EulerOS 2.0 SP8 : sysstat (EulerOS-SA-2023-1338) vulnerability in sysstat packag
Reporter | Title | Published | Views | Family All 161 |
---|---|---|---|---|
![]() | CVE-2022-39377 affecting package sysstat for versions less than 12.7.1-1 | 9 Dec 202200:19 | – | cbl_mariner |
![]() | CVE-2022-39377 affecting package sysstat 12.3.3-2 | 30 Nov 202019:30 | – | cbl_mariner |
![]() | CVE-2022-39377 sysstat Incorrect Buffer Size calculation on 32-bit systems results in RCE via buffer overflow | 8 Nov 202200:00 | – | cvelist |
![]() | CVE-2023-33204 | 18 May 202300:00 | – | cvelist |
![]() | [SECURITY] Fedora 36 Update: sysstat-12.5.6-2.fc36 | 18 Nov 202200:45 | – | fedora |
![]() | [SECURITY] Fedora 35 Update: sysstat-12.5.6-2.fc35 | 18 Nov 202201:06 | – | fedora |
![]() | [SECURITY] Fedora 37 Update: sysstat-12.6.0-4.fc37 | 18 Nov 202201:17 | – | fedora |
![]() | Updated sysstat packages fix security vulnerability | 19 Nov 202201:50 | – | mageia |
![]() | Updated sysstat packages fix security vulnerability | 19 Jun 202319:29 | – | mageia |
![]() | Moderate: sysstat security and bug fix update | 9 May 202300:00 | – | osv |
Source | Link |
---|---|
cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
nessus | www.nessus.org/u |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(171168);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/05");
script_cve_id("CVE-2022-39377");
script_name(english:"EulerOS 2.0 SP8 : sysstat (EulerOS-SA-2023-1338)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the versions of the sysstat package installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :
- sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in
versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in
sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic
multiplication, allowing for an overflow in the size allocated for the buffer representing system
activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version
12.7.1. (CVE-2022-39377)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1338
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?801f5810");
script_set_attribute(attribute:"solution", value:
"Update the affected sysstat packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-39377");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/11/08");
script_set_attribute(attribute:"patch_publication_date", value:"2023/02/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/02/08");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sysstat");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (_release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
var flag = 0;
var pkgs = [
"sysstat-11.7.3-2.h10.eulerosv2r8"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sysstat");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo