Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2021-1206.NASL
HistoryFeb 04, 2021 - 12:00 a.m.

EulerOS 2.0 SP5 : libtar (EulerOS-SA-2021-1206)

2021-02-0400:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8

7.3 High

AI Score

Confidence

Low

JSON

According to the version of the libtar package installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  • Multiple directory traversal vulnerabilities in the (1) tar_extract_glob and (2) tar_extract_all functions in libtar 1.2.20 and earlier allow remote attackers to overwrite arbitrary files via a … (dot dot) in a crafted tar file.(CVE-2013-4420)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(146112);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/24");

  script_cve_id("CVE-2013-4420");
  script_bugtraq_id(62955);

  script_name(english:"EulerOS 2.0 SP5 : libtar (EulerOS-SA-2021-1206)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the version of the libtar package installed, the EulerOS
installation on the remote host is affected by the following
vulnerability :

  - Multiple directory traversal vulnerabilities in the (1)
    tar_extract_glob and (2) tar_extract_all functions in
    libtar 1.2.20 and earlier allow remote attackers to
    overwrite arbitrary files via a .. (dot dot) in a
    crafted tar file.(CVE-2013-4420)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1206
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a8dc01fb");
  script_set_attribute(attribute:"solution", value:
"Update the affected libtar package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2013-4420");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"patch_publication_date", value:"2021/02/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/02/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libtar");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["libtar-1.2.11-29.h1.eulerosv2r7"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libtar");
}
VendorProductVersionCPE
huaweieuleroslibtarp-cpe:/a:huawei:euleros:libtar
huaweieuleros2.0cpe:/o:huawei:euleros:2.0

Related

nessus 11
alpinelinux 1
openvas 10
securityvulns 2
prion 1
debiancve 1
debian 1
cbl_mariner 3
mageia 1
ubuntucve 1
cve 1
rosalinux 1
photon 3
nessus
nessus
Photon OS 1.0: Libtar PHSA-2017-0040
2019-02-07 00:00:00
Debian DSA-2863-1 : libtar - directory traversal
2014-02-19 00:00:00
EulerOS Virtualization for ARM 64 3.0.2.0 : libtar (EulerOS-SA-2021-2106)
2021-07-02 00:00:00
alpinelinux
alpinelinux
CVE-2013-4420
2014-02-20 16:55:00
openvas
openvas
Huawei EulerOS: Security Advisory for libtar (EulerOS-SA-2021-2302)
2021-08-09 00:00:00
Huawei EulerOS: Security Advisory for libtar (EulerOS-SA-2019-2619)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for libtar (EulerOS-SA-2021-2106)
2021-07-07 00:00:00
securityvulns
securityvulns
libtar directory traversal
2014-03-03 00:00:00
[ MDVSA-2014:045 ] libtar
2014-03-03 00:00:00
prion
prion
Directory traversal
2014-02-20 16:55:00
debiancve
debiancve
CVE-2013-4420
2014-02-20 16:55:00
debian
debian
[SECURITY] [DSA 2863-1] libtar security update
2014-02-18 22:13:08
cbl_mariner
cbl_mariner
CVE-2013-4420 affecting package libtar 1.2.20-11
2022-04-09 06:51:47
CVE-2013-4420 affecting package libtar 1.2.20-11
2024-03-19 17:21:46
CVE-2013-4420 affecting package libtar 1.2.20-11
2020-09-09 06:09:11
mageia
mageia
Updated libtar package fixes security vulnerability
2014-02-21 22:18:54
ubuntucve
ubuntucve
CVE-2013-4420
2014-02-20 00:00:00
cve
cve
CVE-2013-4420
2014-02-20 16:55:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1894
2021-07-02 17:17:20
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2018-2.0-0029
2018-03-23 00:00:00
Moderate Photon OS Security Update - PHSA-2018-0029
2018-03-26 00:00:00
Critical Photon OS Security Update - PHSA-2017-0080
2017-10-24 00:00:00

7.3 High

AI Score

Confidence

Low

JSON
Related for EULEROS_SA-2021-1206.NASL
nessus11alpinelinux1openvas10securityvulns2prion1debiancve1debian1cbl_mariner3mageia1ubuntucve1cve1rosalinux1photon3