Lucene search
K

EulerOS 2.0 SP2 : strongimcv (EulerOS-SA-2021-1364)

🗓️ 22 Feb 2021 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 41 Views

The strongimcv package in EulerOS 2.0 SP2 is affected by multiple vulnerabilities including buffer overflow, RSA signature forgery, denial of service, and authentication bypass

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: Vulnerabilities in strongSwan affect IBM Chassis Management Module (CVE-2017-9022, CVE-2017-9023)
31 Jan 201902:25
ibm
IBM Security Bulletins
Security Bulletin: IBM Flex System Manager is affected by a vulnerability from FSM’s use of strongswan: (CVE-2015-4171)
18 Jun 201801:29
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in OpenSSL and strongswan affect IBM Flex System FC3171 8Gb SAN Switch & SAN Pass-thru
7 Dec 202322:45
ibm
IBM Security Bulletins
Security Bulletin: Vulnerability in strongswan affects QLogic 8Gb Intelligent Pass-thru Module and SAN Switch Module for IBM BladeCenter
16 Jun 201915:15
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in strongswan affect IBM Integrated Management Module II (IMM2) for System x, Flex and BladeCenter Systems
14 Apr 202314:32
ibm
IBM Security Bulletins
Security Bulletin: Strongswan vulnerability affects IBM SmartCloud Entry ( CVE-2015-4171)
19 Jul 202000:49
ibm
IBM Security Bulletins
Security Bulletin: Vulnerability in strongSwan affects IBM Chassis Management Module (CVE-2017-11185)
31 Jan 201902:40
ibm
IBM Security Bulletins
Security Bulletin: Vyatta 5600 vRouter Software Patches - Release 1801-s, 1801-t and 1801-u
5 Dec 201822:20
ibm
IBM Security Bulletins
Security Bulletin: Vyatta 5600 vRouter Software Patches - Releases 1801-w and 1801-y
1 May 201917:50
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities in strongswan affect Power Hardware Management Console (CVE-2015-4171)
23 Sep 202101:31
ibm
Rows per page
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(146695);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/02/24");

  script_cve_id(
    "CVE-2015-4171",
    "CVE-2015-8023",
    "CVE-2017-11185",
    "CVE-2017-9022",
    "CVE-2018-10811",
    "CVE-2018-16151",
    "CVE-2018-16152",
    "CVE-2018-17540"
  );
  script_bugtraq_id(
    74933
  );

  script_name(english:"EulerOS 2.0 SP2 : strongimcv (EulerOS-SA-2021-1364)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the strongimcv package installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - The gmp plugin in strongSwan before 5.7.1 has a Buffer
    Overflow via a crafted certificate.(CVE-2018-17540)

  - In verify_emsa_pkcs1_signature() in
    gmp_rsa_public_key.c in the gmp plugin in strongSwan
    4.x and 5.x before 5.7.0, the RSA implementation based
    on GMP does not reject excess data in the
    digestAlgorithm.parameters field during PKCS#1 v1.5
    signature verification. Consequently, a remote attacker
    can forge signatures when small public exponents are
    being used, which could lead to impersonation when only
    an RSA signature is used for IKEv2 authentication. This
    is a variant of CVE-2006-4790 and
    CVE-2014-1568.(CVE-2018-16152)

  - In verify_emsa_pkcs1_signature() in
    gmp_rsa_public_key.c in the gmp plugin in strongSwan
    4.x and 5.x before 5.7.0, the RSA implementation based
    on GMP does not reject excess data after the encoded
    algorithm OID during PKCS#1 v1.5 signature
    verification. Similar to the flaw in the same version
    of strongSwan regarding digestAlgorithm.parameters, a
    remote attacker can forge signatures when small public
    exponents are being used, which could lead to
    impersonation when only an RSA signature is used for
    IKEv2 authentication.(CVE-2018-16151)

  - strongSwan 5.6.0 and older allows Remote Denial of
    Service because of Missing Initialization of a
    Variable.(CVE-2018-10811)

  - The gmp plugin in strongSwan before 5.5.3 does not
    properly validate RSA public keys before calling
    mpz_powm_sec, which allows remote peers to cause a
    denial of service (floating point exception and process
    crash) via a crafted certificate.(CVE-2017-9022)

  - The gmp plugin in strongSwan before 5.6.0 allows remote
    attackers to cause a denial of service (NULL pointer
    dereference and daemon crash) via a crafted RSA
    signature.(CVE-2017-11185)

  - The server implementation of the EAP-MSCHAPv2 protocol
    in the eap-mschapv2 plugin in strongSwan 4.2.12 through
    5.x before 5.3.4 does not properly validate local
    state, which allows remote attackers to bypass
    authentication via an empty Success message in response
    to an initial Challenge message.(CVE-2015-8023)

  - strongSwan 4.3.0 through 5.x before 5.3.2 and
    strongSwan VPN Client before 1.4.6, when using EAP or
    pre-shared keys for authenticating an IKEv2 connection,
    does not enforce server authentication restrictions
    until the entire authentication process is complete,
    which allows remote servers to obtain credentials by
    using a valid certificate and then reading the
    responses.(CVE-2015-4171)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1364
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?da7cf8bb");
  script_set_attribute(attribute:"solution", value:
"Update the affected strongimcv packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-16152");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2021/02/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/02/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:strongimcv");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["strongimcv-5.2.0-3.h2"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "strongimcv");
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

24 Feb 2021 00:00Current
6.6Medium risk
Vulners AI Score6.6
CVSS 25
CVSS 37.5
CVSS 3.17.5
EPSS0.07124
SSVC
41