Lucene search
EulerOS 2.0 SP8 : exempi (EulerOS-SA-2024-1262)
🗓️ 12 Mar 2024 00:00:00Reported by This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.Type 
nessus🔗 www.tenable.com👁 26 Views
EulerOS 2.0 SP8 security update for exempi packag
Show more
| Reporter | Title | Published | Views | Family All 47 |
|---|---|---|---|---|
| Rocky Linux 8 : exempi (RLSA-2024:3066) | 14 Jun 202400:00 | – | nessus |
| RHEL 8 : exempi (RHSA-2024:3066) | 23 May 202400:00 | – | nessus |
| RHEL 7 : exempi (Unpatched Vulnerability) | 11 May 202400:00 | – | nessus |
| CentOS 8 : exempi (CESA-2024:3066) | 22 May 202400:00 | – | nessus |
| Oracle Linux 8 : exempi (ELSA-2024-3066) | 28 May 202400:00 | – | nessus |
| SUSE SLED15 / SLES15 / openSUSE 15 Security Update : exempi (SUSE-SU-2023:3518-1) | 6 Sep 202300:00 | – | nessus |
| Amazon Linux 2 : exempi (ALAS-2023-2260) | 20 Sep 202300:00 | – | nessus |
| RHEL 6 : exempi (Unpatched Vulnerability) | 11 May 202400:00 | – | nessus |
| SUSE SLED15 / SLES15 / openSUSE 15 Security Update : exempi (SUSE-SU-2023:3833-1) | 28 Sep 202300:00 | – | nessus |
| SUSE SLES12 Security Update : exempi (SUSE-SU-2023:3734-1) | 23 Sep 202300:00 | – | nessus |
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(191878);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/12");
script_cve_id("CVE-2020-18651", "CVE-2020-18652");
script_name(english:"EulerOS 2.0 SP8 : exempi (EulerOS-SA-2024-1262)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the exempi package installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :
- Buffer Overflow vulnerability in function ID3_Support::ID3v2Frame::getFrameValue in exempi 2.5.0 and
earlier allows remote attackers to cause a denial of service via opening of crafted audio file with ID3V2
frame. (CVE-2020-18651)
- Buffer Overflow vulnerability in WEBP_Support.cpp in exempi 2.5.0 and earlier allows remote attackers to
cause a denial of service via opening of crafted webp file. (CVE-2020-18652)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2024-1262
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d768a728");
script_set_attribute(attribute:"solution", value:
"Update the affected exempi packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-18652");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/08/22");
script_set_attribute(attribute:"patch_publication_date", value:"2024/03/12");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/12");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:exempi");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (_release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
var flag = 0;
var pkgs = [
"exempi-2.4.5-3.h2.eulerosv2r8"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "exempi");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo12 Mar 2024 00:00Current
7.2High risk
Vulners AI Score7.2
CVSS36.5
EPSS0.00336
SSVC