Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2021-1790.NASL
HistoryApr 30, 2021 - 12:00 a.m.

EulerOS 2.0 SP3 : glibc (EulerOS-SA-2021-1790)

2021-04-3000:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
32

8.4 High

AI Score

Confidence

High

JSON

According to the versions of the glibc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  • GNU Libc current is affected by: Re-mapping current loaded library with malicious ELF file. The impact is:
    In worst case attacker may evaluate privileges. The component is: libld. The attack vector is: Attacker sends 2 ELF files to victim and asks to run ldd on it.
    ldd execute code. NOTE: Upstream comments indicate ‘this is being treated as a non-security bug and no real threat.’(CVE-2019-1010023)

  • Stack-based buffer overflow in the getaddrinfo function in sysdeps/posix/getaddrinfo.c in the GNU C Library (aka glibc or libc6) allows remote attackers to cause a denial of service (crash) via vectors involving hostent conversion. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-4458.(CVE-2016-3706)

  • The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-byte input sequences in the EUC-KR encoding, may have a buffer over-read.(CVE-2019-25013)

  • The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid input sequences in the ISO-2022-JP-3 encoding, fails an assertion in the code path and aborts the program, potentially resulting in a denial of service.(CVE-2021-3326)

  • The iconv function in the GNU C Library (aka glibc or libc6) 2.32 and earlier, when processing invalid multi-byte input sequences in IBM1364, IBM1371, IBM1388, IBM1390, and IBM1399 encodings, fails to advance the input state, which could lead to an infinite loop in applications, resulting in a denial of service, a different vulnerability from CVE-2016-10228.(CVE-2020-27618)

  • The makecontext function in the GNU C Library (aka glibc or libc6) before 2.25 creates execution contexts incompatible with the unwinder on ARM EABI (32-bit) platforms, which might allow context-dependent attackers to cause a denial of service (hang), as demonstrated by applications compiled using gccgo, related to backtrace generation.(CVE-2016-6323)

  • Use-after-free vulnerability in the clntudp_call function in sunrpc/clnt_udp.c in the GNU C Library (aka glibc or libc6) before 2.26 allows remote attackers to have unspecified impact via vectors related to error path.(CVE-2017-12133)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(149140);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/03");

  script_cve_id(
    "CVE-2016-3706",
    "CVE-2016-6323",
    "CVE-2017-12133",
    "CVE-2019-1010023",
    "CVE-2019-25013",
    "CVE-2020-27618",
    "CVE-2021-3326"
  );

  script_name(english:"EulerOS 2.0 SP3 : glibc (EulerOS-SA-2021-1790)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the glibc packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - GNU Libc current is affected by: Re-mapping current
    loaded library with malicious ELF file. The impact is:
    In worst case attacker may evaluate privileges. The
    component is: libld. The attack vector is: Attacker
    sends 2 ELF files to victim and asks to run ldd on it.
    ldd execute code. NOTE: Upstream comments indicate
    'this is being treated as a non-security bug and no
    real threat.'(CVE-2019-1010023)

  - Stack-based buffer overflow in the getaddrinfo function
    in sysdeps/posix/getaddrinfo.c in the GNU C Library
    (aka glibc or libc6) allows remote attackers to cause a
    denial of service (crash) via vectors involving hostent
    conversion. NOTE: this vulnerability exists because of
    an incomplete fix for CVE-2013-4458.(CVE-2016-3706)

  - The iconv feature in the GNU C Library (aka glibc or
    libc6) through 2.32, when processing invalid multi-byte
    input sequences in the EUC-KR encoding, may have a
    buffer over-read.(CVE-2019-25013)

  - The iconv function in the GNU C Library (aka glibc or
    libc6) 2.32 and earlier, when processing invalid input
    sequences in the ISO-2022-JP-3 encoding, fails an
    assertion in the code path and aborts the program,
    potentially resulting in a denial of
    service.(CVE-2021-3326)

  - The iconv function in the GNU C Library (aka glibc or
    libc6) 2.32 and earlier, when processing invalid
    multi-byte input sequences in IBM1364, IBM1371,
    IBM1388, IBM1390, and IBM1399 encodings, fails to
    advance the input state, which could lead to an
    infinite loop in applications, resulting in a denial of
    service, a different vulnerability from
    CVE-2016-10228.(CVE-2020-27618)

  - The makecontext function in the GNU C Library (aka
    glibc or libc6) before 2.25 creates execution contexts
    incompatible with the unwinder on ARM EABI (32-bit)
    platforms, which might allow context-dependent
    attackers to cause a denial of service (hang), as
    demonstrated by applications compiled using gccgo,
    related to backtrace generation.(CVE-2016-6323)

  - Use-after-free vulnerability in the clntudp_call
    function in sunrpc/clnt_udp.c in the GNU C Library (aka
    glibc or libc6) before 2.26 allows remote attackers to
    have unspecified impact via vectors related to error
    path.(CVE-2017-12133)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1790
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2e4aca35");
  script_set_attribute(attribute:"solution", value:
"Update the affected glibc packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1010023");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2021/04/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/04/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-static");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:glibc-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:nscd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["glibc-2.17-196.h45",
        "glibc-common-2.17-196.h45",
        "glibc-devel-2.17-196.h45",
        "glibc-headers-2.17-196.h45",
        "glibc-static-2.17-196.h45",
        "glibc-utils-2.17-196.h45",
        "nscd-2.17-196.h45"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "glibc");
}
VendorProductVersionCPE
huaweieulerosglibcp-cpe:/a:huawei:euleros:glibc
huaweieulerosglibc-commonp-cpe:/a:huawei:euleros:glibc-common
huaweieulerosglibc-develp-cpe:/a:huawei:euleros:glibc-devel
huaweieulerosglibc-headersp-cpe:/a:huawei:euleros:glibc-headers
huaweieulerosglibc-staticp-cpe:/a:huawei:euleros:glibc-static
huaweieulerosglibc-utilsp-cpe:/a:huawei:euleros:glibc-utils
huaweieulerosnscdp-cpe:/a:huawei:euleros:nscd
huaweieuleros2.0cpe:/o:huawei:euleros:2.0

Related

openvas 43
nessus 61
oraclelinux 3
redhat 1
osv 9
rocky 1
almalinux 1
ubuntu 2
f5 6
ubuntucve 7
android 1
archlinux 2
prion 6
cve 6
debiancve 7
gentoo 1
suse 2
mageia 3
photon 6
redhatcve 5
debian 1
fedora 9
amazon 2
ibm 10
cloudfoundry 1
redos 1
cbl_mariner 1
veracode 1
openvas
openvas
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2021-1790)
2021-05-03 00:00:00
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2021-2136)
2021-07-07 00:00:00
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2021-1899)
2021-05-19 00:00:00
nessus
nessus
Rocky Linux 8 : glibc (RLSA-2021:1585)
2023-11-07 00:00:00
Oracle Linux 8 : glibc (ELSA-2021-9344)
2021-11-05 00:00:00
Oracle Linux 8 : glibc (ELSA-2021-9280)
2021-11-05 00:00:00
oraclelinux
oraclelinux
glibc security update
2021-06-04 00:00:00
glibc security, bug fix, and enhancement update
2021-05-25 00:00:00
glibc security update
2021-07-02 00:00:00
redhat
redhat
(RHSA-2021:1585) Moderate: glibc security, bug fix, and enhancement update
2021-05-18 05:35:07
osv
osv
Moderate: glibc security, bug fix, and enhancement update
2021-05-18 05:35:07
Moderate: glibc security, bug fix, and enhancement update
2021-05-18 05:35:07
glibc vulnerabilities
2022-12-08 13:17:39
rocky
rocky
glibc security, bug fix, and enhancement update
2021-05-18 05:35:07
almalinux
almalinux
Moderate: glibc security, bug fix, and enhancement update
2021-05-18 05:35:07
ubuntu
ubuntu
GNU C Library vulnerabilities
2022-12-08 00:00:00
GNU C Library vulnerabilities
2022-03-01 00:00:00
f5
f5
K06493172 : glibc vulnerability CVE-2016-3706
2016-08-05 00:00:00
SOL06493172 - glibc vulnerability CVE-2016-3706
2016-08-05 00:00:00
K08641512 : glibc vulnerability CVE-2020-27618
2021-07-13 00:00:00
ubuntucve
ubuntucve
CVE-2016-3706
2016-06-10 00:00:00
CVE-2020-27618
2021-02-26 00:00:00
CVE-2013-4458
2013-12-12 00:00:00
android
android
CVE-2016-3706
2017-12-01 00:00:00
archlinux
archlinux
[ASA-202102-17] glibc: denial of service
2021-02-07 00:00:00
[ASA-202102-16] lib32-glibc: denial of service
2021-02-07 00:00:00
prion
prion
Stack overflow
2016-06-10 15:59:00
Input validation
2021-02-26 23:15:00
Code injection
2019-07-15 04:15:00
cve
cve
CVE-2016-3706
2016-06-10 15:59:00
CVE-2020-27618
2021-02-26 23:15:00
CVE-2019-1010023
2019-07-15 04:15:00
debiancve
debiancve
CVE-2016-3706
2016-06-10 15:59:00
CVE-2020-27618
2021-02-26 23:15:00
CVE-2019-1010023
2019-07-15 04:15:00
gentoo
gentoo
glibc: Multiple vulnerabilities
2021-07-06 00:00:00
suse
suse
Security update for glibc (important)
2021-02-28 00:00:00
Security update for glibc (moderate)
2021-12-10 00:00:00
mageia
mageia
Updated glibc packages fixes security vulnerabilities
2021-03-21 13:43:43
Updated glibc packages fix security vulnerabilities
2016-05-24 01:00:58
Updated glibc packages fix a security vulnerability
2021-06-29 00:16:35
photon
photon
Important Photon OS Security Update - PHSA-2021-0005
2021-03-16 00:00:00
Important Photon OS Security Update - PHSA-2021-4.0-0005
2021-03-16 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0371
2021-03-16 00:00:00
redhatcve
redhatcve
CVE-2019-1010023
2019-11-19 10:38:11
CVE-2016-10228
2017-03-02 09:18:08
CVE-2016-6323
2016-10-10 11:47:22
debian
debian
[SECURITY] [DLA 494-1] eglibc security update
2016-05-30 04:24:49
fedora
fedora
[SECURITY] Fedora 32 Update: glibc-2.31-5.fc32
2021-01-20 01:28:29
[SECURITY] Fedora 25 Update: glibc-2.24-10.fc25
2017-09-04 21:51:08
[SECURITY] Fedora 24 Update: glibc-arm-linux-gnu-2.24-2.fc24
2016-10-19 14:21:17
amazon
amazon
Important: glibc
2021-02-19 01:17:00
Important: glibc
2021-02-17 18:03:00
ibm
ibm
Security Bulletin: IBM Integrated Management Module II (IMM2) is affected by vulnerability in GNU C Library (CVE-2017-12133)
2023-12-07 22:31:02
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by a vulnerabilty in GNU C Library (CVE-2017-12133)
2023-12-07 22:31:02
Security Bulletin: IBM BladeCenter Advanced Management Module (AMM) is affected by a vulnerability in GNU C Library (CVE-2017-12133)
2018-07-26 20:24:56
cloudfoundry
cloudfoundry
USN-5310-1: GNU C Library vulnerabilities | Cloud Foundry
2023-05-18 00:00:00
redos
redos
ROS-20231020-10
2023-10-20 00:00:00
cbl_mariner
cbl_mariner
CVE-2020-27618 affecting package glibc 2.28-24
2021-05-06 23:56:55
veracode
veracode
Denial Of Service (DoS)
2021-05-24 00:38:07

8.4 High

AI Score

Confidence

High

JSON
Related for EULEROS_SA-2021-1790.NASL
openvas43nessus61oraclelinux3redhat1osv9rocky1almalinux1ubuntu2f56ubuntucve7android1archlinux2prion6cve6debiancve7gentoo1suse2mageia3photon6redhatcve5debian1fedora9amazon2ibm10cloudfoundry1redos1cbl_mariner1veracode1