Lucene search

K
nessusThis script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2022-1463.NASL
HistoryApr 20, 2022 - 12:00 a.m.

EulerOS 2.0 SP10 : busybox (EulerOS-SA-2022-1463)

2022-04-2000:00:00
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
19

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.016 Low

EPSS

Percentile

87.2%

According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  • A NULL pointer dereference in Busybox’s hush applet leads to denial of service when processing a crafted shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under very rare conditions of filtered command input. (CVE-2021-42376)

  • An attacker-controlled pointer free in Busybox’s hush applet leads to denial of service and possible code execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may be used for remote code execution under rare conditions of filtered command input. (CVE-2021-42377)

  • A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_i function (CVE-2021-42378)

  • A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the next_input_file function (CVE-2021-42379)

  • A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the clrvar function (CVE-2021-42380)

  • A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the hash_init function (CVE-2021-42381)

  • A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the getvar_s function (CVE-2021-42382)

  • A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the evaluate function (CVE-2021-42383, CVE-2021-42385)

  • A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the handle_special function (CVE-2021-42384)

  • A use-after-free in Busybox’s awk applet leads to denial of service and possibly code execution when processing a crafted awk pattern in the nvalloc function (CVE-2021-42386)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(159942);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/20");

  script_cve_id(
    "CVE-2021-42376",
    "CVE-2021-42377",
    "CVE-2021-42378",
    "CVE-2021-42379",
    "CVE-2021-42380",
    "CVE-2021-42381",
    "CVE-2021-42382",
    "CVE-2021-42383",
    "CVE-2021-42384",
    "CVE-2021-42385",
    "CVE-2021-42386"
  );

  script_name(english:"EulerOS 2.0 SP10 : busybox (EulerOS-SA-2022-1463)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the busybox package installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :

  - A NULL pointer dereference in Busybox's hush applet leads to denial of service when processing a crafted
    shell command, due to missing validation after a \x03 delimiter character. This may be used for DoS under
    very rare conditions of filtered command input. (CVE-2021-42376)

  - An attacker-controlled pointer free in Busybox's hush applet leads to denial of service and possible code
    execution when processing a crafted shell command, due to the shell mishandling the &&& string. This may
    be used for remote code execution under rare conditions of filtered command input. (CVE-2021-42377)

  - A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
    processing a crafted awk pattern in the getvar_i function (CVE-2021-42378)

  - A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
    processing a crafted awk pattern in the next_input_file function (CVE-2021-42379)

  - A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
    processing a crafted awk pattern in the clrvar function (CVE-2021-42380)

  - A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
    processing a crafted awk pattern in the hash_init function (CVE-2021-42381)

  - A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
    processing a crafted awk pattern in the getvar_s function (CVE-2021-42382)

  - A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
    processing a crafted awk pattern in the evaluate function (CVE-2021-42383, CVE-2021-42385)

  - A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
    processing a crafted awk pattern in the handle_special function (CVE-2021-42384)

  - A use-after-free in Busybox's awk applet leads to denial of service and possibly code execution when
    processing a crafted awk pattern in the nvalloc function (CVE-2021-42386)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1463
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c468360f");
  script_set_attribute(attribute:"solution", value:
"Update the affected busybox packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-42377");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/11/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/04/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/04/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:busybox");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10");

var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(10)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10");

if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

var flag = 0;

var pkgs = [
  "busybox-1.31.1-6.h6.eulerosv2r10"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"10", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "busybox");
}
VendorProductVersionCPE
huaweieulerosbusyboxp-cpe:/a:huawei:euleros:busybox
huaweieuleros2.0cpe:/o:huawei:euleros:2.0

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.016 Low

EPSS

Percentile

87.2%