According to the versions of the sox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(146134);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/24");
script_cve_id(
"CVE-2017-11332",
"CVE-2017-11358",
"CVE-2017-11359",
"CVE-2017-15370",
"CVE-2017-15371",
"CVE-2017-15372",
"CVE-2017-15642"
);
script_name(english:"EulerOS 2.0 SP5 : sox (EulerOS-SA-2021-1231)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the sox package installed, the EulerOS
installation on the remote host is affected by the following
vulnerabilities :
- SoX (Sound eXchange) is a sound file format converter
SoX can convert between many different digitized sound
formats and perform simple sound manipulation
functions, including sound effects.Security Fix(es):The
startread function in wav.c in Sound eXchange (SoX)
14.4.2 allows remote attackers to cause a denial of
service (divide-by-zero error and application crash)
via a crafted wav file.(CVE-2017-11332)The read_samples
function in hcom.c in Sound eXchange (SoX) 14.4.2
allows remote attackers to cause a denial of service
(invalid memory read and application crash) via a
crafted hcom file.(CVE-2017-11358)The wavwritehdr
function in wav.c in Sound eXchange (SoX) 14.4.2 allows
remote attackers to cause a denial of service
(divide-by-zero error and application crash) via a
crafted snd file, during conversion to a wav
file.(CVE-2017-11359)There is a heap-based buffer
overflow in the ImaExpandS function of ima_rw.c in
Sound eXchange (SoX) 14.4.2. A Crafted input will lead
to a denial of service attack during conversion of an
audio file.(CVE-2017-15370)There is a reachable
assertion abort in the function sox_append_comment() in
formats.c in Sound eXchange (SoX) 14.4.2. A Crafted
input will lead to a denial of service attack during
conversion of an audio file.(CVE-2017-15371)There is a
stack-based buffer overflow in the
lsx_ms_adpcm_block_expand_i function of adpcm.c in
Sound eXchange (SoX) 14.4.2. A Crafted input will lead
to a denial of service attack during conversion of an
audio file.(CVE-2017-15372)In lsx_aiffstartread in
aiff.c in Sound eXchange (SoX) 14.4.2, there is a
Use-After-Free vulnerability triggered by supplying a
malformed AIFF file.(CVE-2017-15642)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1231
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e8d1f855");
script_set_attribute(attribute:"solution", value:
"Update the affected sox packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-15642");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2021/02/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/02/04");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sox");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["sox-14.4.1-6.h4.eulerosv2r7"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sox");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11332
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11358
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11359
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15370
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15371
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15372
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15642
www.nessus.org/u?e8d1f855