This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2020-2411.NASLEulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2411)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
-
In kbd_keycode of keyboard.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:
AndroidVersions: Android kernelAndroid ID:
A-144161459(CVE-2020-0431) -
A flaw was found in the HDLC_PPP module of the Linux kernel in versions before 5.9-rc7. Memory corruption and a read overflow is caused by improper input validation in the ppp_cp_parse_cr function which can cause the system to crash or cause a denial of service.
The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-25643) -
A flaw was found in the Linux kernel in versions before 5.9-rc7. Traffic between two Geneve endpoints may be unencrypted when IPsec is configured to encrypt traffic for the specific UDP port used by the GENEVE tunnel allowing anyone between the two endpoints to read the traffic unencrypted. The main threat from this vulnerability is to data confidentiality.(CVE-2020-25645)
-
An information leak flaw was found in the way the Linux kernel’s Bluetooth stack implementation handled initialization of stack memory when handling certain AMP packets. A remote attacker in adjacent range could use this flaw to leak small portions of stack memory on the system by sending a specially crafted AMP packets.
The highest threat from this vulnerability is to data confidentiality.(CVE-2020-12352) -
A flaw was found in the way the Linux kernel Bluetooth implementation handled L2CAP packets with A2MP CID. A remote attacker in adjacent range could use this flaw to crash the system causing denial of service or potentially execute arbitrary code on the system by sending a specially crafted L2CAP packet. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.(CVE-2020-12351)
-
A heap buffer overflow flaw was found in the way the Linux kernel’s Bluetooth implementation processed extended advertising report events. This flaw allows a remote attacker in an adjacent range to crash the system, causing a denial of service or to potentially execute arbitrary code on the system by sending a specially crafted Bluetooth packet. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-24490))
-
A missing CAP_NET_RAW check in NFC socket creation in net/nfc/rawsock.c in the Linux kernel before 5.8.2 could be used by local attackers to create raw sockets, bypassing security mechanisms, aka CID-26896f01467a.(CVE-2020-26088)
-
A flaw was found in the Linux kernel’s implementation of biovecs in versions before 5.9-rc7. A zero-length biovec request issued by the block subsystem could cause the kernel to enter an infinite loop, causing a denial of service. This flaw allows a local attacker with basic privileges to issue requests to a block device, resulting in a denial of service. The highest threat from this vulnerability is to system availability.(CVE-2020-25641)
-
In skb_to_mamac of networking.c, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.Product:
AndroidVersions: Android kernelAndroid ID:
A-143560807(CVE-2020-0432)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(142331);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/11");
script_cve_id(
"CVE-2020-0431",
"CVE-2020-0432",
"CVE-2020-12351",
"CVE-2020-12352",
"CVE-2020-24490",
"CVE-2020-25641",
"CVE-2020-25643",
"CVE-2020-25645",
"CVE-2020-26088"
);
script_name(english:"EulerOS 2.0 SP9 : kernel (EulerOS-SA-2020-2411)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- In kbd_keycode of keyboard.c, there is a possible out
of bounds write due to a missing bounds check. This
could lead to local escalation of privilege with no
additional execution privileges needed. User
interaction is not needed for exploitation.Product:
AndroidVersions: Android kernelAndroid ID:
A-144161459(CVE-2020-0431)
- A flaw was found in the HDLC_PPP module of the Linux
kernel in versions before 5.9-rc7. Memory corruption
and a read overflow is caused by improper input
validation in the ppp_cp_parse_cr function which can
cause the system to crash or cause a denial of service.
The highest threat from this vulnerability is to data
confidentiality and integrity as well as system
availability.(CVE-2020-25643)
- A flaw was found in the Linux kernel in versions before
5.9-rc7. Traffic between two Geneve endpoints may be
unencrypted when IPsec is configured to encrypt traffic
for the specific UDP port used by the GENEVE tunnel
allowing anyone between the two endpoints to read the
traffic unencrypted. The main threat from this
vulnerability is to data
confidentiality.(CVE-2020-25645)
- An information leak flaw was found in the way the Linux
kernel's Bluetooth stack implementation handled
initialization of stack memory when handling certain
AMP packets. A remote attacker in adjacent range could
use this flaw to leak small portions of stack memory on
the system by sending a specially crafted AMP packets.
The highest threat from this vulnerability is to data
confidentiality.(CVE-2020-12352)
- A flaw was found in the way the Linux kernel Bluetooth
implementation handled L2CAP packets with A2MP CID. A
remote attacker in adjacent range could use this flaw
to crash the system causing denial of service or
potentially execute arbitrary code on the system by
sending a specially crafted L2CAP packet. The highest
threat from this vulnerability is to data
confidentiality and integrity as well as system
availability.(CVE-2020-12351)
- A heap buffer overflow flaw was found in the way the
Linux kernel's Bluetooth implementation processed
extended advertising report events. This flaw allows a
remote attacker in an adjacent range to crash the
system, causing a denial of service or to potentially
execute arbitrary code on the system by sending a
specially crafted Bluetooth packet. The highest threat
from this vulnerability is to confidentiality,
integrity, as well as system
availability.(CVE-2020-24490))
- A missing CAP_NET_RAW check in NFC socket creation in
net/nfc/rawsock.c in the Linux kernel before 5.8.2
could be used by local attackers to create raw sockets,
bypassing security mechanisms, aka
CID-26896f01467a.(CVE-2020-26088)
- A flaw was found in the Linux kernel's implementation
of biovecs in versions before 5.9-rc7. A zero-length
biovec request issued by the block subsystem could
cause the kernel to enter an infinite loop, causing a
denial of service. This flaw allows a local attacker
with basic privileges to issue requests to a block
device, resulting in a denial of service. The highest
threat from this vulnerability is to system
availability.(CVE-2020-25641)
- In skb_to_mamac of networking.c, there is a possible
out of bounds write due to an integer overflow. This
could lead to local escalation of privilege with no
additional execution privileges needed. User
interaction is not needed for exploitation.Product:
AndroidVersions: Android kernelAndroid ID:
A-143560807(CVE-2020-0432)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2411
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0cd011a2");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-25643");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-12351");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2020/11/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/11/03");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-perf");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(9)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP9");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP9", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
flag = 0;
pkgs = ["kernel-4.19.90-vhulk2009.2.0.h284.eulerosv2r9",
"kernel-tools-4.19.90-vhulk2009.2.0.h284.eulerosv2r9",
"kernel-tools-libs-4.19.90-vhulk2009.2.0.h284.eulerosv2r9",
"python3-perf-4.19.90-vhulk2009.2.0.h284.eulerosv2r9"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"9", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| huawei | euleros | kernel | p-cpe:/a:huawei:euleros:kernel |
| huawei | euleros | kernel-tools | p-cpe:/a:huawei:euleros:kernel-tools |
| huawei | euleros | kernel-tools-libs | p-cpe:/a:huawei:euleros:kernel-tools-libs |
| huawei | euleros | python3-perf | p-cpe:/a:huawei:euleros:python3-perf |
| huawei | euleros | 2.0 | cpe:/o:huawei:euleros:2.0 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0431
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0432
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12351
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-12352
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24490
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25641
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25643
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25645
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26088
www.nessus.org/u?0cd011a2
Related
