EulerOS Virtualization 2.10.0 : emacs (EulerOS-SA-2024-2115)

🗓️ 19 Aug 2024 00:00:00Reported by TenableType

EulerOS Virtualization 2.10.0 emacs vulnerabilitie

Reporter	Title	Published	Views	Family All 158
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM API Connect	15 Mar 202500:18	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar SIEM contains multiple vulnerabilities	15 Apr 202502:28	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple security vulnerabilities are addressed with IBM Business Automation Manager Open Editions 8.0.6	15 Apr 202502:58	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Network Packet Capture includes components with multiple known vulnerabilities	30 Jan 202513:31	–	ibm
Tenable Nessus	Amazon Linux 2023 : emacs, emacs-common, emacs-devel (ALAS2023-2024-663)	22 Jul 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2 : emacs (ALAS-2024-2608)	17 Aug 202400:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0251: emacs (ALINUX3-SA-2024:0251)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : emacs (ALSA-2024:6987)	25 Sep 202400:00	–	nessus
Tenable Nessus	Azure Linux 3.0 Security Update: emacs (CVE-2024-30205)	10 Feb 202500:00	–	nessus
Tenable Nessus	Debian dla-3801 : emacs - security update	29 Apr 202400:00	–	nessus

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(205830);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/12/04");

  script_cve_id("CVE-2024-30204", "CVE-2024-30205");

  script_name(english:"EulerOS Virtualization 2.10.0 : emacs (EulerOS-SA-2024-2115)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the emacs package installed, the EulerOS Virtualization installation on the remote host is
affected by the following vulnerabilities :

    In Emacs before 29.3, LaTeX preview is enabled by default for e-mail attachments.(CVE-2024-30204)

    In Emacs before 29.3, Org mode considers contents of remote files to be trusted. This affects Org Mode
    before 9.6.23.(CVE-2024-30205)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization emacs security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2024-2115
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?14086adb");
  script_set_attribute(attribute:"solution", value:
"Update the affected emacs packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-30205");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/03/25");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/08/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/08/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:emacs-filesystem");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.10.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.10.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.10.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);

var flag = 0;

var pkgs = [
  "emacs-filesystem-27.1-4.h9.eulerosv2r10"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_NOTE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "emacs");
}

04 Dec 2024 00:00Current

6.5Medium risk

Vulners AI Score6.5

CVSS 3.17.1

EPSS0.00486

SSVC