Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2023-2478.NASL
HistoryJul 28, 2023 - 12:00 a.m.

EulerOS Virtualization 2.10.0 : open-iscsi (EulerOS-SA-2023-2478)

2023-07-2800:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
2
JSON

According to the versions of the open-iscsi package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  • An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the offset at which the normal data should be present in the global buffer. However, the length of this offset is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to memory that is way beyond the data buffer in uip_process in uip.c. (CVE-2020-17437)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(178979);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/29");

  script_cve_id("CVE-2020-17437");
  script_xref(name:"CEA-ID", value:"CEA-2020-0139");

  script_name(english:"EulerOS Virtualization 2.10.0 : open-iscsi (EulerOS-SA-2023-2478)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the open-iscsi package installed, the EulerOS Virtualization installation on the remote
host is affected by the following vulnerabilities :

  - An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. When the Urgent flag is set
    in a TCP packet, and the stack is configured to ignore the urgent data, the stack attempts to use the
    value of the Urgent pointer bytes to separate the Urgent data from the normal data, by calculating the
    offset at which the normal data should be present in the global buffer. However, the length of this offset
    is not checked; therefore, for large values of the Urgent pointer bytes, the data pointer can point to
    memory that is way beyond the data buffer in uip_process in uip.c. (CVE-2020-17437)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-2478
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?86ca85ed");
  script_set_attribute(attribute:"solution", value:
"Update the affected open-iscsi packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-17437");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/12/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/07/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/07/28");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:open-iscsi");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.10.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.10.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.10.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "x86" >!< cpu) audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

var flag = 0;

var pkgs = [
  "open-iscsi-2.1.1-3.h19.eulerosv2r10"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "open-iscsi");
}
VendorProductVersionCPE
huaweieulerosopen-iscsip-cpe:/a:huawei:euleros:open-iscsi
huaweieulerosuvpcpe:/o:huawei:euleros:uvp:2.10.0

Related

nessus 19
openvas 20
debiancve 1
ubuntucve 1
redhatcve 1
prion 1
veracode 1
osv 2
cve 1
ics 2
ubuntu 1
photon 1
cert 1
nessus
nessus
EulerOS 2.0 SP10 : open-iscsi (EulerOS-SA-2023-1958)
2023-05-18 00:00:00
EulerOS 2.0 SP10 : open-iscsi (EulerOS-SA-2023-1980)
2023-05-18 00:00:00
EulerOS Virtualization 2.10.1 : open-iscsi (EulerOS-SA-2023-2453)
2023-07-28 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:2861-1)
2022-08-24 00:00:00
Huawei EulerOS: Security Advisory for open-iscsi (EulerOS-SA-2023-1958)
2023-05-18 00:00:00
Huawei EulerOS: Security Advisory for open-iscsi (EulerOS-SA-2023-2478)
2023-07-31 00:00:00
debiancve
debiancve
CVE-2020-17437
2020-12-11 23:15:00
ubuntucve
ubuntucve
CVE-2020-17437
2020-12-01 00:00:00
redhatcve
redhatcve
CVE-2020-17437
2020-12-10 17:34:58
prion
prion
Null pointer dereference
2020-12-11 23:15:00
veracode
veracode
Buffer Overflow
2020-12-24 19:23:41
osv
osv
CVE-2020-17437
2020-12-11 23:15:12
open-iscsi vulnerabilities
2023-07-27 11:00:57
cve
cve
CVE-2020-17437
2020-12-11 23:15:00
ics
ics
Siemens TCP/IP Stack Vulnerabilitiesโ€“AMNESIA:33 in SENTRON PAC / 3VA Devices (Update C)
2022-02-10 12:00:00
Multiple Embedded TCP/IP Stacks
2020-12-09 12:00:00
ubuntu
ubuntu
Open-iSCSI vulnerabilities
2023-07-27 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2022-3.0-0437
2022-08-18 00:00:00
cert
cert
Embedded TCP/IP stacks have memory corruption vulnerabilities
2020-12-08 00:00:00
JSON
Related for EULEROS_SA-2023-2478.NASL
nessus19openvas20debiancve1ubuntucve1redhatcve1prion1veracode1osv2cve1ics2ubuntu1photon1cert1