Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2022-2381.NASL
HistorySep 23, 2022 - 12:00 a.m.

EulerOS Virtualization 2.9.0 : grub2 (EulerOS-SA-2022-2381)

2022-09-2300:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
2

7.6 High

AI Score

Confidence

Low

JSON

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  • A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. (CVE-2021-3695)

  • A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it’s very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. (CVE-2021-3696)

  • A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. (CVE-2021-3697)

  • A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong permission set allowing non privileged users to read its content. This represents a low severity confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg.
    This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no version with the fix is currently released. (CVE-2021-3981)

  • grub2: Integer underflow in grub_net_recv_ip4_packets (CVE-2022-28733)

  • grub2: Out-of-bound write when handling split HTTP headers (CVE-2022-28734)

  • grub2: use-after-free in grub_cmd_chainloader() (CVE-2022-28736)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(165392);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/18");

  script_cve_id(
    "CVE-2021-3695",
    "CVE-2021-3696",
    "CVE-2021-3697",
    "CVE-2021-3981",
    "CVE-2022-28733",
    "CVE-2022-28734",
    "CVE-2022-28736"
  );

  script_name(english:"EulerOS Virtualization 2.9.0 : grub2 (EulerOS-SA-2022-2381)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is
affected by the following vulnerabilities :

  - A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may
    take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent
    secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform
    some triage over the heap layout to achieve signifcant results, also the values written into the memory
    are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2
    versions prior grub-2.12. (CVE-2021-3695)

  - A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may
    lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be
    considered Low as it's very complex to an attacker control the encoding and positioning of corrupted
    Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This
    flaw affects grub2 versions prior grub-2.12. (CVE-2021-3696)

  - A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data
    to be written in heap. To a successful to be performed the attacker needs to perform some triage over the
    heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data
    corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions
    prior grub-2.12. (CVE-2021-3697)

  - A flaw in grub2 was found where its configuration file, known as grub.cfg, is being created with the wrong
    permission set allowing non privileged users to read its content. This represents a low severity
    confidentiality issue, as those users can eventually read any encrypted passwords present in grub.cfg.
    This flaw affects grub2 2.06 and previous versions. This issue has been fixed in grub upstream but no
    version with the fix is currently released. (CVE-2021-3981)

  - grub2: Integer underflow in grub_net_recv_ip4_packets (CVE-2022-28733)

  - grub2: Out-of-bound write when handling split HTTP headers (CVE-2022-28734)

  - grub2: use-after-free in grub_cmd_chainloader() (CVE-2022-28736)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2381
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e0905e3e");
  script_set_attribute(attribute:"solution", value:
"Update the affected grub2 packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3696");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-28733");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/03/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/09/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/09/23");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:grub2-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:grub2-efi-x64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:grub2-efi-x64-modules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:grub2-pc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:grub2-pc-modules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:grub2-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:grub2-tools-efi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:grub2-tools-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:grub2-tools-minimal");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.9.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.9.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.9.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);

var flag = 0;

var pkgs = [
  "grub2-common-2.02-73.h39.eulerosv2r9",
  "grub2-efi-x64-2.02-73.h39.eulerosv2r9",
  "grub2-efi-x64-modules-2.02-73.h39.eulerosv2r9",
  "grub2-pc-2.02-73.h39.eulerosv2r9",
  "grub2-pc-modules-2.02-73.h39.eulerosv2r9",
  "grub2-tools-2.02-73.h39.eulerosv2r9",
  "grub2-tools-efi-2.02-73.h39.eulerosv2r9",
  "grub2-tools-extra-2.02-73.h39.eulerosv2r9",
  "grub2-tools-minimal-2.02-73.h39.eulerosv2r9"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "grub2");
}
VendorProductVersionCPE
huaweieulerosgrub2-commonp-cpe:/a:huawei:euleros:grub2-common
huaweieulerosgrub2-efi-x64p-cpe:/a:huawei:euleros:grub2-efi-x64
huaweieulerosgrub2-efi-x64-modulesp-cpe:/a:huawei:euleros:grub2-efi-x64-modules
huaweieulerosgrub2-pcp-cpe:/a:huawei:euleros:grub2-pc
huaweieulerosgrub2-pc-modulesp-cpe:/a:huawei:euleros:grub2-pc-modules
huaweieulerosgrub2-toolsp-cpe:/a:huawei:euleros:grub2-tools
huaweieulerosgrub2-tools-efip-cpe:/a:huawei:euleros:grub2-tools-efi
huaweieulerosgrub2-tools-extrap-cpe:/a:huawei:euleros:grub2-tools-extra
huaweieulerosgrub2-tools-minimalp-cpe:/a:huawei:euleros:grub2-tools-minimal
huaweieulerosuvpcpe:/o:huawei:euleros:uvp:2.9.0

Related

nessus 67
suse 2
oraclelinux 7
fedora 4
redos 1
gentoo 1
redhat 13
osv 8
almalinux 3
rocky 3
ubuntu 1
amazon 2
rosalinux 4
ibm 3
prion 7
redhatcve 7
veracode 6
cve 7
photon 12
debiancve 7
cbl_mariner 15
f5 2
ubuntucve 7
alpinelinux 1
avleonov 1
nessus
nessus
EulerOS Virtualization 2.9.1 : grub2 (EulerOS-SA-2022-2345)
2022-09-23 00:00:00
EulerOS 2.0 SP8 : grub2 (EulerOS-SA-2022-2221)
2022-08-17 00:00:00
SUSE SLES15 Security Update : grub2 (SUSE-SU-2022:2036-1)
2022-06-11 00:00:00
suse
suse
Security update for grub2 (important)
2022-06-13 00:00:00
Security update for grub2 (important)
2022-06-10 00:00:00
oraclelinux
oraclelinux
grub2 security update
2022-06-07 00:00:00
grub2 security update
2022-06-07 00:00:00
grub2 security update
2023-10-27 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: grub2-2.06-42.fc36
2022-06-10 01:15:49
[SECURITY] Fedora 35 Update: grub2-2.06-11.fc35
2022-06-22 01:25:16
[SECURITY] Fedora 34 Update: grub2-2.06-9.fc34
2021-12-26 01:10:20
redos
redos
ROS-20240208-03
2024-02-08 00:00:00
gentoo
gentoo
GRUB: Multiple Vulnerabilities
2022-09-25 00:00:00
redhat
redhat
(RHSA-2022:5099) Important: grub2, mokutil, shim, and shim-unsigned-x64 security update
2022-06-16 13:17:13
(RHSA-2022:5100) Important: grub2, mokutil, shim, and shim-unsigned-x64 security update
2022-06-16 13:17:35
(RHSA-2022:5098) Important: grub2, mokutil, and shim security update
2022-06-16 13:14:23
osv
osv
Important: grub2, mokutil, shim, and shim-unsigned-x64 security update
2022-06-16 00:00:00
Important: grub2, mokutil, shim, and shim-unsigned-x64 security update
2022-06-16 13:17:13
Important: grub2, mokutil, shim, and shim-unsigned-x64 security update
2022-06-16 00:00:00
almalinux
almalinux
Important: grub2, mokutil, shim, and shim-unsigned-x64 security update
2022-06-16 00:00:00
Important: grub2, mokutil, shim, and shim-unsigned-x64 security update
2022-06-16 00:00:00
Low: grub2 security, bug fix, and enhancement update
2022-05-10 08:17:41
rocky
rocky
grub2, mokutil, shim, and shim-unsigned-x64 security update
2022-06-16 13:17:13
grub2, mokutil, shim, and shim-unsigned-x64 security update
2022-06-16 13:10:10
grub2 security, bug fix, and enhancement update
2022-05-10 08:17:41
ubuntu
ubuntu
GRUB2 vulnerabilities
2023-09-08 00:00:00
amazon
amazon
Important: grub2
2023-07-17 17:40:00
Low: grub2
2022-04-25 22:58:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2341
2024-02-14 10:25:29
Advisory ROSA-SA-2024-2349
2024-02-20 09:18:09
Advisory ROSA-SA-2023-2112
2023-02-14 11:48:50
ibm
ibm
Security Bulletin: Security vulnerabilities have been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component
2022-12-20 20:15:41
Security Bulletin: IBM Security Verify Access Appliance includes components with known vulnerabilities
2023-01-12 23:10:11
Security Bulletin: IBM QRadar SIEM includes components with known vulnerabilities
2023-03-30 18:16:48
prion
prion
Integer overflow
2023-07-20 01:15:00
Design/Logic Flaw
2023-07-20 01:15:00
Design/Logic Flaw
2023-07-20 01:15:00
redhatcve
redhatcve
CVE-2022-28733
2022-06-07 17:19:51
CVE-2022-28734
2022-06-07 17:19:54
CVE-2022-28736
2022-06-07 17:19:57
veracode
veracode
Denial Of Service (DoS)
2022-06-16 04:50:15
Remote Code Execution (RCE)
2022-06-16 04:47:55
Remote Code Execution (RCE)
2022-06-15 16:11:08
cve
cve
CVE-2022-28734
2023-07-20 01:15:10
CVE-2022-28736
2023-07-20 01:15:10
CVE-2022-28733
2023-07-20 01:15:10
photon
photon
Important Photon OS Security Update - PHSA-2023-0510
2023-01-03 00:00:00
Important Photon OS Security Update - PHSA-2023-0306
2023-01-03 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0306
2023-01-03 00:00:00
debiancve
debiancve
CVE-2022-28733
2023-07-20 01:15:00
CVE-2022-28736
2023-07-20 01:15:00
CVE-2022-28734
2023-07-20 01:15:00
cbl_mariner
cbl_mariner
CVE-2022-28736 affecting package grub2 2.06-11
2023-11-08 02:07:28
CVE-2022-28733 affecting package grub2 2.06-11
2023-11-08 02:07:28
CVE-2022-28734 affecting package grub2 2.06-11
2023-11-08 02:07:28
f5
f5
K000132893 : GRUB2 vulnerability CVE-2022-28733
2023-03-08 00:00:00
K000130541 : Grub2 vulnerability CVE-2022-28734
2023-01-11 00:00:00
ubuntucve
ubuntucve
CVE-2022-28736
2023-07-20 00:00:00
CVE-2022-28734
2023-07-20 00:00:00
CVE-2022-28733
2023-07-20 00:00:00
alpinelinux
alpinelinux
CVE-2021-3697
2022-07-06 16:15:00
avleonov
avleonov
Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs
2022-12-30 18:03:13

7.6 High

AI Score

Confidence

Low

JSON
Related for EULEROS_SA-2022-2381.NASL
nessus67suse2oraclelinux7fedora4redos1gentoo1redhat13osv8almalinux3rocky3ubuntu1amazon2rosalinux4ibm3prion7redhatcve7veracode6cve7photon12debiancve7cbl_mariner15f52ubuntucve7alpinelinux1avleonov1