Lucene search

HistoryNov 06, 2020 - 12:00 a.m.

EulerOS Virtualization 3.0.6.6 : vim (EulerOS-SA-2020-2455)

2020-11-0600:00:00

www.tenable.com

euleros

virtualization

vim

restricted mode bypass

vulnerability

cve-2019-20807

python

ruby

lua

CVSS2

4.6

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

CVSS3

5.3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

17.8%

JSON

According to the version of the vim packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :

In Vim before 8.1.0881, users can circumvent the rvim restricted mode and execute arbitrary OS commands via scripting interfaces (e.g., Python, Ruby, or Lua).(CVE-2019-20807)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(142512);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/09");

  script_cve_id("CVE-2019-20807");

  script_name(english:"EulerOS Virtualization 3.0.6.6 : vim (EulerOS-SA-2020-2455)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the version of the vim packages installed, the EulerOS
Virtualization installation on the remote host is affected by the
following vulnerability :

  - In Vim before 8.1.0881, users can circumvent the rvim
    restricted mode and execute arbitrary OS commands via
    scripting interfaces (e.g., Python, Ruby, or
    Lua).(CVE-2019-20807)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2455
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0d6ad42f");
  script_set_attribute(attribute:"solution", value:
"Update the affected vim package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-20807");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"patch_publication_date", value:"2020/11/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/11/06");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-X11");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-enhanced");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-filesystem");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:vim-minimal");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.6.6");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.6.6") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.6.6");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["vim-X11-7.4.160-4.h9.eulerosv2r7",
        "vim-common-7.4.160-4.h9.eulerosv2r7",
        "vim-enhanced-7.4.160-4.h9.eulerosv2r7",
        "vim-filesystem-7.4.160-4.h9.eulerosv2r7",
        "vim-minimal-7.4.160-4.h9.eulerosv2r7"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "vim");
}

VendorProductVersionCPE
huaweieulerosvim-x11p-cpe:/a:huawei:euleros:vim-x11
huaweieulerosvim-commonp-cpe:/a:huawei:euleros:vim-common
huaweieulerosvim-enhancedp-cpe:/a:huawei:euleros:vim-enhanced
huaweieulerosvim-filesystemp-cpe:/a:huawei:euleros:vim-filesystem
huaweieulerosvim-minimalp-cpe:/a:huawei:euleros:vim-minimal
huaweieulerosuvpcpe:/o:huawei:euleros:uvp:3.0.6.6

Vendor	Product	Version	CPE
huawei	euleros	vim-x11	p-cpe:/a:huawei:euleros:vim-x11
huawei	euleros	vim-common	p-cpe:/a:huawei:euleros:vim-common
huawei	euleros	vim-enhanced	p-cpe:/a:huawei:euleros:vim-enhanced
huawei	euleros	vim-filesystem	p-cpe:/a:huawei:euleros:vim-filesystem
huawei	euleros	vim-minimal	p-cpe:/a:huawei:euleros:vim-minimal
huawei	euleros	uvp	cpe:/o:huawei:euleros:uvp:3.0.6.6