Lucene search
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2021-1795.NASLHistoryApr 30, 2021 - 12:00 a.m.
EulerOS 2.0 SP3 : gssproxy (EulerOS-SA-2021-1795)
2021-04-3000:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
82.1%
According to the version of the gssproxy package installed, the EulerOS installation on the remote host is affected by the following vulnerability :
- gssproxy (aka gss-proxy) before 0.8.3 does not unlock cond_mutex before pthread exit in gp_worker_main() in gp_workers.c. NOTE: An upstream comment states ‘We are already on a shutdown path when running the code in question, so a DoS there doesn’t make any sense, and there has been no additional information provided us (as upstream) to indicate why this would be a problem.’(CVE-2020-12658)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(149115);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/03");
script_cve_id("CVE-2020-12658");
script_name(english:"EulerOS 2.0 SP3 : gssproxy (EulerOS-SA-2021-1795)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the gssproxy package installed, the
EulerOS installation on the remote host is affected by the following
vulnerability :
- gssproxy (aka gss-proxy) before 0.8.3 does not unlock
cond_mutex before pthread exit in gp_worker_main() in
gp_workers.c. NOTE: An upstream comment states 'We are
already on a shutdown path when running the code in
question, so a DoS there doesn't make any sense, and
there has been no additional information provided us
(as upstream) to indicate why this would be a
problem.'(CVE-2020-12658)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1795
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?64afdbf4");
script_set_attribute(attribute:"solution", value:
"Update the affected gssproxy package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-12658");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"patch_publication_date", value:"2021/04/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/04/30");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gssproxy");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["gssproxy-0.4.1-7.h4"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gssproxy");
}
Related
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2021:1029-1)
2021-06-09 00:00:00
Debian: Security Advisory (DLA-2516-1)
2021-01-05 00:00:00
Huawei EulerOS: Security Advisory for gssproxy (EulerOS-SA-2021-1413)
2021-03-05 00:00:00
nessus
nessus
EulerOS Virtualization 3.0.2.6 : gssproxy (EulerOS-SA-2021-1413)
2021-03-10 00:00:00
SUSE SLES12 Security Update : gssproxy (SUSE-SU-2021:1030-1)
2021-04-07 00:00:00
EulerOS 2.0 SP5 : gssproxy (EulerOS-SA-2021-1679)
2021-03-24 00:00:00
mageia
mageia
Updated gssproxy package fixes a security vulnerability
2021-02-11 23:36:56
prion
prion
Code injection
2020-12-31 01:15:00
cvelist
cvelist
CVE-2020-12658
2020-12-31 00:17:50
debian
debian
[SECURITY] [DLA 2516-1] gssproxy security update
2021-01-04 17:18:44
suse
suse
Security update for gssproxy (moderate)
2021-04-10 00:00:00
debiancve
debiancve
CVE-2020-12658
2020-12-31 01:15:12
ubuntucve
ubuntucve
CVE-2020-12658
2020-12-31 00:00:00
osv
osv
gssproxy - security update
2021-01-04 00:00:00
redhatcve
redhatcve
CVE-2020-12658
2021-01-20 11:20:39
nvd
nvd
CVE-2020-12658
2020-12-31 01:15:12
cve
cve
CVE-2020-12658
2020-12-31 01:15:12
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.008 Low
EPSS
Percentile
82.1%
Related for EULEROS_SA-2021-1795.NASL