Lucene search

K

EulerOS 2.0 SP9 : busybox (EulerOS-SA-2022-1303)

πŸ—“οΈΒ 02 Mar 2022Β 00:00:00Reported byΒ This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.TypeΒ 
nessus
Β nessus
πŸ”—Β www.tenable.comπŸ‘Β 35Β Views

EulerOS 2.0 SP9 busybox vulnerabilitie

Show more
Related
Refs
Code
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(158547);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/06");

  script_cve_id(
    "CVE-2021-42374",
    "CVE-2021-42376",
    "CVE-2021-42378",
    "CVE-2021-42379",
    "CVE-2021-42380",
    "CVE-2021-42381",
    "CVE-2021-42382",
    "CVE-2021-42383",
    "CVE-2021-42384",
    "CVE-2021-42385",
    "CVE-2021-42386"
  );

  script_name(english:"EulerOS 2.0 SP9 : busybox (EulerOS-SA-2022-1303)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :

  - An out-of-bounds heap read in Busybox's unlzma applet leads to information leak and denial of service when
    crafted LZMA-compressed input is decompressed. This can be triggered by any applet/format that
    (CVE-2021-42374)

  - A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted
    shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under
    very rare conditions of filtered command input. (CVE-2021-42376)

  - A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
    processing a crafted awk pattern in the getvar_i function (CVE-2021-42378)

  - A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
    processing a crafted awk pattern in the next_input_file function (CVE-2021-42379)

  - A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
    processing a crafted awk pattern in the clrvar function (CVE-2021-42380)

  - A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
    processing a crafted awk pattern in the hash_init function (CVE-2021-42381)

  - A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
    processing a crafted awk pattern in the getvar_s function (CVE-2021-42382)

  - A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
    processing a crafted awk pattern in the evaluate function (CVE-2021-42383, CVE-2021-42385)

  - A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
    processing a crafted awk pattern in the handle_special function (CVE-2021-42384)

  - A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
    processing a crafted awk pattern in the nvalloc function (CVE-2021-42386)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1303
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1b987818");
  script_set_attribute(attribute:"solution", value:
"Update the affected busybox packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-42386");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/11/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/03/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/03/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:busybox");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP9");

var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(9)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP9");

if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP9", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

var flag = 0;

var pkgs = [
  "busybox-1.31.1-6.h3.r2.eulerosv2r9"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"9", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "busybox");
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. ContactΒ us for a demo andΒ discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo