Lucene search
K

EulerOS 2.0 SP11 : python-cryptography (EulerOS-SA-2024-1111)

🗓️ 26 Jan 2024 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 19 Views

EulerOS 2.0 SP11 python-cryptography vulnerabilit

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: Vulnerability in Cryptography package for Python affects IBM Process Mining CVE-2023-49083
15 Dec 202319:45
ibm
IBM Security Bulletins
Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak for Multicloud Management
28 Feb 202421:30
ibm
IBM Security Bulletins
Security Bulletin: IBM Storage Ceph is vulnerable to a NULL Pointer Dereference in the RHEL UBI (CVE-2023-49083)
5 Aug 202422:07
ibm
IBM Security Bulletins
Security Bulletin: Vulnerabilities exists in IBM Netezza Performance Server Replication Services
27 Feb 202619:55
ibm
IBM Security Bulletins
Security Bulletin: Vulnerability in Cryptography, Werkzeug might affect IBM Storage Sentinel Anomaly Scan Engine (CVE-2023-49083, CVE-2023-46136)
22 Mar 202416:13
ibm
IBM Security Bulletins
Security Bulletin: Multiple security vulnerabilities are addressed with IBM Cloud Pak for Business Automation iFixes for January 2024.
2 Feb 202408:25
ibm
IBM Security Bulletins
Security Bulletin: IBM QRadar App SDK for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities
9 Apr 202418:57
ibm
IBM Security Bulletins
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
10 Apr 202409:27
ibm
IBM Security Bulletins
Security Bulletin: Cryptography-41.0.3 and cryptography-41.0.5 is vulnerable to CVE-2023-49083 used in IBM Maximo Application Suite - Edge Data Collector
5 Mar 202409:14
ibm
IBM Security Bulletins
Security Bulletin: Cryptography expose cryptographic primitives and recipes
1 Jul 202510:02
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(189704);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/26");

  script_cve_id("CVE-2023-49083");

  script_name(english:"EulerOS 2.0 SP11 : python-cryptography (EulerOS-SA-2024-1111)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the python-cryptography package installed, the EulerOS installation on the remote host is
affected by the following vulnerabilities :

  - cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.
    Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer
    dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service
    (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to
    potential disruptions in system availability and stability. This vulnerability has been patched in version
    41.0.6. (CVE-2023-49083)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2024-1111
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8738d0df");
  script_set_attribute(attribute:"solution", value:
"Update the affected python-cryptography packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-49083");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/11/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/01/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/26");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python3-cryptography");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (_release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP11");

var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(11)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP11");

if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP11", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

var flag = 0;

var pkgs = [
  "python3-cryptography-3.3.1-2.h8.eulerosv2r11"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"11", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python-cryptography");
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

26 Jan 2024 00:00Current
6.2Medium risk
Vulners AI Score6.2
CVSS 3.15.9 - 7.5
EPSS0.00985
SSVC
19