EulerOS Virtualization 3.0.2.2 unbound package vulnerabilitie
Reporter | Title | Published | Views | Family All 185 |
---|---|---|---|---|
![]() | Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2023-1299) | 31 Jan 202300:00 | – | openvas |
![]() | Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2022-1150) | 13 Feb 202200:00 | – | openvas |
![]() | Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2021-2210) | 13 Jul 202100:00 | – | openvas |
![]() | Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2022-1100) | 13 Feb 202200:00 | – | openvas |
![]() | Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2021-2620) | 26 Oct 202100:00 | – | openvas |
![]() | Debian: Security Advisory (DLA-2652-1) | 7 May 202100:00 | – | openvas |
![]() | Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2021-2124) | 7 Jul 202100:00 | – | openvas |
![]() | Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2021-2909) | 31 Dec 202100:00 | – | openvas |
![]() | Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2021-2351) | 4 Sep 202100:00 | – | openvas |
![]() | Huawei EulerOS: Security Advisory for unbound (EulerOS-SA-2021-2259) | 9 Aug 202100:00 | – | openvas |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(170806);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/16");
script_cve_id(
"CVE-2019-25031",
"CVE-2019-25032",
"CVE-2019-25033",
"CVE-2019-25034",
"CVE-2019-25035",
"CVE-2019-25036",
"CVE-2019-25037",
"CVE-2019-25038",
"CVE-2019-25039",
"CVE-2019-25040",
"CVE-2019-25041",
"CVE-2019-25042"
);
script_name(english:"EulerOS Virtualization 3.0.2.2 : unbound (EulerOS-SA-2023-1299)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the unbound package installed, the EulerOS Virtualization installation on the remote host
is affected by the following vulnerabilities :
- Unbound before 1.9.5 allows configuration injection in create_unbound_ad_servers.sh upon a successful man-
in-the-middle attack against a cleartext HTTP session. NOTE: The vendor does not consider this a
vulnerability of the Unbound software. create_unbound_ad_servers.sh is a contributed script from the
community that facilitates automatic configuration creation. It is not part of the Unbound installation
(CVE-2019-25031)
- Unbound before 1.9.5 allows an integer overflow in the regional allocator via regional_alloc. NOTE: The
vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound
installation cannot be remotely or locally exploited (CVE-2019-25032)
- Unbound before 1.9.5 allows an integer overflow in the regional allocator via the ALIGN_UP macro. NOTE:
The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound
installation cannot be remotely or locally exploited (CVE-2019-25033)
- Unbound before 1.9.5 allows an integer overflow in sldns_str2wire_dname_buf_origin, leading to an out-of-
bounds write. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable,
a running Unbound installation cannot be remotely or locally exploited (CVE-2019-25034)
- Unbound before 1.9.5 allows an out-of-bounds write in sldns_bget_token_par. NOTE: The vendor disputes that
this is a vulnerability. Although the code may be vulnerable, a running Unbound installation cannot be
remotely or locally exploited (CVE-2019-25035)
- Unbound before 1.9.5 allows an assertion failure and denial of service in synth_cname. NOTE: The vendor
disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation
cannot be remotely or locally exploited (CVE-2019-25036)
- Unbound before 1.9.5 allows an assertion failure and denial of service in dname_pkt_copy via an invalid
packet. NOTE: The vendor disputes that this is a vulnerability. Although the code may be vulnerable, a
running Unbound installation cannot be remotely or locally exploited (CVE-2019-25037)
- Unbound before 1.9.5 allows an integer overflow in a size calculation in dnscrypt/dnscrypt.c. NOTE: The
vendor disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound
installation cannot be remotely or locally exploited (CVE-2019-25038)
- Unbound before 1.9.5 allows an integer overflow in a size calculation in respip/respip.c. NOTE: The vendor
disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation
cannot be remotely or locally exploited (CVE-2019-25039)
- Unbound before 1.9.5 allows an infinite loop via a compressed name in dname_pkt_copy. NOTE: The vendor
disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation
cannot be remotely or locally exploited (CVE-2019-25040)
- Unbound before 1.9.5 allows an assertion failure via a compressed name in dname_pkt_copy. NOTE: The vendor
disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation
cannot be remotely or locally exploited (CVE-2019-25041)
- Unbound before 1.9.5 allows an out-of-bounds write via a compressed name in rdata_copy. NOTE: The vendor
disputes that this is a vulnerability. Although the code may be vulnerable, a running Unbound installation
cannot be remotely or locally exploited (CVE-2019-25042)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1299
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f0840c8f");
script_set_attribute(attribute:"solution", value:
"Update the affected unbound packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-25042");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/04/27");
script_set_attribute(attribute:"patch_publication_date", value:"2023/01/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/30");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:unbound-libs");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.2.2") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.2");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "x86" >!< cpu) audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
var flag = 0;
var pkgs = [
"unbound-libs-1.6.6-1.h5.eulerosv2r7"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "unbound");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo