Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2024-1680.NASLHistoryMay 17, 2024 - 12:00 a.m.
EulerOS Virtualization 3.0.6.0 : gcc (EulerOS-SA-2024-1680)
2024-05-1700:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
euleros
virtualization
gcc
aarch64
buffer overflow
stack-protector
vulnerability
confidentiality
integrity
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
7.9 High
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.0%
According to the versions of the gcc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :
- DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style dynamically-sized local variables or those created using alloca(). The stack-protector operates as intended for statically-sized local variables. The default behavior when the stack-protector detects an overflow is to terminate your application, resulting in controlled loss of availability. An attacker who can exploit a buffer overflow without triggering the stack-protector might be able to change program flow control to cause an uncontrolled loss of availability or to go further and affect confidentiality or integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by itself. (CVE-2023-4039)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(197284);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/17");
script_cve_id("CVE-2023-4039");
script_name(english:"EulerOS Virtualization 3.0.6.0 : gcc (EulerOS-SA-2024-1680)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the versions of the gcc packages installed, the EulerOS Virtualization installation on the remote host is
affected by the following vulnerabilities :
- **DISPUTED**A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows
an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your
application without this being detected. This stack-protector failure only applies to C99-style
dynamically-sized local variables or those created using alloca(). The stack-protector operates as
intended for statically-sized local variables. The default behavior when the stack-protector detects an
overflow is to terminate your application, resulting in controlled loss of availability. An attacker who
can exploit a buffer overflow without triggering the stack-protector might be able to change program flow
control to cause an uncontrolled loss of availability or to go further and affect confidentiality or
integrity. NOTE: The GCC project argues that this is a missed hardening bug and not a vulnerability by
itself. (CVE-2023-4039)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2024-1680
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?035e2e88");
script_set_attribute(attribute:"solution", value:
"Update the affected gcc packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-4039");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/09/08");
script_set_attribute(attribute:"patch_publication_date", value:"2024/05/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/17");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cpp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gcc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gcc-c++");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gcc-gfortran");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gcc-objc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:gcc-objc++");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libasan");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libatomic");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libatomic-static");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libgcc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libgfortran");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libgomp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libitm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libitm-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libobjc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libstdc++");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libstdc++-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libstdc++-static");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.6.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.6.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.6.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
var flag = 0;
var pkgs = [
"cpp-7.3.0-20190804.h29.eulerosv2r8",
"gcc-7.3.0-20190804.h29.eulerosv2r8",
"gcc-c++-7.3.0-20190804.h29.eulerosv2r8",
"gcc-gfortran-7.3.0-20190804.h29.eulerosv2r8",
"gcc-objc++-7.3.0-20190804.h29.eulerosv2r8",
"gcc-objc-7.3.0-20190804.h29.eulerosv2r8",
"libasan-7.3.0-20190804.h29.eulerosv2r8",
"libatomic-7.3.0-20190804.h29.eulerosv2r8",
"libatomic-static-7.3.0-20190804.h29.eulerosv2r8",
"libgcc-7.3.0-20190804.h29.eulerosv2r8",
"libgfortran-7.3.0-20190804.h29.eulerosv2r8",
"libgomp-7.3.0-20190804.h29.eulerosv2r8",
"libitm-7.3.0-20190804.h29.eulerosv2r8",
"libitm-devel-7.3.0-20190804.h29.eulerosv2r8",
"libobjc-7.3.0-20190804.h29.eulerosv2r8",
"libstdc++-7.3.0-20190804.h29.eulerosv2r8",
"libstdc++-devel-7.3.0-20190804.h29.eulerosv2r8",
"libstdc++-static-7.3.0-20190804.h29.eulerosv2r8"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gcc");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| huawei | euleros | libobjc | p-cpe:/a:huawei:euleros:libobjc |
| huawei | euleros | libatomic | p-cpe:/a:huawei:euleros:libatomic |
| huawei | euleros | uvp | cpe:/o:huawei:euleros:uvp:3.0.6.0 |
| huawei | euleros | libstdc%2b%2b | p-cpe:/a:huawei:euleros:libstdc%2b%2b |
| huawei | euleros | libatomic-static | p-cpe:/a:huawei:euleros:libatomic-static |
| huawei | euleros | gcc-objc%2b%2b | p-cpe:/a:huawei:euleros:gcc-objc%2b%2b |
| huawei | euleros | libitm | p-cpe:/a:huawei:euleros:libitm |
| huawei | euleros | gcc-gfortran | p-cpe:/a:huawei:euleros:gcc-gfortran |
| huawei | euleros | libgfortran | p-cpe:/a:huawei:euleros:libgfortran |
| huawei | euleros | cpp | p-cpe:/a:huawei:euleros:cpp |
Related
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:3640-1)
2023-09-19 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:4287-1)
2023-11-01 00:00:00
Huawei EulerOS: Security Advisory for gcc (EulerOS-SA-2024-1265)
2024-03-12 00:00:00
amazon
amazon
Medium: gcc10
2023-09-08 19:46:00
Medium: gcc
2023-09-08 19:46:00
cvelist
cvelist
nessus
nessus
Amazon Linux 2 : gcc (ALAS-2023-2245)
2023-09-13 00:00:00
Oracle Linux 8 : cross-gcc (ELSA-2023-28766)
2023-09-12 00:00:00
SUSE SLES12 Security Update : gcc13 (SUSE-SU-2023:4480-1)
2023-11-21 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2024-2406
2024-04-23 12:04:19
prion
prion
Design/Logic Flaw
2023-09-13 09:15:00
debiancve
debiancve
CVE-2023-4039
2023-09-13 09:15:15
cbl_mariner
cbl_mariner
CVE-2023-4039 affecting package gcc for versions less than 11.2.0-6
2023-09-27 18:02:50
cve
cve
CVE-2023-4039
2023-09-13 09:15:15
alpinelinux
alpinelinux
CVE-2023-4039
2023-09-13 09:15:15
redhatcve
redhatcve
CVE-2023-4039
2023-09-13 05:24:13
oraclelinux
oraclelinux
cross-gcc security update
2023-09-12 00:00:00
cross-gcc security update
2023-09-12 00:00:00
gcc security update
2023-09-12 00:00:00
ubuntucve
ubuntucve
CVE-2023-4039
2023-09-12 00:00:00
nvd
nvd
CVE-2023-4039
2023-09-13 09:15:15
veracode
veracode
Buffer Overflow
2023-11-30 18:34:15
cgr
cgr
CVE-2023-4039 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2023-4039 vulnerabilities
2024-06-17 09:08:17
ibm
ibm
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
4.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N
7.9 High
AI Score
Confidence
Low
0.0005 Low
EPSS
Percentile
17.0%
Related for EULEROS_SA-2024-1680.NASL