Lucene search
This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2021-2122.NASLHistoryJul 02, 2021 - 12:00 a.m.
EulerOS Virtualization for ARM 64 3.0.2.0 : binutils (EulerOS-SA-2021-2122)
2021-07-0200:00:00
This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
According to the version of the binutils package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :
- There’s a flaw in the BFD library of binutils. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.(CVE-2021-3487)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(151306);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/07/06");
script_cve_id(
"CVE-2021-3487"
);
script_name(english:"EulerOS Virtualization for ARM 64 3.0.2.0 : binutils (EulerOS-SA-2021-2122)");
script_summary(english:"Checks the rpm output for the updated package.");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization for ARM 64 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the binutils package installed, the
EulerOS Virtualization for ARM 64 installation on the remote host is
affected by the following vulnerability :
- There's a flaw in the BFD library of binutils. An
attacker who supplies a crafted file to an application
linked with BFD, and using the DWARF functionality,
could cause an impact to system availability by way of
excessive memory consumption.(CVE-2021-3487)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2122
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5a0b579d");
script_set_attribute(attribute:"solution", value:
"Update the affected binutils package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"patch_publication_date", value:"2021/07/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/07/02");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:binutils");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.2.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
flag = 0;
pkgs = ["binutils-2.27-28.base.1.h50"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "binutils");
}
Related
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2021-2.0-0341
2021-05-04 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2021-1.0-0386
2021-05-04 00:00:00
Moderate Photon OS Security Update - PHSA-2021-0230
2021-05-04 00:00:00
ubuntucve
ubuntucve
CVE-2021-3487
2021-04-15 00:00:00
nessus
nessus
Photon OS 3.0: Binutils PHSA-2021-3.0-0230
2021-05-05 00:00:00
EulerOS 2.0 SP5 : binutils (EulerOS-SA-2021-2212)
2021-07-16 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: mingw-binutils-2.32-10.fc32
2021-04-20 15:01:47
[SECURITY] Fedora 34 Update: mingw-binutils-2.34-8.fc34
2021-04-24 20:24:37
[SECURITY] Fedora 33 Update: mingw-binutils-2.34-8.fc33
2021-04-21 21:41:45
redhatcve
redhatcve
CVE-2021-3487
2021-04-08 20:52:11
veracode
veracode
Denial Of Service (DoS)
2021-04-25 00:13:27
prion
prion
Design/Logic Flaw
2021-04-15 14:15:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-3487
2021-09-23 12:14:20
Fix of CVE: CVE-2021-3487
2021-10-05 14:07:07
openvas
openvas
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2021-2122)
2021-07-07 00:00:00
Fedora: Security Advisory for mingw-binutils (FEDORA-2021-d23d016509)
2021-04-23 00:00:00
Fedora: Security Advisory for mingw-binutils (FEDORA-2021-9bd201dd4d)
2021-04-23 00:00:00
debiancve
debiancve
CVE-2021-3487
2021-04-15 14:15:17
osv
osv
CVE-2021-3487
2021-04-15 14:15:17
binutils vulnerabilities
2021-10-25 16:14:23
binutils vulnerabilities
2022-03-22 12:12:25
cve
cve
CVE-2021-3487
2021-04-15 14:15:00
freebsd
freebsd
alpinelinux
alpinelinux
CVE-2021-3487
2021-04-15 14:15:00
cbl_mariner
cbl_mariner
CVE-2021-3487 affecting package binutils 2.32-5
2021-06-09 03:50:42
ubuntu
ubuntu
GNU binutils vulnerabilities
2021-10-25 00:00:00
GNU binutils vulnerabilities
2022-03-22 00:00:00
mageia
mageia
Updated binutils packages fix security vulnerabilities
2021-07-12 23:26:21
cloudfoundry
cloudfoundry
USN-5124-1: GNU binutils vulnerabilities | Cloud Foundry
2021-10-28 00:00:00
USN-5341-1: GNU binutils vulnerabilities | Cloud Foundry
2022-04-21 00:00:00
amazon
amazon
Medium: gcc10-binutils
2021-09-08 23:35:00
Medium: gcc10-binutils
2021-09-08 23:35:00
rocky
rocky
binutils security update
2021-11-09 09:11:20
ibm
ibm
oraclelinux
oraclelinux
binutils security update
2021-11-16 00:00:00
redhat
redhat
(RHSA-2021:4364) Moderate: binutils security update
2021-11-09 09:11:20
(RHSA-2021:5137) Moderate: Openshift Logging Security Release (5.0.10)
2021-12-14 21:31:08
almalinux
almalinux
Moderate: binutils security update
2021-11-09 09:11:20
gentoo
gentoo
GNU Binutils: Multiple Vulnerabilities
2022-08-14 00:00:00
suse
suse
Security update for binutils (moderate)
2021-11-04 00:00:00
Security update for binutils (moderate)
2021-11-15 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1808
2021-07-02 16:33:56
Related for EULEROS_SA-2021-2122.NASL