Lucene search
+L

EulerOS Virtualization 2.10.0 : ppp (EulerOS-SA-2023-1939)

🗓️ 16 May 2023 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 15 Views

EulerOS Virtualization 2.10.0 Update Available for ppp Vulnerabilit

Related
Refs
Code
ReporterTitlePublishedViews
Family
attackerkb
CVE-2022-4603
18 Dec 202211:15
attackerkb
alpinelinux
CVE-2022-4603
18 Dec 202200:00
alpinelinux
astralinux
Astra Linux - уязвимость в ppp
20 May 202605:53
astralinux
nessus
Azure Linux 3.0 Security Update: ppp (CVE-2022-4603)
22 Jan 202600:00
nessus
nessus
EulerOS 2.0 SP9 : ppp (EulerOS-SA-2023-1454)
8 Mar 202300:00
nessus
nessus
EulerOS 2.0 SP9 : ppp (EulerOS-SA-2023-1479)
8 Mar 202300:00
nessus
nessus
EulerOS 2.0 SP10 : ppp (EulerOS-SA-2023-1535)
19 Mar 202300:00
nessus
nessus
EulerOS 2.0 SP10 : ppp (EulerOS-SA-2023-1560)
19 Mar 202300:00
nessus
nessus
EulerOS 2.0 SP11 : ppp (EulerOS-SA-2023-1576)
24 Mar 202300:00
nessus
nessus
EulerOS 2.0 SP11 : ppp (EulerOS-SA-2023-1586)
23 Mar 202300:00
nessus
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(175768);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/16");

  script_cve_id("CVE-2022-4603");

  script_name(english:"EulerOS Virtualization 2.10.0 : ppp (EulerOS-SA-2023-1939)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the ppp package installed, the EulerOS Virtualization installation on the remote host is
affected by the following vulnerabilities :

  - A vulnerability classified as problematic has been found in ppp. Affected is the function dumpppp of the
    file pppdump/pppdump.c of the component pppdump. The manipulation of the argument spkt.buf/rpkt.buf leads
    to improper validation of array index. The real existence of this vulnerability is still doubted at the
    moment. The name of the patch is a75fb7b198eed50d769c80c36629f38346882cbf. It is recommended to apply a
    patch to fix this issue. VDB-216198 is the identifier assigned to this vulnerability. NOTE: pppdump is not
    used in normal process of setting up a PPP connection, is not installed setuid-root, and is not invoked
    automatically in any scenario. (CVE-2022-4603)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1939
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?65446c36");
  script_set_attribute(attribute:"solution", value:
"Update the affected ppp packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-4603");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/12/18");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/05/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/16");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ppp");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.10.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.10.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.10.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "x86" >!< cpu) audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

var flag = 0;

var pkgs = [
  "ppp-2.4.8-1.h3.eulerosv2r10"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ppp");
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

16 Jan 2024 00:00Current
5Medium risk
Vulners AI Score5
CVSS 3.14.3 - 6.5
EPSS0.00821
15