Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2022-1781.NASL
HistoryJun 01, 2022 - 12:00 a.m.

EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-1781)

2022-06-0100:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
89
JSON

According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

  • A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
    (CVE-2022-0492)

  • A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)

  • A flaw was found in the way the ‘flags’ member of the new pipe buffer structure was lacking proper initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(161752);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/01/13");

  script_cve_id("CVE-2022-0492", "CVE-2022-0617", "CVE-2022-0847");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/16");

  script_name(english:"EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-1781)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :

  - A vulnerability was found in the Linux kernel's cgroup_release_agent_write in the
    kernel/cgroup/cgroup-v1.c function. This flaw, under certain circumstances, allows the use of the cgroups
    v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly.
    (CVE-2022-0492)

  - A flaw null pointer dereference in the Linux kernel UDF file system functionality was found in the way
    user triggers udf_file_write_iter function for the malicious UDF image. A local user could use this flaw
    to crash the system. Actual from Linux kernel 4.2-rc1 till 5.17-rc2. (CVE-2022-0617)

  - A flaw was found in the way the 'flags' member of the new pipe buffer structure was lacking proper
    initialization in copy_page_to_iter_pipe and push_pipe functions in the Linux kernel and could thus
    contain stale values. An unprivileged local user could use this flaw to write to pages in the page cache
    backed by read only files and as such escalate their privileges on the system. (CVE-2022-0847)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1781
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a3f23d2e");
  script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-0847");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Dirty Pipe Local Privilege Escalation via CVE-2022-0847');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/02/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/06/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/06/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-abi-stablelists");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-perf");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10");

var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(10)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10");

if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

var flag = 0;

var pkgs = [
  "kernel-4.19.90-vhulk2201.1.0.h1035.eulerosv2r10",
  "kernel-abi-stablelists-4.19.90-vhulk2201.1.0.h1035.eulerosv2r10",
  "kernel-tools-4.19.90-vhulk2201.1.0.h1035.eulerosv2r10",
  "kernel-tools-libs-4.19.90-vhulk2201.1.0.h1035.eulerosv2r10",
  "python3-perf-4.19.90-vhulk2201.1.0.h1035.eulerosv2r10"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"10", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
VendorProductVersionCPE
huaweieuleroskernelp-cpe:/a:huawei:euleros:kernel
huaweieuleroskernel-abi-stablelistsp-cpe:/a:huawei:euleros:kernel-abi-stablelists
huaweieuleroskernel-toolsp-cpe:/a:huawei:euleros:kernel-tools
huaweieuleroskernel-tools-libsp-cpe:/a:huawei:euleros:kernel-tools-libs
huaweieulerospython3-perfp-cpe:/a:huawei:euleros:python3-perf
huaweieuleros2.0cpe:/o:huawei:euleros:2.0

Related

openvas 12
nessus 38
rocky 2
threatpost 1
cnvd 2
veracode 2
prion 3
ubuntucve 3
cbl_mariner 5
redhatcve 3
debiancve 3
redhat 9
cve 3
virtuozzo 2
f5 2
githubexploit 73
packetstorm 2
oraclelinux 9
attackerkb 1
rapid7blog 1
hivepro 2
redos 2
trendmicroblog 1
photon 1
centos 1
metasploit 2
thn 2
zdt 5
osv 1
checkpoint_advisories 1
fortinet 1
securelist 1
cisa 1
cisa_kev 1
suse 1
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2022-1781)
2022-06-01 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2022-1782)
2022-06-01 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:1036-1)
2022-03-31 00:00:00
nessus
nessus
EulerOS 2.0 SP10 : kernel (EulerOS-SA-2022-1782)
2022-06-01 00:00:00
Rocky Linux 8 : kernel-rt (RLSA-2022:819)
2022-03-11 00:00:00
Rocky Linux 8 : kernel (RLSA-2022:825)
2022-03-12 00:00:00
rocky
rocky
kernel-rt security and bug fix update
2022-03-11 02:24:05
kernel security, bug fix, and enhancement update
2022-03-11 02:26:54
threatpost
threatpost
Bug in the Linux Kernel Allows Privilege Escalation, Container Escape
2022-03-08 14:52:05
cnvd
cnvd
Linux kernel denial-of-service vulnerability (CNVD-2022-69196)
2022-02-18 00:00:00
Linux kernel authorization issue vulnerability
2022-02-09 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-04-27 19:21:12
Privilege Escalation
2022-03-26 18:16:10
prion
prion
Null pointer dereference
2022-02-16 17:15:00
Design/Logic Flaw
2022-03-03 19:15:00
Design/Logic Flaw
2022-03-10 17:44:00
ubuntucve
ubuntucve
CVE-2022-0617
2022-02-16 00:00:00
CVE-2022-0492
2022-02-08 00:00:00
CVE-2022-0847
2022-03-07 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-0617 affecting package kernel 5.15.153.1-2
2022-04-09 06:52:47
CVE-2022-0617 affecting package kernel 5.10.189.1-1
2022-03-10 23:47:45
CVE-2022-0492 affecting package kernel 5.15.131.1-2
2022-04-09 06:52:47
redhatcve
redhatcve
CVE-2022-0617
2022-02-15 17:25:05
CVE-2022-0492
2022-02-07 11:59:48
CVE-2022-0847
2022-03-07 12:28:23
debiancve
debiancve
CVE-2022-0617
2022-02-16 17:15:00
CVE-2022-0492
2022-03-03 19:15:00
CVE-2022-0847
2022-03-10 17:44:00
redhat
redhat
(RHSA-2022:0821) Important: kernel-rt security and bug fix update
2022-03-10 14:39:50
(RHSA-2022:4642) Important: kernel security and bug fix update
2022-05-18 12:14:40
(RHSA-2022:0820) Important: kernel security, bug fix, and enhancement update
2022-03-10 14:39:03
cve
cve
CVE-2022-0617
2022-02-16 17:15:00
CVE-2022-0847
2022-03-10 17:44:00
CVE-2022-0492
2022-03-03 19:15:00
virtuozzo
virtuozzo
[Important] [Security] Virtuozzo ReadyKernel Patch 160.0 for Virtuozzo Hybrid Server 7.5
2023-08-25 00:00:00
[Important] [Security] Virtuozzo ReadyKernel patch 142.0 for Virtuozzo Hybrid Server 7.0, 7.5
2022-05-25 00:00:00
f5
f5
K54724312 : Linux kernel vulnerability CVE-2022-0492
2022-05-25 00:00:00
K63603485 : Linux kernel vulnerability CVE-2022-0847
2022-03-11 00:00:00
githubexploit
githubexploit
Exploit for Missing Authorization in Linux Linux Kernel
2022-03-07 10:03:17
Exploit for Missing Authorization in Linux Linux Kernel
2022-03-11 08:02:46
Exploit for Missing Authorization in Linux Linux Kernel
2022-05-09 13:20:03
packetstorm
packetstorm
Docker cgroups Container Escape
2023-12-07 00:00:00
Dirty Pipe Local Privilege Escalation
2022-03-10 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel-container security update
2022-03-10 00:00:00
Unbreakable Enterprise kernel-container security update
2022-02-09 00:00:00
Unbreakable Enterprise kernel-container security update
2022-02-28 00:00:00
attackerkb
attackerkb
CVE-2022-0847
2022-03-10 00:00:00
rapid7blog
rapid7blog
CVE-2022-0847: Arbitrary File Overwrite Vulnerability in Linux Kernel
2022-03-09 22:25:34
hivepro
hivepro
Dirty Pipe: A privilege escalation vulnerability in Linux Kernel
2022-03-08 16:41:45
Linux Distributions affected by a privilege escalation vulnerability
2022-03-08 08:30:44
redos
redos
ROS-20220314-02
2022-03-14 00:00:00
ROS-20220324-01
2022-03-24 00:00:00
trendmicroblog
trendmicroblog
Detecting Exploitation of Local Vulnerabilities Through Trend Micro Vision One™ and Cloud One™
2022-04-06 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2022-0151
2022-02-05 00:00:00
centos
centos
bpftool, kernel, perf, python security update
2022-05-19 15:09:15
metasploit
metasploit
Docker cgroups Container Escape
2023-11-28 18:44:08
Dirty Pipe Local Privilege Escalation via CVE-2022-0847
2022-03-07 15:49:27
thn
thn
'Dirty Pipe' Linux Flaw Affects a Wide Range of QNAP NAS Devices
2022-03-15 03:44:00
New Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container
2022-03-05 08:43:00
zdt
zdt
Dirty Pipe Linux Privilege Escalation Exploit
2022-03-09 00:00:00
Dirty Pipe SUID Binary Hijack Privilege Escalation Exploit
2022-03-09 00:00:00
Linux Kernel 5.8 < 5.16.11 - Local Privilege Escalation (DirtyPipe) Exploit
2022-03-08 00:00:00
osv
osv
Linux kernel bug allows writing to arbitrary files, bypassing file permissions, immutability, snapshots and read-only mounts
2022-05-01 00:00:00
checkpoint_advisories
checkpoint_advisories
Linux Kernel Privilege Escalation (CVE-2022-0847)
2022-10-31 00:00:00
fortinet
fortinet
CVE-2022-0847 on Linux Kernel
2023-04-11 00:00:00
securelist
securelist
CVE-2022-0847 aka Dirty Pipe vulnerability in Linux kernel
2022-03-14 14:11:07
cisa
cisa
Dirty Pipe Privilege Escalation Vulnerability in Linux
2022-03-10 00:00:00
cisa_kev
cisa_kev
Linux Kernel Privilege Escalation Vulnerability
2022-04-25 00:00:00
suse
suse
Security update for the Linux Kernel (important)
2022-03-08 00:00:00
JSON
Related for EULEROS_SA-2022-1781.NASL
openvas12nessus38rocky2threatpost1cnvd2veracode2prion3ubuntucve3cbl_mariner5redhatcve3debiancve3redhat9cve3virtuozzo2f52githubexploit73packetstorm2oraclelinux9attackerkb1rapid7blog1hivepro2redos2trendmicroblog1photon1centos1metasploit2thn2zdt5osv1checkpoint_advisories1fortinet1securelist1cisa1cisa_kev1suse1