EulerOS 2.0 SP5 : sox (EulerOS-SA-2021-1231)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(146134);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/24");

  script_cve_id(
    "CVE-2017-11332",
    "CVE-2017-11358",
    "CVE-2017-11359",
    "CVE-2017-15370",
    "CVE-2017-15371",
    "CVE-2017-15372",
    "CVE-2017-15642"
  );

  script_name(english:"EulerOS 2.0 SP5 : sox (EulerOS-SA-2021-1231)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the sox package installed, the EulerOS
installation on the remote host is affected by the following
vulnerabilities :

  - SoX (Sound eXchange) is a sound file format converter
    SoX can convert between many different digitized sound
    formats and perform simple sound manipulation
    functions, including sound effects.Security Fix(es):The
    startread function in wav.c in Sound eXchange (SoX)
    14.4.2 allows remote attackers to cause a denial of
    service (divide-by-zero error and application crash)
    via a crafted wav file.(CVE-2017-11332)The read_samples
    function in hcom.c in Sound eXchange (SoX) 14.4.2
    allows remote attackers to cause a denial of service
    (invalid memory read and application crash) via a
    crafted hcom file.(CVE-2017-11358)The wavwritehdr
    function in wav.c in Sound eXchange (SoX) 14.4.2 allows
    remote attackers to cause a denial of service
    (divide-by-zero error and application crash) via a
    crafted snd file, during conversion to a wav
    file.(CVE-2017-11359)There is a heap-based buffer
    overflow in the ImaExpandS function of ima_rw.c in
    Sound eXchange (SoX) 14.4.2. A Crafted input will lead
    to a denial of service attack during conversion of an
    audio file.(CVE-2017-15370)There is a reachable
    assertion abort in the function sox_append_comment() in
    formats.c in Sound eXchange (SoX) 14.4.2. A Crafted
    input will lead to a denial of service attack during
    conversion of an audio file.(CVE-2017-15371)There is a
    stack-based buffer overflow in the
    lsx_ms_adpcm_block_expand_i function of adpcm.c in
    Sound eXchange (SoX) 14.4.2. A Crafted input will lead
    to a denial of service attack during conversion of an
    audio file.(CVE-2017-15372)In lsx_aiffstartread in
    aiff.c in Sound eXchange (SoX) 14.4.2, there is a
    Use-After-Free vulnerability triggered by supplying a
    malformed AIFF file.(CVE-2017-15642)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1231
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e8d1f855");
  script_set_attribute(attribute:"solution", value:
"Update the affected sox packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-15642");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2021/02/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/02/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sox");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["sox-14.4.1-6.h4.eulerosv2r7"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sox");
}