Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2023-1561.NASLHistoryMar 19, 2023 - 12:00 a.m.
EulerOS 2.0 SP10 : proftpd (EulerOS-SA-2023-1561)
2023-03-1900:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
euleros
proftpd
vulnerability
mod_radius
memory disclosure
radius servers
cve-2021-46854
0.001 Low
EPSS
Percentile
48.4%
According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
- mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of 16 characters. (CVE-2021-46854)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(172694);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/30");
script_cve_id("CVE-2021-46854");
script_name(english:"EulerOS 2.0 SP10 : proftpd (EulerOS-SA-2023-1561)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the versions of the proftpd package installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :
- mod_radius in ProFTPD before 1.3.7c allows memory disclosure to RADIUS servers because it copies blocks of
16 characters. (CVE-2021-46854)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1561
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?bdd29f91");
script_set_attribute(attribute:"solution", value:
"Update the affected proftpd packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-46854");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/11/23");
script_set_attribute(attribute:"patch_publication_date", value:"2023/03/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:proftpd");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (_release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10");
var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(10)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP10", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "x86" >!< cpu) audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
var flag = 0;
var pkgs = [
"proftpd-1.3.7a-1.h8.eulerosv2r10"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"10", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "proftpd");
}
Related
prion
prion
Information disclosure
2022-11-23 07:15:00
nessus
nessus
EulerOS 2.0 SP10 : proftpd (EulerOS-SA-2023-1536)
2023-03-19 00:00:00
GLSA-202305-03 : ProFTPd: Memory Disclosure
2023-05-03 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2023-1561)
2023-03-20 00:00:00
Huawei EulerOS: Security Advisory for proftpd (EulerOS-SA-2023-1536)
2023-03-20 00:00:00
ubuntucve
ubuntucve
CVE-2021-46854
2022-11-23 00:00:00
gentoo
gentoo
ProFTPd: Memory Disclosure
2023-05-03 00:00:00
osv
osv
CVE-2021-46854
2022-11-23 07:15:09
debiancve
debiancve
CVE-2021-46854
2022-11-23 07:15:09
nvd
nvd
CVE-2021-46854
2022-11-23 07:15:09
cve
cve
CVE-2021-46854
2022-11-23 07:15:09
cvelist
cvelist
CVE-2021-46854
2022-11-23 00:00:00
redos
redos
ROS-20240404-07
2024-04-04 00:00:00