Lucene search

K
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2020-2549.NASL
HistoryDec 15, 2020 - 12:00 a.m.

EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-2549)

2020-12-1500:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13

7.8 High

AI Score

Confidence

High

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  • The kernel package contains the Linux kernel (vmlinuz), the core of any Linux operating system. The kernel handles the basic functions of the operating system:
    memory allocation, process allocation, device input and output, etc.Security Fix(es):A flaw was found in the Linux Kernel before 5.8-rc6 in the ZRAM kernel module, where a user with a local account and the ability to read the /sys/class/zram-control/hot_add file can create ZRAM device nodes in the /dev/ directory. This read allocates kernel memory and is not accounted for a user that triggers the creation of that ZRAM device.
    With this vulnerability, continually reading the device may consume a large amount of system memory and cause the Out-of-Memory (OOM) killer to activate and terminate random userspace processes, possibly making the system inoperable.(CVE-2020-10781)The rbd block device driver in drivers/block/rbd.c in the Linux kernel through 5.8.9 used incomplete permission checking for access to rbd devices, which could be leveraged by local attackers to map or unmap rbd block devices, aka CID-f44d04e696fe.(CVE-2020-25284)A memory out-of-bounds read flaw was found in the Linux kernel before 5.9-rc2 with the ext3/ext4 file system, in the way it accesses a directory with broken indexing. This flaw allows a local user to crash the system if the directory exists. The highest threat from this vulnerability is to system availability.(CVE-2020-14314)A flaw was found in the Linux kernel before 5.9-rc4. Memory corruption can be exploited to gain root privileges from unprivileged processes. The highest threat from this vulnerability is to data confidentiality and integrity.(CVE-2020-14386)A race condition between hugetlb sysctl handlers in mm/hugetlb.c in the Linux kernel before 5.8.8 could be used by local attackers to corrupt memory, cause a NULL pointer dereference, or possibly have unspecified other impact, aka CID-17743798d812.(CVE-2020-25285)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(144244);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/01");

  script_cve_id(
    "CVE-2020-10781",
    "CVE-2020-14314",
    "CVE-2020-14386",
    "CVE-2020-25284",
    "CVE-2020-25285"
  );

  script_name(english:"EulerOS 2.0 SP5 : kernel (EulerOS-SA-2020-2549)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - The kernel package contains the Linux kernel (vmlinuz),
    the core of any Linux operating system. The kernel
    handles the basic functions of the operating system:
    memory allocation, process allocation, device input and
    output, etc.Security Fix(es):A flaw was found in the
    Linux Kernel before 5.8-rc6 in the ZRAM kernel module,
    where a user with a local account and the ability to
    read the /sys/class/zram-control/hot_add file can
    create ZRAM device nodes in the /dev/ directory. This
    read allocates kernel memory and is not accounted for a
    user that triggers the creation of that ZRAM device.
    With this vulnerability, continually reading the device
    may consume a large amount of system memory and cause
    the Out-of-Memory (OOM) killer to activate and
    terminate random userspace processes, possibly making
    the system inoperable.(CVE-2020-10781)The rbd block
    device driver in drivers/block/rbd.c in the Linux
    kernel through 5.8.9 used incomplete permission
    checking for access to rbd devices, which could be
    leveraged by local attackers to map or unmap rbd block
    devices, aka CID-f44d04e696fe.(CVE-2020-25284)A memory
    out-of-bounds read flaw was found in the Linux kernel
    before 5.9-rc2 with the ext3/ext4 file system, in the
    way it accesses a directory with broken indexing. This
    flaw allows a local user to crash the system if the
    directory exists. The highest threat from this
    vulnerability is to system
    availability.(CVE-2020-14314)A flaw was found in the
    Linux kernel before 5.9-rc4. Memory corruption can be
    exploited to gain root privileges from unprivileged
    processes. The highest threat from this vulnerability
    is to data confidentiality and
    integrity.(CVE-2020-14386)A race condition between
    hugetlb sysctl handlers in mm/hugetlb.c in the Linux
    kernel before 5.8.8 could be used by local attackers to
    corrupt memory, cause a NULL pointer dereference, or
    possibly have unspecified other impact, aka
    CID-17743798d812.(CVE-2020-25285)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2549
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?78c0e5a2");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-14386");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"patch_publication_date", value:"2020/12/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/12/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["kernel-3.10.0-862.14.1.5.h483.eulerosv2r7",
        "kernel-devel-3.10.0-862.14.1.5.h483.eulerosv2r7",
        "kernel-headers-3.10.0-862.14.1.5.h483.eulerosv2r7",
        "kernel-tools-3.10.0-862.14.1.5.h483.eulerosv2r7",
        "kernel-tools-libs-3.10.0-862.14.1.5.h483.eulerosv2r7",
        "perf-3.10.0-862.14.1.5.h483.eulerosv2r7",
        "python-perf-3.10.0-862.14.1.5.h483.eulerosv2r7"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
VendorProductVersionCPE
huaweieuleroskernelp-cpe:/a:huawei:euleros:kernel
huaweieuleroskernel-develp-cpe:/a:huawei:euleros:kernel-devel
huaweieuleroskernel-headersp-cpe:/a:huawei:euleros:kernel-headers
huaweieuleroskernel-toolsp-cpe:/a:huawei:euleros:kernel-tools
huaweieuleroskernel-tools-libsp-cpe:/a:huawei:euleros:kernel-tools-libs
huaweieulerosperfp-cpe:/a:huawei:euleros:perf
huaweieulerospython-perfp-cpe:/a:huawei:euleros:python-perf
huaweieuleros2.0cpe:/o:huawei:euleros:2.0