Lucene search

HistoryMay 16, 2023 - 12:00 a.m.

EulerOS Virtualization 2.10.1 : libksba (EulerOS-SA-2023-1904)

2023-05-1600:00:00

www.tenable.com

integer overflow crl parser

code execution

remote code execution

s/mime attachment

libksba

vulnerability

euleros-sa-2023-1904

JSON

According to the versions of the libksba package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The vulnerability can be exploited remotely for code execution on the target system by passing specially crafted data to the application, for example, a malicious S/MIME attachment. (CVE-2022-3515)
Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.
(CVE-2022-47629)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(175796);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/05/16");

  script_cve_id("CVE-2022-3515", "CVE-2022-47629");
  script_xref(name:"IAVA", value:"2023-A-0072");

  script_name(english:"EulerOS Virtualization 2.10.1 : libksba (EulerOS-SA-2023-1904)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the libksba package installed, the EulerOS Virtualization installation on the remote host
is affected by the following vulnerabilities :

  - A vulnerability was found in the Libksba library due to an integer overflow within the CRL parser. The
    vulnerability can be exploited remotely for code execution on the target system by passing specially
    crafted data to the application, for example, a malicious S/MIME attachment. (CVE-2022-3515)

  - Libksba before 1.6.3 is prone to an integer overflow vulnerability in the CRL signature parser.
    (CVE-2022-47629)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1904
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1b31c761");
  script_set_attribute(attribute:"solution", value:
"Update the affected libksba packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-47629");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/05/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libksba");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.10.1");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.10.1") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.10.1");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

var flag = 0;

var pkgs = [
  "libksba-1.4.0-2.h2.eulerosv2r10"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libksba");
}

VendorProductVersionCPE
huaweieuleroslibksbap-cpe:/a:huawei:euleros:libksba
huaweieulerosuvpcpe:/o:huawei:euleros:uvp:2.10.1

Vendor	Product	Version	CPE
huawei	euleros	libksba	p-cpe:/a:huawei:euleros:libksba
huawei	euleros	uvp	cpe:/o:huawei:euleros:uvp:2.10.1

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3515

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-47629

www.nessus.org/u?1b31c761

JSON

Related for EULEROS_SA-2023-1904.NASL