EulerOS Virtualization 2.9.1 kernel version 5.11.3 vulnerabilitie
Reporter | Title | Published | Views | Family All 199 |
---|---|---|---|---|
![]() | Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2021-1715) | 13 Apr 202100:00 | – | openvas |
![]() | Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2021-1950) | 7 Jun 202100:00 | – | openvas |
![]() | Ubuntu: Security Advisory (USN-4901-1) | 26 Aug 202200:00 | – | openvas |
![]() | Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2021-1929) | 7 Jun 202100:00 | – | openvas |
![]() | Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2021-1751) | 13 Apr 202100:00 | – | openvas |
![]() | SUSE: Security Advisory (SUSE-SU-2021:1145-1) | 19 Apr 202100:00 | – | openvas |
![]() | Ubuntu: Security Advisory (USN-4883-1) | 20 Mar 202100:00 | – | openvas |
![]() | CentOS: Security Advisory for bpftool (CESA-2021:1071) | 11 Apr 202100:00 | – | openvas |
![]() | Slackware: Security Advisory (SSA:2021-072-01) | 21 Apr 202200:00 | – | openvas |
![]() | Ubuntu: Security Advisory (USN-4889-1) | 26 Aug 202200:00 | – | openvas |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(148634);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/04");
script_cve_id(
"CVE-2020-16120",
"CVE-2020-28374",
"CVE-2020-36158",
"CVE-2021-3178",
"CVE-2021-3347",
"CVE-2021-3348",
"CVE-2021-20177",
"CVE-2021-27363",
"CVE-2021-27364",
"CVE-2021-27365"
);
script_name(english:"EulerOS Virtualization 2.9.1 : kernel (EulerOS-SA-2021-1715)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security
updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the
EulerOS Virtualization installation on the remote host is affected by
the following vulnerabilities :
- An issue was discovered in the Linux kernel through
5.11.3. A kernel pointer leak can be used to determine
the address of the iscsi_transport structure. When an
iSCSI transport is registered with the iSCSI subsystem,
the transport's handle is available to unprivileged
users via the sysfs file system, at
/sys/class/iscsi_transport/$TRANSPORT_NAME/handle. When
read, the show_transport_handle function (in
drivers/scsi/scsi_transport_iscsi.c) is called, which
leaks the handle. This handle is actually the pointer
to an iscsi_transport struct in the kernel module's
global variables.(CVE-2021-27363)
- An issue was discovered in the Linux kernel through
5.11.3. Certain iSCSI data structures do not have
appropriate length constraints or checks, and can
exceed the PAGE_SIZE value. An unprivileged user can
send a Netlink message that is associated with iSCSI,
and has a length up to the maximum length of a Netlink
message.(CVE-2021-27365)
- An issue was discovered in the Linux kernel through
5.11.3. drivers/scsi/scsi_transport_iscsi.c is
adversely affected by the ability of an unprivileged
user to craft Netlink messages.(CVE-2021-27364)
- Overlayfs did not properly perform permission checking
when copying up files in an overlayfs and could be
exploited from within a user namespace, if, for
example, unprivileged user namespaces were allowed. It
was possible to have a file not readable by an
unprivileged user to be copied to a mountpoint
controlled by the user, like a removable device. This
was introduced in kernel version 4.19 by commit d1d04ef
('ovl: stack file ops'). This was fixed in kernel
version 5.8 by commits 56230d9 ('ovl: verify
permissions in ovl_path_open()'), 48bd024 ('ovl: switch
to mounter creds in readdir') and 05acefb ('ovl: check
permission to open real file'). Additionally, commits
130fdbc ('ovl: pass correct flags for opening real
directory') and 292f902 ('ovl: call secutiry hook in
ovl_real_ioctl()') in kernel 5.8 might also be desired
or necessary. These additional commits introduced a
regression in overlay mounts within user namespaces
which prevented access to files with ownership outside
of the user namespace. This regression was mitigated by
subsequent commit b6650da ('ovl: do not fail because of
O_NOATIMEi') in kernel 5.11.(CVE-2020-16120)
- A flaw was found in the Linux kernel's implementation
of string matching within a packet. A privileged user
(with root or CAP_NET_ADMIN) when inserting iptables
rules could insert a rule which can panic the
system.(CVE-2021-20177)
- fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8,
when there is an NFS export of a subdirectory of a
filesystem, allows remote attackers to traverse to
other parts of the filesystem via READDIRPLUS. NOTE:
some parties argue that such a subdirectory export is
not intended to prevent this attack see also the
exports(5) no_subtree_check default
behavior.(CVE-2021-3178)
- nbd_add_socket in drivers/block/nbd.c in the Linux
kernel through 5.10.12 has an ndb_queue_rq
use-after-free that could be triggered by local
attackers (with access to the nbd device) via an I/O
request at a certain point during device setup, aka
CID-b98e762e3d71.(CVE-2021-3348)
- An issue was discovered in the Linux kernel through
5.10.11. PI futexes have a kernel stack use-after-free
during fault handling, allowing local users to execute
code in the kernel, aka
CID-34b1a1ce1458.(CVE-2021-3347)
- A flaw was found in the Linux kernel. The marvell wifi
driver could allow a local attacker to execute
arbitrary code via a long SSID value in
mwifiex_cmd_802_11_ad_hoc_start function. The highest
threat from this vulnerability is to data
confidentiality and integrity as well as system
availability.(CVE-2020-36158)
- A flaw was found in the Linux kernel's implementation
of the Linux SCSI target host, where an authenticated
attacker could write to any block on the exported SCSI
device backing store. This flaw allows an authenticated
attacker to send LIO block requests to the Linux system
to overwrite data on the backing store. The highest
threat from this vulnerability is to integrity. In
addition, this flaw affects the tcmu-runner package,
where the affected SCSI command is
called.(CVE-2020-28374)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1715
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?204dd1c5");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3347");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-28374");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2021/04/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/04/15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-perf");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.9.1");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.9.1") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.9.1");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["kernel-4.19.90-vhulk2103.1.0.h443.eulerosv2r9",
"kernel-tools-4.19.90-vhulk2103.1.0.h443.eulerosv2r9",
"kernel-tools-libs-4.19.90-vhulk2103.1.0.h443.eulerosv2r9",
"python3-perf-4.19.90-vhulk2103.1.0.h443.eulerosv2r9"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo