EulerOS 2.0 SP9 : golang (EulerOS-SA-2021-1006)

2021-01-0400:00:00

www.tenable.com

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

The encoding/xml package in Go (all versions) does not correctly preserve the semantics of attribute namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.(CVE-2020-29509)
The encoding/xml package in Go versions 1.15 and earlier does not correctly preserve the semantics of directives during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.(CVE-2020-29510)
The encoding/xml package in Go (all versions) does not correctly preserve the semantics of element namespace prefixes during tokenization round-trips, which allows an attacker to craft inputs that behave in conflicting ways during different stages of processing in affected downstream applications.(CVE-2020-29511)
Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection.(CVE-2020-28367)
Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection.(CVE-2020-28366)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(144686);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/11");

  script_cve_id(
    "CVE-2020-28366",
    "CVE-2020-28367",
    "CVE-2020-29509",
    "CVE-2020-29510",
    "CVE-2020-29511"
  );

  script_name(english:"EulerOS 2.0 SP9 : golang (EulerOS-SA-2021-1006)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the golang packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - The encoding/xml package in Go (all versions) does not
    correctly preserve the semantics of attribute namespace
    prefixes during tokenization round-trips, which allows
    an attacker to craft inputs that behave in conflicting
    ways during different stages of processing in affected
    downstream applications.(CVE-2020-29509)

  - The encoding/xml package in Go versions 1.15 and
    earlier does not correctly preserve the semantics of
    directives during tokenization round-trips, which
    allows an attacker to craft inputs that behave in
    conflicting ways during different stages of processing
    in affected downstream applications.(CVE-2020-29510)

  - The encoding/xml package in Go (all versions) does not
    correctly preserve the semantics of element namespace
    prefixes during tokenization round-trips, which allows
    an attacker to craft inputs that behave in conflicting
    ways during different stages of processing in affected
    downstream applications.(CVE-2020-29511)

  - Go before 1.14.12 and 1.15.x before 1.15.5 allows
    Argument Injection.(CVE-2020-28367)

  - Go before 1.14.12 and 1.15.x before 1.15.5 allows Code
    Injection.(CVE-2020-28366)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1006
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?648c43ef");
  script_set_attribute(attribute:"solution", value:
"Update the affected golang packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-29511");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-28367");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"patch_publication_date", value:"2021/01/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/01/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:golang");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:golang-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:golang-help");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(9)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP9");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP9", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["golang-1.13.3-10.h4.eulerosv2r9",
        "golang-devel-1.13.3-10.h4.eulerosv2r9",
        "golang-help-1.13.3-10.h4.eulerosv2r9"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"9", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "golang");
}

VendorProductVersionCPE
huaweieulerosgolangp-cpe:/a:huawei:euleros:golang
huaweieulerosgolang-develp-cpe:/a:huawei:euleros:golang-devel
huaweieulerosgolang-helpp-cpe:/a:huawei:euleros:golang-help
huaweieuleros2.0cpe:/o:huawei:euleros:2.0

Vendor	Product	Version	CPE
huawei	euleros	golang	p-cpe:/a:huawei:euleros:golang
huawei	euleros	golang-devel	p-cpe:/a:huawei:euleros:golang-devel
huawei	euleros	golang-help	p-cpe:/a:huawei:euleros:golang-help
huawei	euleros	2.0	cpe:/o:huawei:euleros:2.0