Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2021-2144.NASL
HistoryJul 21, 2021 - 12:00 a.m.

EulerOS Virtualization 3.0.2.2 : libjpeg-turbo (EulerOS-SA-2021-2144)

2021-07-2100:00:00
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8

6.9 Medium

AI Score

Confidence

High

JSON

According to the version of the libjpeg-turbo package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :

  • The libjpeg-turbo package contains a library of functions for manipulatingJPEG images.Security Fix(es):libjpeg-turbo 1.5.2 has a NULL Pointer Dereference in jdpostct.c and jquant1.c via a crafted JPEG file.(CVE-2017-15232)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(151894);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/07");

  script_cve_id("CVE-2017-15232");

  script_name(english:"EulerOS Virtualization 3.0.2.2 : libjpeg-turbo (EulerOS-SA-2021-2144)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the version of the libjpeg-turbo package installed, the
EulerOS Virtualization installation on the remote host is affected by
the following vulnerability :

  - The libjpeg-turbo package contains a library of
    functions for manipulatingJPEG images.Security
    Fix(es):libjpeg-turbo 1.5.2 has a NULL Pointer
    Dereference in jdpostct.c and jquant1.c via a crafted
    JPEG file.(CVE-2017-15232)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2144
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5330cd85");
  script_set_attribute(attribute:"solution", value:
"Update the affected libjpeg-turbo package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-15232");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2021/07/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/07/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libjpeg-turbo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.2.2") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.2");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["libjpeg-turbo-1.2.90-6.h9.eulerosv2r7"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libjpeg-turbo");
}
VendorProductVersionCPE
huaweieuleroslibjpeg-turbop-cpe:/a:huawei:euleros:libjpeg-turbo
huaweieulerosuvpcpe:/o:huawei:euleros:uvp:3.0.2.2

Related

nessus 13
redhatcve 1
openvas 11
debiancve 1
ubuntucve 1
osv 1
alpinelinux 1
mageia 1
prion 1
cve 1
photon 1
ibm 5
cloudfoundry 1
ubuntu 1
nessus
nessus
openSUSE Security Update : libjpeg-turbo (openSUSE-2017-1218)
2017-10-30 00:00:00
Photon OS 2.0: Libjpeg PHSA-2017-2.0-0007
2019-02-07 00:00:00
EulerOS Virtualization for ARM 64 3.0.2.0 : libjpeg-turbo (EulerOS-SA-2021-2093)
2021-07-02 00:00:00
redhatcve
redhatcve
CVE-2017-15232
2019-10-12 01:22:12
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2018:0373-1)
2021-04-19 00:00:00
Huawei EulerOS: Security Advisory for libjpeg-turbo (EulerOS-SA-2021-2093)
2021-07-07 00:00:00
Huawei EulerOS: Security Advisory for libjpeg-turbo (EulerOS-SA-2021-2144)
2021-07-07 00:00:00
debiancve
debiancve
CVE-2017-15232
2017-10-11 03:29:00
ubuntucve
ubuntucve
CVE-2017-15232
2017-10-10 00:00:00
osv
osv
CVE-2017-15232
2017-10-11 03:29:00
alpinelinux
alpinelinux
CVE-2017-15232
2017-10-11 03:29:00
mageia
mageia
Updated libjpeg packages fix a security vulnerability
2017-11-10 22:33:09
prion
prion
Null pointer dereference
2017-10-11 03:29:00
cve
cve
CVE-2017-15232
2017-10-11 03:29:00
photon
photon
Critical Photon OS Security Update - PHSA-2017-0007
2017-12-18 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in libjpeg affect IBM BladeCenter Advanced Management Module (AMM)
2018-10-03 16:25:01
Security Bulletin: IBM Dynamic System Analysis (DSA) Preboot is affected by vulnerabilities in libjpeg
2023-12-07 22:45:03
Security Bulletin: IBM Flex System Chassis Management Module (CMM) is affected by vulnerabilities in libjpeg
2023-12-07 22:45:02
cloudfoundry
cloudfoundry
USN-3706-1: libjpeg-turbo vulnerabilities | Cloud Foundry
2018-07-19 00:00:00
ubuntu
ubuntu
libjpeg-turbo vulnerabilities
2018-07-09 00:00:00

6.9 Medium

AI Score

Confidence

High

JSON
Related for EULEROS_SA-2021-2144.NASL
nessus13redhatcve1openvas11debiancve1ubuntucve1osv1alpinelinux1mageia1prion1cve1photon1ibm5cloudfoundry1ubuntu1