Lucene search
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2021-2204.NASLHistoryJul 13, 2021 - 12:00 a.m.
EulerOS Virtualization 2.9.0 : gnutls (EulerOS-SA-2021-2204)
2021-07-1300:00:00
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.011 Low
EPSS
Percentile
84.5%
According to the versions of the gnutls packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :
-
A flaw was found in gnutls. A use after free issue in client_send_params in lib/ext/pre_shared_key.c may lead to memory corruption and other potential consequences.(CVE-2021-20232)
-
A flaw was found in gnutls. A use after free issue in client sending key_share extension may lead to memory corruption and other consequences.(CVE-2021-20231)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(151553);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/08");
script_cve_id("CVE-2021-20231", "CVE-2021-20232");
script_name(english:"EulerOS Virtualization 2.9.0 : gnutls (EulerOS-SA-2021-2204)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security
updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the gnutls packages installed, the
EulerOS Virtualization installation on the remote host is affected by
the following vulnerabilities :
- A flaw was found in gnutls. A use after free issue in
client_send_params in lib/ext/pre_shared_key.c may lead
to memory corruption and other potential
consequences.(CVE-2021-20232)
- A flaw was found in gnutls. A use after free issue in
client sending key_share extension may lead to memory
corruption and other consequences.(CVE-2021-20231)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2204
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d9f8591e");
script_set_attribute(attribute:"solution", value:
"Update the affected gnutls packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-20232");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2021/07/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/07/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gnutls");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gnutls-utils");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.9.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.9.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.9.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["gnutls-3.6.9-6.h9.eulerosv2r9",
"gnutls-utils-3.6.9-6.h9.eulerosv2r9"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnutls");
}
Related
nessus
nessus
EulerOS Virtualization 2.9.1 : gnutls (EulerOS-SA-2021-2184)
2021-07-13 00:00:00
EulerOS Virtualization 3.0.6.0 : gnutls (EulerOS-SA-2022-1067)
2022-02-12 00:00:00
openSUSE Security Update : gnutls (openSUSE-2021-470)
2021-03-26 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2021-2204)
2021-07-13 00:00:00
Huawei EulerOS: Security Advisory for gnutls (EulerOS-SA-2022-1067)
2022-02-13 00:00:00
SUSE: Security Advisory (SUSE-SU-2021:0934-1)
2021-04-19 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: gnutls-3.7.1-2.fc34
2021-03-24 01:48:45
suse
suse
Security update for gnutls (important)
2021-03-25 00:00:00
osv
osv
gnutls28 vulnerabilities
2021-08-02 17:25:02
Moderate: gnutls and nettle security, bug fix, and enhancement update
2021-11-09 09:23:20
Moderate: gnutls and nettle security, bug fix, and enhancement update
2021-11-09 09:23:20
altlinux
altlinux
Security fix for the ALT Linux 10 package gnutls30 version 3.6.15-alt2
2021-03-22 00:00:00
Security fix for the ALT Linux 9 package gnutls30 version 3.6.15-alt2
2021-03-24 00:00:00
ubuntu
ubuntu
GnuTLS vulnerabilities
2021-08-02 00:00:00
archlinux
archlinux
[ASA-202103-1] gnutls: arbitrary code execution
2021-03-13 00:00:00
mageia
mageia
Updated gnutls packages fix security vulnerabilities
2021-06-29 00:16:35
oraclelinux
oraclelinux
gnutls and nettle security, bug fix, and enhancement update
2021-11-16 00:00:00
gnutls security update
2022-03-17 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2021-0241
2021-05-21 00:00:00
Critical Photon OS Security Update - PHSA-2021-3.0-0241
2021-05-21 00:00:00
Critical Photon OS Security Update - PHSA-2021-0035
2021-06-02 00:00:00
rocky
rocky
gnutls and nettle security, bug fix, and enhancement update
2021-11-09 09:23:20
redhat
redhat
almalinux
almalinux
Moderate: gnutls and nettle security, bug fix, and enhancement update
2021-11-09 09:23:20
nvd
nvd
CVE-2021-20232
2021-03-12 19:15:13
CVE-2021-20231
2021-03-12 19:15:13
alpinelinux
alpinelinux
CVE-2021-20232
2021-03-12 19:15:13
CVE-2021-20231
2021-03-12 19:15:13
cvelist
cvelist
CVE-2021-20231
2021-03-12 18:23:59
CVE-2021-20232
2021-03-12 18:25:29
debiancve
debiancve
CVE-2021-20232
2021-03-12 19:15:13
CVE-2021-20231
2021-03-12 19:15:13
cbl_mariner
cbl_mariner
CVE-2021-20231 affecting package gnutls 3.6.14-9
2021-04-06 23:50:06
CVE-2021-20232 affecting package gnutls 3.6.14-9
2021-04-06 23:50:06
CVE-2021-20232 affecting package gnutls for versions less than 3.6.14-5
2022-04-09 06:51:42
veracode
veracode
Arbitrary Code Execution
2021-03-12 22:14:09
Denial Of Service (DoS)
2021-03-12 22:14:08
ubuntucve
ubuntucve
CVE-2021-20231
2021-03-12 00:00:00
CVE-2021-20232
2021-03-12 00:00:00
prion
prion
Memory corruption
2021-03-12 19:15:00
Memory corruption
2021-03-12 19:15:00
cve
cve
CVE-2021-20232
2021-03-12 19:15:13
CVE-2021-20231
2021-03-12 19:15:13
redhatcve
redhatcve
CVE-2021-20232
2021-03-12 10:03:32
CVE-2021-20231
2021-03-12 10:04:11
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - April 2022
2022-04-19 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.011 Low
EPSS
Percentile
84.5%
Related for EULEROS_SA-2021-2204.NASL