EulerOS 2.0 SP5 : openldap (EulerOS-SA-2022-1908)

🗓️ 17 Jun 2022 00:00:00Reported by TenableType

EulerOS 2.0 SP5 openldap SQL injection vulnerabilit

Reporter	Title	Published	Views	Family All 125
ATTACKERKB	CVE-2022-29155	4 May 202220:15	–	attackerkb
Tenable Nessus	Amazon Linux 2 : openldap (ALAS-2022-1796)	24 May 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2 : openldap (ALAS-2023-1958)	23 Feb 202300:00	–	nessus
Tenable Nessus	Amazon Linux AMI : openldap (ALAS-2022-1586)	27 May 202200:00	–	nessus
Tenable Nessus	Amazon Linux AMI : openldap (ALAS-2023-1691)	23 Feb 202300:00	–	nessus
Tenable Nessus	Debian DLA-3017-1 : openldap - LTS security update	21 May 202200:00	–	nessus
Tenable Nessus	Debian DSA-5140-1 : openldap - security update	20 May 202200:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP5 : compat-openldap (EulerOS-SA-2022-1885)	17 Jun 202200:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP8 : openldap (EulerOS-SA-2022-1942)	22 Jun 202200:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : openldap (EulerOS-SA-2022-1975)	8 Jul 202200:00	–	nessus

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(162359);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");

  script_cve_id("CVE-2022-29155");

  script_name(english:"EulerOS 2.0 SP5 : openldap (EulerOS-SA-2022-1908)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the openldap packages installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :

  - In OpenLDAP 2.x before 2.5.12 and 2.6.x before 2.6.2, a SQL injection vulnerability exists in the
    experimental back-sql backend to slapd, via a SQL statement within an LDAP query. This can occur during an
    LDAP search operation when the search filter is processed, due to a lack of proper escaping.
    (CVE-2022-29155)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1908
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c4285ba4");
  script_set_attribute(attribute:"solution", value:
"Update the affected openldap packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-29155");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/05/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/06/17");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/06/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:openldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:openldap-clients");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:openldap-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:openldap-servers");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");

var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");

if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

var flag = 0;

var pkgs = [
  "openldap-2.4.44-15.h17.eulerosv2r7",
  "openldap-clients-2.4.44-15.h17.eulerosv2r7",
  "openldap-devel-2.4.44-15.h17.eulerosv2r7",
  "openldap-servers-2.4.44-15.h17.eulerosv2r7"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "openldap");
}

20 Oct 2023 00:00Current

8.3High risk

Vulners AI Score8.3

CVSS 27.5

CVSS 3.19.8

EPSS0.13614