Lucene search
This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2021-2466.NASLHistorySep 24, 2021 - 12:00 a.m.
EulerOS 2.0 SP8 : krb5 (EulerOS-SA-2021-2466)
2021-09-2400:00:00
This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
6
According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
- ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before 1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(153650);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/07/19");
script_cve_id("CVE-2021-36222");
script_xref(name:"IAVB", value:"2021-B-0054-S");
script_name(english:"EulerOS 2.0 SP8 : krb5 (EulerOS-SA-2021-2466)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the versions of the krb5 packages installed, the EulerOS installation on the remote host is affected by the
following vulnerabilities :
- ec_verify in kdc/kdc_preauth_ec.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) before
1.18.4 and 1.19.x before 1.19.2 allows remote attackers to cause a NULL pointer dereference and daemon
crash. This occurs because a return value is not properly managed in a certain situation. (CVE-2021-36222)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2466
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8a06efd5");
script_set_attribute(attribute:"solution", value:
"Update the affected krb5 packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-36222");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/07/22");
script_set_attribute(attribute:"patch_publication_date", value:"2021/09/24");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/09/24");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-pkinit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-server-ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:krb5-workstation");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libkadm5");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
var flag = 0;
var pkgs = [
"krb5-devel-1.16.1-21.h6.eulerosv2r8",
"krb5-libs-1.16.1-21.h6.eulerosv2r8",
"krb5-pkinit-1.16.1-21.h6.eulerosv2r8",
"krb5-server-1.16.1-21.h6.eulerosv2r8",
"krb5-server-ldap-1.16.1-21.h6.eulerosv2r8",
"krb5-workstation-1.16.1-21.h6.eulerosv2r8",
"libkadm5-1.16.1-21.h6.eulerosv2r8"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "krb5");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| huawei | euleros | krb5-devel | p-cpe:/a:huawei:euleros:krb5-devel |
| huawei | euleros | krb5-libs | p-cpe:/a:huawei:euleros:krb5-libs |
| huawei | euleros | krb5-pkinit | p-cpe:/a:huawei:euleros:krb5-pkinit |
| huawei | euleros | krb5-server | p-cpe:/a:huawei:euleros:krb5-server |
| huawei | euleros | krb5-server-ldap | p-cpe:/a:huawei:euleros:krb5-server-ldap |
| huawei | euleros | krb5-workstation | p-cpe:/a:huawei:euleros:krb5-workstation |
| huawei | euleros | libkadm5 | p-cpe:/a:huawei:euleros:libkadm5 |
| huawei | euleros | 2.0 | cpe:/o:huawei:euleros:2.0 |
Related
prion
prion
Null pointer dereference
2021-07-22 18:15:00
fedora
fedora
[SECURITY] Fedora 34 Update: krb5-1.19.1-14.fc34
2021-07-14 01:21:27
[SECURITY] Fedora 33 Update: krb5-1.18.2-30.fc33
2021-07-21 01:15:38
osv
osv
CVE-2021-36222
2021-07-22 18:15:23
krb5 - security update
2021-07-25 00:00:00
Moderate: krb5 security update
2021-09-21 07:09:33
openvas
openvas
Fedora: Security Advisory for krb5 (FEDORA-2021-2bae525fd3)
2021-07-27 00:00:00
Fedora: Security Advisory for krb5 (FEDORA-2021-8b25e4642f)
2021-07-15 00:00:00
openSUSE: Security Advisory for krb5 (openSUSE-SU-2021:2800-1)
2021-08-21 00:00:00
nessus
nessus
openSUSE 15 Security Update : krb5 (openSUSE-SU-2021:1182-1)
2021-08-24 00:00:00
Debian DSA-4944-1 : krb5 - security update
2021-07-25 00:00:00
openSUSE 15 Security Update : krb5 (openSUSE-SU-2021:2800-1)
2021-08-21 00:00:00
suse
suse
Security update for krb5 (important)
2021-08-23 00:00:00
Security update for krb5 (important)
2021-08-20 00:00:00
Security update for samba (important)
2022-02-01 00:00:00
alpinelinux
alpinelinux
CVE-2021-36222
2021-07-22 18:15:00
cve
cve
CVE-2021-36222
2021-07-22 18:15:00
debiancve
debiancve
CVE-2021-36222
2021-07-22 18:15:00
altlinux
altlinux
Security fix for the ALT Linux 9 package krb5 version 1.17.2-alt2
2021-07-28 00:00:00
Security fix for the ALT Linux 10 package krb5 version 1.19.2-alt1
2021-07-26 00:00:00
debian
debian
[SECURITY] [DSA 4944-1] krb5 security update
2021-07-25 07:27:47
[SECURITY] [DSA 4944-1] krb5 security update
2021-07-25 07:27:47
veracode
veracode
Denial Of Service (DoS)
2021-07-26 15:41:13
cbl_mariner
cbl_mariner
CVE-2021-36222 affecting package krb5 1.18-4
2022-04-09 06:51:49
CVE-2021-36222 affecting package krb5 1.17-4
2021-11-03 19:21:15
ubuntucve
ubuntucve
CVE-2021-36222
2021-07-22 00:00:00
redhatcve
redhatcve
CVE-2021-36222
2021-07-19 15:50:13
almalinux
almalinux
Moderate: krb5 security update
2021-09-21 07:09:33
rocky
rocky
krb5 security update
2021-09-21 07:09:33
ubuntu
ubuntu
Kerberos vulnerabilities
2023-03-16 00:00:00
oraclelinux
oraclelinux
krb5 security update
2021-09-23 00:00:00
cloudfoundry
cloudfoundry
USN-5959-1: Kerberos vulnerabilities Severity | Cloud Foundry
2023-04-29 00:00:00
redhat
redhat
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2022-3.0-0342
2021-12-12 00:00:00
Important Photon OS Security Update - PHSA-2021-0455
2021-11-30 00:00:00
Important Photon OS Security Update - PHSA-2021-3.0-0342
2021-12-12 00:00:00
freebsd
freebsd
MySQL -- Multiple vulnerabilities
2021-10-16 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00
ibm
ibm
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
Related for EULEROS_SA-2021-2466.NASL