EulerOS 2.0 SP3 : spice (EulerOS-SA-2021-1121)

🗓️ 20 Jan 2021 00:00:00Reported by TenableType

EulerOS 2.0 SP3 spice package vulnerabilit

Reporter	Title	Published	Views	Family All 143
ALT Linux	Security fix for the ALT Linux 9 package SPICE version 0.15.0-alt1	31 May 202100:00	–	altlinux
Tenable Nessus	Amazon Linux 2 : spice-gtk (ALAS-2020-1546)	28 Oct 202000:00	–	nessus
Tenable Nessus	Amazon Linux 2 : spice (ALAS-2020-1547)	28 Oct 202000:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0090: spice and spice-gtk (ALINUX3-SA-2021:0090)	14 May 202500:00	–	nessus
Tenable Nessus	CentOS 8 : spice and spice-gtk (CESA-2020:4186)	1 Feb 202100:00	–	nessus
Tenable Nessus	CentOS 7 : spice and spice-gtk (RHSA-2020:4187)	6 Nov 202000:00	–	nessus
Tenable Nessus	Debian DLA-2427-1 : spice security update	2 Nov 202000:00	–	nessus
Tenable Nessus	Debian DLA-2428-1 : spice-gtk security update	2 Nov 202000:00	–	nessus
Tenable Nessus	Debian DSA-4771-1 : spice - security update	12 Oct 202000:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP3 : spice-gtk (EulerOS-SA-2021-1122)	20 Jan 202100:00	–	nessus

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(145101);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/30");

  script_cve_id("CVE-2020-14355");

  script_name(english:"EulerOS 2.0 SP3 : spice (EulerOS-SA-2021-1121)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the version of the spice package installed, the EulerOS
installation on the remote host is affected by the following
vulnerability :

  - Multiple buffer overflow vulnerabilities were found in
    the QUIC image decoding process of the SPICE remote
    display system, before spice-0.14.2-1. Both the SPICE
    client (spice-gtk) and server are affected by these
    flaws. These flaws allow a malicious client or server
    to send specially crafted messages that, when processed
    by the QUIC image compression algorithm, result in a
    process crash or potential code
    execution.(CVE-2020-14355)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1121
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e357047f");
  script_set_attribute(attribute:"solution", value:
"Update the affected spice package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-14355");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"patch_publication_date", value:"2021/01/18");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/01/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:spice-server");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["spice-server-0.14.0-6.1.h1"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "spice");
}

30 Jan 2024 00:00Current

7.5High risk

Vulners AI Score7.5

CVSS 26.5

CVSS 3.16.6

EPSS0.01631