Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2020-1736.NASLHistoryJul 01, 2020 - 12:00 a.m.
EulerOS Virtualization 3.0.6.0 : e2fsprogs (EulerOS-SA-2020-1736)
2020-07-0100:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
7.2 High
AI Score
Confidence
High
According to the version of the e2fsprogs packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :
- A code execution vulnerability exists in the directory rehashing functionality of E2fsprogs e2fsck 1.45.4. A specially crafted ext4 directory can cause an out-of-bounds write on the stack, resulting in code execution. An attacker can corrupt a partition to trigger this vulnerability.(CVE-2019-5188)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(137955);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/05");
script_cve_id("CVE-2019-5188");
script_name(english:"EulerOS Virtualization 3.0.6.0 : e2fsprogs (EulerOS-SA-2020-1736)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the e2fsprogs packages installed, the
EulerOS Virtualization installation on the remote host is affected by
the following vulnerability :
- A code execution vulnerability exists in the directory
rehashing functionality of E2fsprogs e2fsck 1.45.4. A
specially crafted ext4 directory can cause an
out-of-bounds write on the stack, resulting in code
execution. An attacker can corrupt a partition to
trigger this vulnerability.(CVE-2019-5188)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1736
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?237d5fcf");
script_set_attribute(attribute:"solution", value:
"Update the affected e2fsprogs package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-5188");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2020/06/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/01");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:e2fsprogs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:e2fsprogs-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libcom_err");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libcom_err-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libss");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.6.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.6.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.6.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["e2fsprogs-1.45.3-1.h3.eulerosv2r7",
"e2fsprogs-libs-1.45.3-1.h3.eulerosv2r7",
"libcom_err-1.45.3-1.h3.eulerosv2r7",
"libcom_err-devel-1.45.3-1.h3.eulerosv2r7",
"libss-1.45.3-1.h3.eulerosv2r7"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "e2fsprogs");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| huawei | euleros | e2fsprogs | p-cpe:/a:huawei:euleros:e2fsprogs |
| huawei | euleros | e2fsprogs-libs | p-cpe:/a:huawei:euleros:e2fsprogs-libs |
| huawei | euleros | libcom_err | p-cpe:/a:huawei:euleros:libcom_err |
| huawei | euleros | libcom_err-devel | p-cpe:/a:huawei:euleros:libcom_err-devel |
| huawei | euleros | libss | p-cpe:/a:huawei:euleros:libss |
| huawei | euleros | uvp | cpe:/o:huawei:euleros:uvp:3.0.6.0 |
Related
nessus
nessus
EulerOS Virtualization 3.0.2.2 : e2fsprogs (EulerOS-SA-2020-2214)
2020-10-21 00:00:00
Photon OS 3.0: E2Fsprogs PHSA-2020-3.0-0053
2020-02-04 00:00:00
EulerOS 2.0 SP2 : e2fsprogs (EulerOS-SA-2020-1665)
2020-06-17 00:00:00
ubuntucve
ubuntucve
CVE-2019-5188
2020-01-08 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for e2fsprogs (EulerOS-SA-2020-1098)
2020-02-24 00:00:00
openSUSE: Security Advisory for e2fsprogs (openSUSE-SU-2020:0166-1)
2020-02-05 00:00:00
Mageia: Security Advisory (MGASA-2020-0039)
2022-01-28 00:00:00
osv
osv
e2fsprogs - security update
2020-07-26 00:00:00
CVE-2019-5188
2020-01-08 16:15:11
e2fsprogs - security update
2020-03-24 00:00:00
ubuntu
ubuntu
e2fsprogs vulnerability
2020-01-23 00:00:00
freebsd
freebsd
e2fsprogs -- rehash.c/pass 3a mutate_name() code execution vulnerability
2019-12-18 00:00:00
debian
debian
[SECURITY] [DLA 2290-1] e2fsprogs security update
2020-07-26 15:19:45
[SECURITY] [DLA 2156-1] e2fsprogs security update
2020-03-24 21:04:06
redhatcve
redhatcve
CVE-2019-5188
2020-01-11 15:09:44
cloudfoundry
cloudfoundry
USN-4249-1: e2fsprogs vulnerability | Cloud Foundry
2020-02-12 00:00:00
cbl_mariner
cbl_mariner
CVE-2019-5188 affecting package e2fsprogs 1.44.6-4
2021-01-29 07:39:17
alpinelinux
alpinelinux
CVE-2019-5188
2020-01-08 16:15:00
talos
talos
E2fsprogs e2fsck rehash.c mutate_name() Code Execution Vulnerability
2020-01-07 00:00:00
talosblog
talosblog
Vulnerability Spotlight: Code execution vulnerability in E2fsprogs
2020-01-14 11:31:08
suse
suse
Security update for e2fsprogs (moderate)
2020-02-04 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-10-01 03:56:17
mageia
mageia
Updated e2fsprogs packages fix security vulnerability
2020-01-17 13:16:50
debiancve
debiancve
CVE-2019-5188
2020-01-08 16:15:00
prion
prion
Remote code execution
2020-01-08 16:15:00
cve
cve
CVE-2019-5188
2020-01-08 16:15:00
fedora
fedora
[SECURITY] Fedora 30 Update: e2fsprogs-1.44.6-2.fc30
2020-02-02 01:53:44
[SECURITY] Fedora 31 Update: e2fsprogs-1.45.5-1.fc31
2020-01-21 01:40:08
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2020-1.0-0268
2020-01-31 00:00:00
Important Photon OS Security Update - PHSA-2020-0053
2020-01-31 00:00:00
Critical Photon OS Security Update - PHSA-2020-0268
2020-01-31 00:00:00
f5
f5
K06014092 : E2fsprogs vulnerabilities CVE-2019-5094 and CVE-2019-5188
2022-03-14 00:00:00
redhat
redhat
oraclelinux
oraclelinux
e2fsprogs security and bug fix update
2020-10-06 00:00:00
centos
centos
e2fsprogs, libcom_err, libss security update
2020-10-20 17:55:15
amazon
amazon
Medium: e2fsprogs
2021-01-12 22:51:00
Medium: e2fsprogs
2020-12-16 20:31:00
Medium: e2fsprogs
2020-10-22 17:27:00
ibm
ibm
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00