EulerOS 2.0 SP8 : openjpeg2 (EulerOS-SA-2021-1156)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(145744);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/25");

  script_cve_id(
    "CVE-2020-27814",
    "CVE-2020-27823",
    "CVE-2020-27824",
    "CVE-2020-27841",
    "CVE-2020-27845"
  );

  script_name(english:"EulerOS 2.0 SP8 : openjpeg2 (EulerOS-SA-2021-1156)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the openjpeg2 package installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - There's a flaw in openjpeg in versions prior to 2.4.0
    in src/lib/openjp2/pi.c. When an attacker is able to
    provide crafted input to be processed by the openjpeg
    encoder, this could cause an out-of-bounds read. The
    greatest impact from this flaw is to application
    availability.(CVE-2020-27841)

  - There's a flaw in src/lib/openjp2/pi.c of openjpeg in
    versions prior to 2.4.0. If an attacker is able to
    provide untrusted input to openjpeg's
    conversion/encoding functionality, they could cause an
    out-of-bounds read. The highest impact of this flaw is
    to application availability.(CVE-2020-27845)

  - The OpenJPEG library is an open-source JPEG 2000
    library developed in order topromote the use of JPEG
    2000.This package contains* JPEG 2000 codec compliant
    with the Part 1 of the standard (Class-1 Profile-1
    compliance).* JP2 (JPEG 2000 standard Part 2 - Handling
    of JP2 boxes and extended multiple(CVE-2020-27824)

  - A heap-buffer overflow was found in the way openjpeg2
    handled certain PNG format files. An attacker could use
    this flaw to cause an application crash or in some
    cases execute arbitrary code with the permission of the
    user running such an application.(CVE-2020-27814)

  - A flaw was found in OpenJPEG's encoder. This flaw
    allows an attacker to pass specially crafted x,y offset
    input to OpenJPEG to use during encoding. The highest
    threat from this vulnerability is to confidentiality,
    integrity, as well as system
    availability.(CVE-2020-27823)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1156
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?fbc68597");
  script_set_attribute(attribute:"solution", value:
"Update the affected openjpeg2 packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-27823");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2021/02/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/02/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:openjpeg2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

flag = 0;

pkgs = ["openjpeg2-2.3.0-9.h7.eulerosv2r8"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openjpeg2");
}