Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2020-2032.NASLHistorySep 29, 2020 - 12:00 a.m.
EulerOS Virtualization for ARM 64 3.0.6.0 : libXi (EulerOS-SA-2020-2032)
2020-09-2900:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
7.8 High
AI Score
Confidence
High
According to the versions of the libXi package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :
-
X.org libXi before 1.7.7 allows remote X servers to cause a denial of service (infinite loop) via vectors involving length fields.(CVE-2016-7946)
-
Multiple integer overflows in X.org libXi before 1.7.7 allow remote X servers to cause a denial of service (out-of-bounds memory access or infinite loop) via vectors involving length fields.(CVE-2016-7945)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(140980);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/19");
script_cve_id("CVE-2016-7945", "CVE-2016-7946");
script_name(english:"EulerOS Virtualization for ARM 64 3.0.6.0 : libXi (EulerOS-SA-2020-2032)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization for ARM 64 host is missing multiple security
updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the libXi package installed, the EulerOS
Virtualization for ARM 64 installation on the remote host is affected
by the following vulnerabilities :
- X.org libXi before 1.7.7 allows remote X servers to
cause a denial of service (infinite loop) via vectors
involving length fields.(CVE-2016-7946)
- Multiple integer overflows in X.org libXi before 1.7.7
allow remote X servers to cause a denial of service
(out-of-bounds memory access or infinite loop) via
vectors involving length fields.(CVE-2016-7945)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2032
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?68b85790");
script_set_attribute(attribute:"solution", value:
"Update the affected libXi packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2016-7946");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"patch_publication_date", value:"2020/09/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/09/29");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libXi");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.6.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.6.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.6.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
flag = 0;
pkgs = ["libXi-1.7.9-8.eulerosv2r8"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libXi");
}
Related
debian
debian
[SECURITY] [DLA 685-1] libxi security update
2016-10-26 23:40:35
nessus
nessus
Fedora 23 : libXi (2016-21f0de504c)
2016-11-11 00:00:00
EulerOS 2.0 SP2 : libXi (EulerOS-SA-2019-2434)
2019-12-04 00:00:00
Fedora 25 : libXi (2016-8b122b0997)
2016-11-15 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for libXi (EulerOS-SA-2020-2032)
2020-09-29 00:00:00
Fedora Update for libXi FEDORA-2016-21f0de504c
2016-12-02 00:00:00
Huawei EulerOS: Security Advisory for libXi (EulerOS-SA-2019-2434)
2020-01-23 00:00:00
fedora
fedora
[SECURITY] Fedora 24 Update: libXi-1.7.7-1.fc24
2016-10-09 06:23:44
[SECURITY] Fedora 25 Update: libXi-1.7.7-1.fc25
2016-10-10 18:00:28
[SECURITY] Fedora 23 Update: libXi-1.7.8-2.fc23
2016-11-10 15:53:51
ubuntucve
ubuntucve
CVE-2016-7946
2016-12-13 00:00:00
CVE-2016-7945
2016-12-13 00:00:00
osv
osv
libxi vulnerabilities
2022-09-28 19:58:13
ubuntu
ubuntu
libXi vulnerabilities
2022-09-28 00:00:00
prion
prion
Design/Logic Flaw
2016-12-13 20:59:00
Integer overflow
2016-12-13 20:59:00
redhatcve
redhatcve
CVE-2016-7946
2016-10-05 09:17:26
CVE-2016-7945
2016-10-05 09:17:43
cvelist
cvelist
CVE-2016-7946
2016-12-13 20:00:00
CVE-2016-7945
2016-12-13 20:00:00
alpinelinux
alpinelinux
CVE-2016-7945
2016-12-13 20:59:00
CVE-2016-7946
2016-12-13 20:59:00
debiancve
debiancve
CVE-2016-7945
2016-12-13 20:59:00
CVE-2016-7946
2016-12-13 20:59:00
cve
cve
CVE-2016-7945
2016-12-13 20:59:00
CVE-2016-7946
2016-12-13 20:59:00
ibm
ibm
slackware
slackware
[slackware-security] x11
2016-11-01 03:40:24
mageia
mageia
Updated X11 client libraries packages fix security vulnerability
2018-01-01 18:50:28
photon
photon
Critical Photon OS Security Update - PHSA-2023-5.0-0036
2023-06-22 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0417
2023-06-30 00:00:00
gentoo
gentoo
X.Org: Multiple vulnerabilities
2017-04-10 00:00:00