According to the versions of the openjpeg2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
There’s a flaw in openjpeg in versions prior to 2.4.0 in src/lib/openjp2/pi.c. When an attacker is able to provide crafted input to be processed by the openjpeg encoder, this could cause an out-of-bounds read. The greatest impact from this flaw is to application availability.(CVE-2020-27841)
There’s a flaw in src/lib/openjp2/pi.c of openjpeg in versions prior to 2.4.0. If an attacker is able to provide untrusted input to openjpeg’s conversion/encoding functionality, they could cause an out-of-bounds read. The highest impact of this flaw is to application availability.(CVE-2020-27845)
The OpenJPEG library is an open-source JPEG 2000 library developed in order topromote the use of JPEG 2000.This package contains* JPEG 2000 codec compliant with the Part 1 of the standard (Class-1 Profile-1 compliance).* JP2 (JPEG 2000 standard Part 2 - Handling of JP2 boxes and extended multiple(CVE-2020-27824)
A heap-buffer overflow was found in the way openjpeg2 handled certain PNG format files. An attacker could use this flaw to cause an application crash or in some cases execute arbitrary code with the permission of the user running such an application.(CVE-2020-27814)
A flaw was found in OpenJPEG’s encoder. This flaw allows an attacker to pass specially crafted x,y offset input to OpenJPEG to use during encoding. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability.(CVE-2020-27823)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(145744);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/25");
script_cve_id(
"CVE-2020-27814",
"CVE-2020-27823",
"CVE-2020-27824",
"CVE-2020-27841",
"CVE-2020-27845"
);
script_name(english:"EulerOS 2.0 SP8 : openjpeg2 (EulerOS-SA-2021-1156)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the openjpeg2 package installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- There's a flaw in openjpeg in versions prior to 2.4.0
in src/lib/openjp2/pi.c. When an attacker is able to
provide crafted input to be processed by the openjpeg
encoder, this could cause an out-of-bounds read. The
greatest impact from this flaw is to application
availability.(CVE-2020-27841)
- There's a flaw in src/lib/openjp2/pi.c of openjpeg in
versions prior to 2.4.0. If an attacker is able to
provide untrusted input to openjpeg's
conversion/encoding functionality, they could cause an
out-of-bounds read. The highest impact of this flaw is
to application availability.(CVE-2020-27845)
- The OpenJPEG library is an open-source JPEG 2000
library developed in order topromote the use of JPEG
2000.This package contains* JPEG 2000 codec compliant
with the Part 1 of the standard (Class-1 Profile-1
compliance).* JP2 (JPEG 2000 standard Part 2 - Handling
of JP2 boxes and extended multiple(CVE-2020-27824)
- A heap-buffer overflow was found in the way openjpeg2
handled certain PNG format files. An attacker could use
this flaw to cause an application crash or in some
cases execute arbitrary code with the permission of the
user running such an application.(CVE-2020-27814)
- A flaw was found in OpenJPEG's encoder. This flaw
allows an attacker to pass specially crafted x,y offset
input to OpenJPEG to use during encoding. The highest
threat from this vulnerability is to confidentiality,
integrity, as well as system
availability.(CVE-2020-27823)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1156
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fbc68597");
script_set_attribute(attribute:"solution", value:
"Update the affected openjpeg2 packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-27823");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2021/02/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/02/01");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:openjpeg2");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
flag = 0;
pkgs = ["openjpeg2-2.3.0-9.h7.eulerosv2r8"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openjpeg2");
}