Lucene search
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2021-1413.NASLHistoryMar 10, 2021 - 12:00 a.m.
EulerOS Virtualization 3.0.2.6 : gssproxy (EulerOS-SA-2021-1413)
2021-03-1000:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
82.1%
According to the version of the gssproxy package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :
- DISPUTED gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states ‘We are already on a shutdown path when running the code in question, so a DoS there doesn’t make any sense, and there has been no additional information provided us (as upstream) to indicate why this would be a problem.’(CVE-2020-12658)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(147533);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/10");
script_cve_id("CVE-2020-12658");
script_name(english:"EulerOS Virtualization 3.0.2.6 : gssproxy (EulerOS-SA-2021-1413)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the gssproxy package installed, the
EulerOS Virtualization installation on the remote host is affected by
the following vulnerability :
- ** DISPUTED ** gssproxy (aka gss-proxy) before 0.8.3
does not unlock cond_mutex before pthread exit in
gp_worker_main() in gp_workers.c. NOTE: An upstream
comment states 'We are already on a shutdown path when
running the code in question, so a DoS there doesn't
make any sense, and there has been no additional
information provided us (as upstream) to indicate why
this would be a problem.'(CVE-2020-12658)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1413
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?669a28ad");
script_set_attribute(attribute:"solution", value:
"Update the affected gssproxy package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-12658");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"patch_publication_date", value:"2021/03/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/03/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gssproxy");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.6");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.2.6") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.6");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["gssproxy-0.7.0-17.h2.eulerosv2r7"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gssproxy");
}
Related
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2021:1029-1)
2021-06-09 00:00:00
Debian: Security Advisory (DLA-2516-1)
2021-01-05 00:00:00
Huawei EulerOS: Security Advisory for gssproxy (EulerOS-SA-2021-1413)
2021-03-05 00:00:00
nessus
nessus
EulerOS 2.0 SP3 : gssproxy (EulerOS-SA-2021-1795)
2021-04-30 00:00:00
SUSE SLES12 Security Update : gssproxy (SUSE-SU-2021:1030-1)
2021-04-07 00:00:00
EulerOS 2.0 SP5 : gssproxy (EulerOS-SA-2021-1679)
2021-03-24 00:00:00
debian
debian
[SECURITY] [DLA 2516-1] gssproxy security update
2021-01-04 17:18:44
mageia
mageia
Updated gssproxy package fixes a security vulnerability
2021-02-11 23:36:56
prion
prion
Code injection
2020-12-31 01:15:00
cvelist
cvelist
CVE-2020-12658
2020-12-31 00:17:50
suse
suse
Security update for gssproxy (moderate)
2021-04-10 00:00:00
debiancve
debiancve
CVE-2020-12658
2020-12-31 01:15:12
ubuntucve
ubuntucve
CVE-2020-12658
2020-12-31 00:00:00
osv
osv
gssproxy - security update
2021-01-04 00:00:00
redhatcve
redhatcve
CVE-2020-12658
2021-01-20 11:20:39
nvd
nvd
CVE-2020-12658
2020-12-31 01:15:12
cve
cve
CVE-2020-12658
2020-12-31 01:15:12
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
82.1%
Related for EULEROS_SA-2021-1413.NASL