This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2022-1463.NASLEulerOS 2.0 SP10 : busybox (EulerOS-SA-2022-1463)
According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
-
A NULL pointer dereference in Busyboxβs hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. (CVE-2021-42376)
-
An attacker-controlled pointer free in Busyboxβs hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input. (CVE-2021-42377)
-
A use-after-free in Busyboxβs awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function (CVE-2021-42378)
-
A use-after-free in Busyboxβs awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function (CVE-2021-42379)
-
A use-after-free in Busyboxβs awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function (CVE-2021-42380)
-
A use-after-free in Busyboxβs awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function (CVE-2021-42381)
-
A use-after-free in Busyboxβs awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function (CVE-2021-42382)
-
A use-after-free in Busyboxβs awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function (CVE-2021-42383, CVE-2021-42385)
-
A use-after-free in Busyboxβs awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function (CVE-2021-42384)
-
A use-after-free in Busyboxβs awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function (CVE-2021-42386)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(159942);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/20");
script_cve_id(
"CVE-2021-42376",
"CVE-2021-42377",
"CVE-2021-42378",
"CVE-2021-42379",
"CVE-2021-42380",
"CVE-2021-42381",
"CVE-2021-42382",
"CVE-2021-42383",
"CVE-2021-42384",
"CVE-2021-42385",
"CVE-2021-42386"
);
script_name(english:"EulerOS 2.0 SP10 : busybox (EulerOS-SA-2022-1463)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :
- A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted
shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under
very rare conditions of filtered command input. (CVE-2021-42376)
- An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code
execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may
be used for remote code execution under rare conditions of filtered command input. (CVE-2021-42377)
- A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
processing a crafted awk pattern in the getvar_i function (CVE-2021-42378)
- A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
processing a crafted awk pattern in the next_input_file function (CVE-2021-42379)
- A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
processing a crafted awk pattern in the clrvar function (CVE-2021-42380)
- A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
processing a crafted awk pattern in the hash_init function (CVE-2021-42381)
- A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
processing a crafted awk pattern in the getvar_s function (CVE-2021-42382)
- A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
processing a crafted awk pattern in the evaluate function (CVE-2021-42383, CVE-2021-42385)
- A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
processing a crafted awk pattern in the handle_special function (CVE-2021-42384)
- A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
processing a crafted awk pattern in the nvalloc function (CVE-2021-42386)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1463
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c468360f");
script_set_attribute(attribute:"solution", value:
"Update the affected busybox packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-42377");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/11/15");
script_set_attribute(attribute:"patch_publication_date", value:"2022/04/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/04/20");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:busybox");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10");
var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(10)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
var flag = 0;
var pkgs = [
"busybox-1.31.1-6.h6.eulerosv2r10"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"10", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "busybox");
}
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42376
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42377
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42378
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42379
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42380
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42381
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42382
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42383
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42384
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42385
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42386
www.nessus.org/u?c468360f
Related
