Lucene search
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2021-2287.NASLHistoryAug 09, 2021 - 12:00 a.m.
EulerOS 2.0 SP8 : babel (EulerOS-SA-2021-2287)
2021-08-0900:00:00
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
8.5 High
AI Score
Confidence
High
According to the version of the babel packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :
- A flaw was found in python-babel. A path traversal vulnerability was found in how locale data files are checked and loaded within python-babel, allowing a local attacker to trick an application that uses python-babel to load a file outside of the intended locale directory. The highest threat from this vulnerability is to data confidentiality and integrity as well as service availability.(CVE-2021-20095)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(152306);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/06");
script_cve_id("CVE-2021-20095");
script_name(english:"EulerOS 2.0 SP8 : babel (EulerOS-SA-2021-2287)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the babel packages installed, the EulerOS
installation on the remote host is affected by the following
vulnerability :
- A flaw was found in python-babel. A path traversal
vulnerability was found in how locale data files are
checked and loaded within python-babel, allowing a
local attacker to trick an application that uses
python-babel to load a file outside of the intended
locale directory. The highest threat from this
vulnerability is to data confidentiality and integrity
as well as service availability.(CVE-2021-20095)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2287
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d9b3d31f");
script_set_attribute(attribute:"solution", value:
"Update the affected babel package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-20095");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"patch_publication_date", value:"2021/08/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/08/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:babel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python2-babel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-babel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
flag = 0;
pkgs = ["babel-2.6.0-5.h3.eulerosv2r8",
"python2-babel-2.6.0-5.h3.eulerosv2r8",
"python3-babel-2.6.0-5.h3.eulerosv2r8"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "babel");
}
Related
nessus
nessus
EulerOS Virtualization for ARM 64 3.0.2.0 : babel (EulerOS-SA-2021-2100)
2021-07-02 00:00:00
EulerOS 2.0 SP5 : babel (EulerOS-SA-2021-2319)
2021-09-07 00:00:00
EulerOS 2.0 SP9 : babel (EulerOS-SA-2021-2261)
2021-08-09 00:00:00
cve
cve
CVE-2021-20095
2021-04-29 15:15:00
openvas
openvas
Huawei EulerOS: Security Advisory for babel (EulerOS-SA-2021-2571)
2021-10-26 00:00:00
Ubuntu: Security Advisory (USN-4962-1)
2021-05-20 00:00:00
Huawei EulerOS: Security Advisory for babel (EulerOS-SA-2021-2261)
2021-08-09 00:00:00
veracode
veracode
Directory Traversal
2021-04-30 04:58:55
debian
debian
[SECURITY] [DSA 5018-1] python-babel security update
2021-12-09 18:56:41
[SECURITY] [DLA 2790-1] python-babel security update
2021-10-21 09:56:09
gentoo
gentoo
Babel: Remote code execution
2022-08-04 00:00:00
osv
osv
python-babel vulnerability
2021-05-19 14:00:33
Moderate: babel security and bug fix update
2021-11-09 08:37:19
Moderate: babel security and bug fix update
2021-11-09 08:37:19
mageia
mageia
Updated python-babel packages fix a security vulnerability
2021-06-18 22:24:28
ubuntu
ubuntu
Babel vulnerability
2021-05-19 00:00:00
fedora
fedora
[SECURITY] Fedora 32 Update: babel-2.8.0-4.fc32
2021-05-09 00:51:37
[SECURITY] Fedora 33 Update: babel-2.8.1-2.fc33
2021-05-09 01:17:01
redhatcve
redhatcve
CVE-2021-20095
2021-04-30 17:49:20
archlinux
archlinux
[ASA-202105-15] python-babel: arbitrary code execution
2021-05-19 00:00:00
rocky
rocky
babel security and bug fix update
2021-11-09 08:37:19
python27:2.7 security update
2021-11-09 08:24:39
python38:3.8 and python38-devel:3.8 security update
2021-11-09 12:47:54
oraclelinux
oraclelinux
babel security and bug fix update
2021-11-16 00:00:00
python27:2.7 security update
2021-11-16 00:00:00
python38:3.8 and python38-devel:3.8 security update
2021-11-16 00:00:00
redhat
redhat
(RHSA-2021:4201) Moderate: babel security and bug fix update
2021-11-09 08:37:19
(RHSA-2021:4151) Moderate: python27:2.7 security update
2021-11-09 08:24:39
(RHSA-2021:3252) Moderate: python27 security update
2021-08-24 07:29:51
ubuntucve
ubuntucve
CVE-2021-42771
2021-10-20 00:00:00
almalinux
almalinux
Moderate: babel security and bug fix update
2021-11-09 08:37:19
Moderate: python27:2.7 security update
2021-11-09 08:24:39
Moderate: python38:3.8 and python38-devel:3.8 security update
2021-11-09 12:47:54