Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2020-1744.NASL
HistoryJul 01, 2020 - 12:00 a.m.

EulerOS Virtualization 3.0.6.0 : perl (EulerOS-SA-2020-1744)

2020-07-0100:00:00
This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

47.4%

JSON

According to the version of the perl packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :

  • The Dumper method in Data::Dumper before 2.154, as used in Perl 5.20.1 and earlier, allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an Array-Reference with many nested Array-References, which triggers a large number of recursive calls to the DD_dump function.(CVE-2014-4330)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(137963);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id(
    "CVE-2014-4330"
  );
  script_bugtraq_id(
    70142
  );

  script_name(english:"EulerOS Virtualization 3.0.6.0 : perl (EulerOS-SA-2020-1744)");
  script_summary(english:"Checks the rpm output for the updated package.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the version of the perl packages installed, the EulerOS
Virtualization installation on the remote host is affected by the
following vulnerability :

  - The Dumper method in Data::Dumper before 2.154, as used
    in Perl 5.20.1 and earlier, allows context-dependent
    attackers to cause a denial of service (stack
    consumption and crash) via an Array-Reference with many
    nested Array-References, which triggers a large number
    of recursive calls to the DD_dump
    function.(CVE-2014-4330)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1744
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f5bf3e98");
  script_set_attribute(attribute:"solution", value:
"Update the affected perl package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2014-4330");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2020/06/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perl-Pod-Escapes");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perl-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perl-macros");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.6.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.6.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.6.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["perl-5.16.3-292.h12.eulerosv2r7",
        "perl-Pod-Escapes-1.04-292.h12.eulerosv2r7",
        "perl-libs-5.16.3-292.h12.eulerosv2r7",
        "perl-macros-5.16.3-292.h12.eulerosv2r7"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_NOTE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl");
}
VendorProductVersionCPE
huaweieulerosperlp-cpe:/a:huawei:euleros:perl
huaweieulerosperl-pod-escapesp-cpe:/a:huawei:euleros:perl-pod-escapes
huaweieulerosperl-libsp-cpe:/a:huawei:euleros:perl-libs
huaweieulerosperl-macrosp-cpe:/a:huawei:euleros:perl-macros
huaweieulerosuvpcpe:/o:huawei:euleros:uvp:3.0.6.0

Related

cve 1
nessus 21
packetstorm 1
prion 1
openvas 19
cvelist 1
debiancve 1
mageia 3
securityvulns 3
nvd 1
ubuntucve 1
zdt 1
fedora 2
cloudfoundry 1
ubuntu 1
rosalinux 1
cve
cve
CVE-2014-4330
2014-09-30 16:55:06
nessus
nessus
Oracle Solaris Third-Party Patch Update : perl (cve_2014_4330_buffer_errors)
2015-01-19 00:00:00
SuSE 11.3 Security Update : perl (SAT Patch Number 9858)
2014-10-24 00:00:00
Mandriva Linux Security Advisory : perl (MDVSA-2015:136)
2015-03-30 00:00:00
packetstorm
packetstorm
Perl 5.20.1 Deep Recursion Stack Overflow
2014-09-25 00:00:00
prion
prion
Design/Logic Flaw
2014-09-30 16:55:00
openvas
openvas
Huawei EulerOS: Security Advisory for perl (EulerOS-SA-2020-2229)
2020-10-21 00:00:00
Mageia: Security Advisory (MGASA-2014-0406)
2022-01-28 00:00:00
Fedora Update for perl-Data-Dumper FEDORA-2014-11428
2014-10-09 00:00:00
cvelist
cvelist
CVE-2014-4330
2014-09-30 16:00:00
debiancve
debiancve
CVE-2014-4330
2014-09-30 16:55:06
mageia
mageia
Updated perl-Data-Dumper package fixes CVE-2014-4330
2014-10-09 18:06:16
Updated perl package fixes CVE-2014-4330
2014-10-09 18:06:16
Updated perl packages fix CVE-2014-4330
2014-10-09 18:06:16
securityvulns
securityvulns
LSE Leading Security Experts GmbH - LSE-2014-06-10 - Perl CORE - Deep Recursion Stack Overflow
2014-09-29 00:00:00
Perl stack overflow
2014-09-29 00:00:00
ESA-2015-002: Unisphere Central Security Update for Multiple Vulnerabilities
2015-02-02 00:00:00
nvd
nvd
CVE-2014-4330
2014-09-30 16:55:06
ubuntucve
ubuntucve
CVE-2014-4330
2014-09-30 00:00:00
zdt
zdt
Perl 5.20.1 Deep Recursion Stack Overflow Vulnerability
2014-09-25 00:00:00
fedora
fedora
[SECURITY] Fedora 20 Update: perl-Data-Dumper-2.154-1.fc20
2014-09-29 04:06:01
[SECURITY] Fedora 19 Update: perl-Data-Dumper-2.154-1.fc19
2014-10-08 19:17:22
cloudfoundry
cloudfoundry
USN-2916-1 Perl vulnerabilities | Cloud Foundry
2016-03-24 00:00:00
ubuntu
ubuntu
Perl vulnerabilities
2016-03-02 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1949
2021-07-02 17:41:47

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

47.4%

JSON
Related for EULEROS_SA-2020-1744.NASL
cve1nessus21packetstorm1prion1openvas19cvelist1debiancve1mageia3securityvulns3nvd1ubuntucve1zdt1fedora2cloudfoundry1ubuntu1rosalinux1