Lucene search
K

EulerOS Virtualization 2.10.0 : binutils (EulerOS-SA-2023-2554)

🗓️ 02 Aug 2023 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 18 Views

EulerOS Virtualization 2.10.0 binutils security updat

Related
Refs
Code
ReporterTitlePublishedViews
Family
FreeBSD
binutils -- Multiple vulnerabilities
25 Aug 202400:00
freebsd
ATTACKERKB
CVE-2023-25587
30 Mar 202322:15
attackerkb
ATTACKERKB
CVE-2023-25588
14 Sep 202321:15
attackerkb
AlpineLinux
CVE-2023-25588
14 Sep 202321:15
alpinelinux
AstraLinux
Astra Linux – Vulnerability in binutils
19 Jun 202611:10
astralinux
Tenable Nessus
Azure Linux 3.0 Security Update: crash (CVE-2023-25588)
27 Apr 202500:00
nessus
Tenable Nessus
CentOS 9 : mingw-binutils-2.40-3.el9
29 Feb 202400:00
nessus
Tenable Nessus
EulerOS 2.0 SP9 : binutils (EulerOS-SA-2023-2307)
9 Jul 202300:00
nessus
Tenable Nessus
EulerOS 2.0 SP9 : binutils (EulerOS-SA-2023-2327)
9 Jul 202300:00
nessus
Tenable Nessus
EulerOS 2.0 SP10 : binutils (EulerOS-SA-2023-2347)
18 Jul 202300:00
nessus
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(179278);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/09/25");

  script_cve_id("CVE-2023-25588");

  script_name(english:"EulerOS Virtualization 2.10.0 : binutils (EulerOS-SA-2023-2554)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host
is affected by the following vulnerabilities :

    Field `the_bfd` of `asymbol` is uninitialized in function
    `bfd_mach_o_get_synthetic_symtab`(CVE-2023-25588)

    A flaw was found in binutils, where there is a NULL pointer segmentation fault when accessing the field
    `the_bfd` in the `compare_symbols` function. This flaw may cause a crash to the objdump binary when
    reading a crafted file, impacting availability.(CVE-2023-25587)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization binutils security
advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-2554
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?93add31a");
  script_set_attribute(attribute:"solution", value:
"Update the affected binutils packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-25588");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/03/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/08/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023-2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.10.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.10.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "x86" >!< cpu) audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

var flag = 0;

var pkgs = [
  "binutils-2.34-4.h19.eulerosv2r10"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "binutils");
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

25 Sep 2025 00:00Current
5.5Medium risk
Vulners AI Score5.5
CVSS 3.14.7 - 5.5
EPSS0.00384
SSVC
18