EulerOS Virtualization for ARM 64 3.0.6.0 : git (EulerOS-SA-2021-1998)

2021-06-3000:00:00

www.tenable.com

7.6 High

AI Score

Confidence

High

JSON

According to the version of the git packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :

Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS,may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS,HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default,and is therefore vulnerable. The problem has been patched in the versions published on Tuesday,March 9th,2021. As a workaound,if symbolic link support is disabled in Git (e.g. via git config --global core.symlinks false),the described attack won’t work. Likewise,if no clean/smudge filters such as Git LFS are configured globally (i.e. before cloning),the attack is foiled. As always,it is best to avoid cloning repositories from untrusted sources.(CVE-2021-21300)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(151172);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/12");

  script_cve_id("CVE-2021-21300");

  script_name(english:"EulerOS Virtualization for ARM 64 3.0.6.0 : git (EulerOS-SA-2021-1998)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization for ARM 64 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the version of the git packages installed, the EulerOS
Virtualization for ARM 64 installation on the remote host is affected
by the following vulnerability :

  - Git is an open-source distributed revision control
    system. In affected versions of Git a specially crafted
    repository that contains symbolic links as well as
    files using a clean/smudge filter such as Git LFS,may
    cause just-checked out script to be executed while
    cloning onto a case-insensitive file system such as
    NTFS,HFS+ or APFS (i.e. the default file systems on
    Windows and macOS). Note that clean/smudge filters have
    to be configured for that. Git for Windows configures
    Git LFS by default,and is therefore vulnerable. The
    problem has been patched in the versions published on
    Tuesday,March 9th,2021. As a workaound,if symbolic link
    support is disabled in Git (e.g. via `git config
    --global core.symlinks false`),the described attack
    won't work. Likewise,if no clean/smudge filters such as
    Git LFS are configured globally (i.e. _before_
    cloning),the attack is foiled. As always,it is best to
    avoid cloning repositories from untrusted
    sources.(CVE-2021-21300)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1998
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cea65f42");
  script_set_attribute(attribute:"solution", value:
"Update the affected git package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-21300");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Git LFS Clone Command Exec');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2021/06/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/06/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:git");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:git-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:git-core-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perl-Git");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.6.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.6.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.6.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

flag = 0;

pkgs = ["git-2.19.1-1.h9.eulerosv2r8",
        "git-core-2.19.1-1.h9.eulerosv2r8",
        "git-core-doc-2.19.1-1.h9.eulerosv2r8",
        "perl-Git-2.19.1-1.h9.eulerosv2r8"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git");
}

VendorProductVersionCPE
huaweieulerosgitp-cpe:/a:huawei:euleros:git
huaweieulerosgit-corep-cpe:/a:huawei:euleros:git-core
huaweieulerosgit-core-docp-cpe:/a:huawei:euleros:git-core-doc
huaweieulerosperl-gitp-cpe:/a:huawei:euleros:perl-git
huaweieulerosuvpcpe:/o:huawei:euleros:uvp:3.0.6.0

Vendor	Product	Version	CPE
huawei	euleros	git	p-cpe:/a:huawei:euleros:git
huawei	euleros	git-core	p-cpe:/a:huawei:euleros:git-core
huawei	euleros	git-core-doc	p-cpe:/a:huawei:euleros:git-core-doc
huawei	euleros	perl-git	p-cpe:/a:huawei:euleros:perl-git
huawei	euleros	uvp	cpe:/o:huawei:euleros:uvp:3.0.6.0