Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2022-2562.NASL
HistoryOct 10, 2022 - 12:00 a.m.

EulerOS Virtualization 3.0.6.0 : grub2 (EulerOS-SA-2022-2562)

2022-10-1000:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8

8 High

AI Score

Confidence

High

JSON

According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  • GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be bypassed. This only affects systems where the kernel signing certificate has been imported directly into the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects GRUB2 version 2.04 and prior versions. (CVE-2020-15705)

  • A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform some triage over the heap layout to achieve signifcant results, also the values written into the memory are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2 versions prior grub-2.12. (CVE-2021-3695)

  • A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be considered Low as it’s very complex to an attacker control the encoding and positioning of corrupted Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. (CVE-2021-3696)

  • A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data to be written in heap. To a successful to be performed the attacker needs to perform some triage over the heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions prior grub-2.12. (CVE-2021-3697)

  • grub2: Integer underflow in grub_net_recv_ip4_packets (CVE-2022-28733)

  • grub2: Out-of-bound write when handling split HTTP headers (CVE-2022-28734)

  • grub2: use-after-free in grub_cmd_chainloader() (CVE-2022-28736)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(165952);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/18");

  script_cve_id(
    "CVE-2020-15705",
    "CVE-2021-3695",
    "CVE-2021-3696",
    "CVE-2021-3697",
    "CVE-2022-28733",
    "CVE-2022-28734",
    "CVE-2022-28736"
  );
  script_xref(name:"CEA-ID", value:"CEA-2020-0061");

  script_name(english:"EulerOS Virtualization 3.0.6.0 : grub2 (EulerOS-SA-2022-2562)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the grub2 packages installed, the EulerOS Virtualization installation on the remote host is
affected by the following vulnerabilities :

  - GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be
    bypassed. This only affects systems where the kernel signing certificate has been imported directly into
    the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects
    GRUB2 version 2.04 and prior versions. (CVE-2020-15705)

  - A crafted 16-bit grayscale PNG image may lead to a out-of-bounds write in the heap area. An attacker may
    take advantage of that to cause heap data corruption or eventually arbitrary code execution and circumvent
    secure boot protections. This issue has a high complexity to be exploited as an attacker needs to perform
    some triage over the heap layout to achieve signifcant results, also the values written into the memory
    are repeated three times in a row making difficult to produce valid payloads. This flaw affects grub2
    versions prior grub-2.12. (CVE-2021-3695)

  - A heap out-of-bounds write may heppen during the handling of Huffman tables in the PNG reader. This may
    lead to data corruption in the heap space. Confidentiality, Integrity and Availablity impact may be
    considered Low as it's very complex to an attacker control the encoding and positioning of corrupted
    Huffman entries to achieve results such as arbitrary code execution and/or secure boot circumvention. This
    flaw affects grub2 versions prior grub-2.12. (CVE-2021-3696)

  - A crafted JPEG image may lead the JPEG reader to underflow its data pointer, allowing user-controlled data
    to be written in heap. To a successful to be performed the attacker needs to perform some triage over the
    heap layout and craft an image with a malicious format and payload. This vulnerability can lead to data
    corruption and eventual code execution or secure boot circumvention. This flaw affects grub2 versions
    prior grub-2.12. (CVE-2021-3697)

  - grub2: Integer underflow in grub_net_recv_ip4_packets (CVE-2022-28733)

  - grub2: Out-of-bound write when handling split HTTP headers (CVE-2022-28734)

  - grub2: use-after-free in grub_cmd_chainloader() (CVE-2022-28736)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2562
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?375635c7");
  script_set_attribute(attribute:"solution", value:
"Update the affected grub2 packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3696");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-28733");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/07/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/10/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/10/10");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:grub2-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:grub2-efi-aa64");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:grub2-efi-aa64-cdboot");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:grub2-efi-aa64-modules");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:grub2-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:grub2-tools-extra");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:grub2-tools-minimal");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.6.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.6.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.6.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

var flag = 0;

var pkgs = [
  "grub2-common-2.02-62.h37.eulerosv2r8",
  "grub2-efi-aa64-2.02-62.h37.eulerosv2r8",
  "grub2-efi-aa64-cdboot-2.02-62.h37.eulerosv2r8",
  "grub2-efi-aa64-modules-2.02-62.h37.eulerosv2r8",
  "grub2-tools-2.02-62.h37.eulerosv2r8",
  "grub2-tools-extra-2.02-62.h37.eulerosv2r8",
  "grub2-tools-minimal-2.02-62.h37.eulerosv2r8"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "grub2");
}
VendorProductVersionCPE
huaweieulerosgrub2-commonp-cpe:/a:huawei:euleros:grub2-common
huaweieulerosgrub2-efi-aa64p-cpe:/a:huawei:euleros:grub2-efi-aa64
huaweieulerosgrub2-efi-aa64-cdbootp-cpe:/a:huawei:euleros:grub2-efi-aa64-cdboot
huaweieulerosgrub2-efi-aa64-modulesp-cpe:/a:huawei:euleros:grub2-efi-aa64-modules
huaweieulerosgrub2-toolsp-cpe:/a:huawei:euleros:grub2-tools
huaweieulerosgrub2-tools-extrap-cpe:/a:huawei:euleros:grub2-tools-extra
huaweieulerosgrub2-tools-minimalp-cpe:/a:huawei:euleros:grub2-tools-minimal
huaweieulerosuvpcpe:/o:huawei:euleros:uvp:3.0.6.0

Related

openvas 40
nessus 58
suse 4
oraclelinux 6
fedora 2
redos 1
osv 8
almalinux 2
redhat 7
rocky 2
gentoo 1
amazon 1
ubuntu 1
rosalinux 4
ibm 1
veracode 6
cve 7
cbl_mariner 13
prion 8
redhatcve 7
debiancve 7
alpinelinux 2
photon 2
ubuntucve 7
f5 2
openvas
openvas
Huawei EulerOS: Security Advisory for grub2 (EulerOS-SA-2022-2562)
2022-10-12 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:2036-1)
2022-06-13 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:2041-1)
2022-06-13 00:00:00
nessus
nessus
SUSE SLES15 Security Update : grub2 (SUSE-SU-2022:2036-1)
2022-06-11 00:00:00
EulerOS 2.0 SP8 : grub2 (EulerOS-SA-2022-2221)
2022-08-17 00:00:00
SUSE SLES12 Security Update : grub2 (SUSE-SU-2022:2037-1)
2022-06-11 00:00:00
suse
suse
Security update for grub2 (important)
2022-06-13 00:00:00
Security update for grub2 (important)
2022-06-10 00:00:00
Security update for grub2 (important)
2020-08-29 00:00:00
oraclelinux
oraclelinux
grub2 security update
2022-06-07 00:00:00
grub2 security update
2022-06-07 00:00:00
grub2 security update
2023-10-27 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: grub2-2.06-42.fc36
2022-06-10 01:15:49
[SECURITY] Fedora 35 Update: grub2-2.06-11.fc35
2022-06-22 01:25:16
redos
redos
ROS-20240208-03
2024-02-08 00:00:00
osv
osv
Important: grub2, mokutil, shim, and shim-unsigned-x64 security update
2022-06-16 00:00:00
Important: grub2, mokutil, shim, and shim-unsigned-x64 security update
2022-06-16 13:17:13
Important: grub2, mokutil, shim, and shim-unsigned-x64 security update
2022-06-16 13:10:10
almalinux
almalinux
Important: grub2, mokutil, shim, and shim-unsigned-x64 security update
2022-06-16 00:00:00
Important: grub2, mokutil, shim, and shim-unsigned-x64 security update
2022-06-16 00:00:00
redhat
redhat
(RHSA-2022:5099) Important: grub2, mokutil, shim, and shim-unsigned-x64 security update
2022-06-16 13:17:13
(RHSA-2022:5100) Important: grub2, mokutil, shim, and shim-unsigned-x64 security update
2022-06-16 13:17:35
(RHSA-2022:5098) Important: grub2, mokutil, and shim security update
2022-06-16 13:14:23
rocky
rocky
grub2, mokutil, shim, and shim-unsigned-x64 security update
2022-06-16 13:17:13
grub2, mokutil, shim, and shim-unsigned-x64 security update
2022-06-16 13:10:10
gentoo
gentoo
GRUB: Multiple Vulnerabilities
2022-09-25 00:00:00
amazon
amazon
Important: grub2
2023-07-17 17:40:00
ubuntu
ubuntu
GRUB2 vulnerabilities
2023-09-08 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2341
2024-02-14 10:25:29
Advisory ROSA-SA-2023-2112
2023-02-14 11:48:50
Advisory ROSA-SA-2024-2349
2024-02-20 09:18:09
ibm
ibm
Security Bulletin: Security vulnerabilities have been fixed in IBM Security Verify Governance, Identity Manager virtual appliance component
2022-12-20 20:15:41
veracode
veracode
Denial Of Service (DoS)
2022-06-16 04:50:15
Denial Of Service (DoS)
2020-07-30 02:02:34
Remote Code Execution (RCE)
2022-06-16 04:47:55
cve
cve
CVE-2022-28734
2023-07-20 01:15:00
CVE-2022-28736
2023-07-20 01:15:00
CVE-2022-28733
2023-07-20 01:15:00
cbl_mariner
cbl_mariner
CVE-2020-15705 affecting package grub2 2.02-26
2020-11-30 19:30:41
CVE-2022-28736 affecting package grub2 for versions less than 2.06-12
2023-11-08 02:07:28
CVE-2022-28733 affecting package grub2 for versions less than 2.06-14
2024-03-19 17:21:46
prion
prion
Integer overflow
2023-07-20 01:15:00
Design/Logic Flaw
2023-07-20 01:15:00
Code injection
2020-07-29 18:15:00
redhatcve
redhatcve
CVE-2022-28733
2022-06-07 17:19:51
CVE-2020-15705
2020-07-29 17:06:17
CVE-2022-28734
2022-06-07 17:19:54
debiancve
debiancve
CVE-2020-15705
2020-07-29 18:15:00
CVE-2022-28733
2023-07-20 01:15:00
CVE-2022-28734
2023-07-20 01:15:00
alpinelinux
alpinelinux
CVE-2020-15705
2020-07-29 18:15:00
CVE-2021-3697
2022-07-06 16:15:00
photon
photon
Important Photon OS Security Update - PHSA-2023-0510
2023-01-03 00:00:00
Important Photon OS Security Update - PHSA-2023-0306
2023-01-03 00:00:00
ubuntucve
ubuntucve
CVE-2022-28736
2023-07-20 00:00:00
CVE-2022-28733
2023-07-20 00:00:00
CVE-2022-28734
2023-07-20 00:00:00
f5
f5
K000130541 : Grub2 vulnerability CVE-2022-28734
2023-01-11 00:00:00
K000132893 : GRUB2 vulnerability CVE-2022-28733
2023-03-08 00:00:00

8 High

AI Score

Confidence

High

JSON
Related for EULEROS_SA-2022-2562.NASL
openvas40nessus58suse4oraclelinux6fedora2redos1osv8almalinux2redhat7rocky2gentoo1amazon1ubuntu1rosalinux4ibm1veracode6cve7cbl_mariner13prion8redhatcve7debiancve7alpinelinux2photon2ubuntucve7f52