_IRC. This can cause a heap-based
    buffer overflow or other out-of-bounds access which can
    lead to a DoS or potential execute arbitrary
    code.(CVE-2020-7039)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1688
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6ae88480");
  script_set_attribute(attribute:"solution", value:
"Update the affected qemu-kvm packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8608");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"patch_publication_date", value:"2020/06/25");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/25");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qemu-img");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qemu-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qemu-kvm-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:qemu-kvm-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.6.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.6.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.6.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

flag = 0;

pkgs = ["qemu-img-2.8.1-30.448",
        "qemu-kvm-2.8.1-30.448",
        "qemu-kvm-common-2.8.1-30.448",
        "qemu-kvm-tools-2.8.1-30.448"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "qemu-kvm");
}
VendorProductVersionCPE
huaweieulerosqemu-imgp-cpe:/a:huawei:euleros:qemu-img
huaweieulerosqemu-kvmp-cpe:/a:huawei:euleros:qemu-kvm
huaweieulerosqemu-kvm-commonp-cpe:/a:huawei:euleros:qemu-kvm-common
huaweieulerosqemu-kvm-toolsp-cpe:/a:huawei:euleros:qemu-kvm-tools
huaweieulerosuvpcpe:/o:huawei:euleros:uvp:3.0.6.0

Related

nessus 78
openvas 24
redhat 24
debian 7
osv 20
ubuntu 2
amazon 4
f5 2
centos 3
cve 2
rocky 5
almalinux 5
redhatcve 2
cbl_mariner 1
ubuntucve 2
prion 2
oraclelinux 7
veracode 2
ibm 1
debiancve 2
suse 1
gentoo 2
archlinux 1
nessus
nessus
EulerOS 2.0 SP8 : qemu (EulerOS-SA-2020-1298)
2020-03-23 00:00:00
RHEL 7 : qemu-kvm-rhev (RHSA-2020:2730)
2020-06-24 00:00:00
RHEL 8 : virt:8.1 (RHSA-2020:1261)
2023-01-23 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for qemu-kvm (EulerOS-SA-2020-1688)
2020-06-26 00:00:00
Huawei EulerOS: Security Advisory for qemu (EulerOS-SA-2020-1298)
2020-03-23 00:00:00
Ubuntu: Security Advisory (USN-4632-1)
2020-11-13 00:00:00
redhat
redhat
(RHSA-2020:1351) Important: qemu-kvm security update
2020-04-07 08:50:42
(RHSA-2020:1261) Important: virt:8.1 security update
2020-04-01 06:58:30
(RHSA-2020:2730) Important: qemu-kvm-rhev security update
2020-06-24 12:16:29
debian
debian
[SECURITY] [DLA 2551-1] slirp security update
2021-02-09 20:56:45
[SECURITY] [DLA 2142-1] slirp security update
2020-03-13 10:20:39
[SECURITY] [DLA 2076-1] slirp security update
2020-01-26 21:43:12
osv
osv
slirp - security update
2021-02-09 00:00:00
slirp vulnerabilities
2020-11-12 20:31:20
CVE-2020-8608
2020-02-06 17:15:14
ubuntu
ubuntu
SLiRP vulnerabilities
2020-11-12 00:00:00
QEMU vulnerabilities
2020-02-18 00:00:00
amazon
amazon
Important: qemu-kvm
2020-07-14 20:27:00
Important: qemu-kvm
2020-07-27 23:58:00
Important: qemu
2020-03-23 16:27:00
f5
f5
K81258141 : QEMU 4.2.0 buffer overflow vulnerability CVE-2020-8608
2020-12-21 00:00:00
K18684657 : QEMU 4.2.0 vulnerability CVE-2020-7039
2021-01-21 00:00:00
centos
centos
qemu security update
2020-04-28 00:23:01
qemu security update
2020-04-08 19:11:28
qemu security update
2020-03-10 20:44:03
cve
cve
CVE-2020-8608
2020-02-06 17:15:00
CVE-2020-7039
2020-01-16 23:15:00
rocky
rocky
container-tools:rhel8 security and bug fix update
2020-04-07 09:15:36
container-tools:1.0 security update
2020-04-07 12:58:09
virt:rhel security and bug fix update
2020-04-07 12:58:04
almalinux
almalinux
Important: container-tools:1.0 security update
2020-04-07 12:58:09
Important: container-tools:rhel8 security, bug fix, and enhancement update
2020-02-04 11:39:46
Important: container-tools:rhel8 security and bug fix update
2020-04-07 09:15:36
redhatcve
redhatcve
CVE-2020-7039
2020-01-16 08:09:06
CVE-2020-8608
2020-04-01 14:08:07
cbl_mariner
cbl_mariner
CVE-2020-7039 affecting package qemu-kvm 4.2.0-48
2020-11-05 04:21:31
ubuntucve
ubuntucve
CVE-2020-7039
2020-01-16 00:00:00
CVE-2020-8608
2020-02-06 00:00:00
prion
prion
Buffer overflow
2020-02-06 17:15:00
Heap overflow
2020-01-16 23:15:00
oraclelinux
oraclelinux
qemu-kvm security update
2020-04-10 00:00:00
qemu-kvm security and bug fix update
2020-04-09 00:00:00
virt:ol security update
2020-07-06 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-05-15 02:20:11
Arbitrary Code Execution
2020-06-02 03:15:00
ibm
ibm
Security Bulletin: Publicly disclosed vulnerability from Qemu affects IBM Netezza Host Management
2020-08-10 18:41:03
debiancve
debiancve
CVE-2020-8608
2020-02-06 17:15:00
CVE-2020-7039
2020-01-16 23:15:00
suse
suse
Security update for qemu (important)
2020-04-07 00:00:00
gentoo
gentoo
QEMU: Multiple vulnerabilities
2020-03-30 00:00:00
QEMU: Multiple vulnerabilities
2020-05-12 00:00:00
archlinux
archlinux
[ASA-202005-6] qemu: multiple issues
2020-05-07 00:00:00
JSON
Related for EULEROS_SA-2020-1688.NASL
nessus78openvas24redhat24debian7osv20ubuntu2amazon4f52centos3cve2rocky5almalinux5redhatcve2cbl_mariner1ubuntucve2prion2oraclelinux7veracode2ibm1debiancve2suse1gentoo2archlinux1