EulerOS Virtualization 2.11.0 : tpm2-tss (EulerOS-SA-2024-2188)

🗓️ 20 Aug 2024 00:00:00Reported by TenableType

EulerOS Virtualization 2.11.0 tpm2-tss (EulerOS-SA-2024-2188) vulnerability due to deserialization issue in Fapi_Quot

Reporter	Title	Published	Views	Family All 98
Tenable Nessus	Amazon Linux 2023 : tpm2-tss, tpm2-tss-devel, tpm2-tss-fapi (ALAS2023-2024-703)	19 Aug 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP10 : tpm2-tss (EulerOS-SA-2024-1900)	15 Jul 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP10 : tpm2-tss (EulerOS-SA-2024-1924)	15 Jul 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : tpm2-tss (EulerOS-SA-2024-1949)	16 Jul 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : tpm2-tss (EulerOS-SA-2024-1976)	16 Jul 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : tpm2-tss (EulerOS-SA-2024-2096)	8 Aug 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : tpm2-tss (EulerOS-SA-2024-2113)	8 Aug 202400:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.10.0 : tpm2-tss (EulerOS-SA-2024-2131)	19 Aug 202400:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.10.1 : tpm2-tss (EulerOS-SA-2024-2151)	19 Aug 202400:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.11.1 : tpm2-tss (EulerOS-SA-2024-2163)	21 Aug 202400:00	–	nessus

Source	Link
nessus	www.nessus.org/u
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(205919);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/08/20");

  script_cve_id("CVE-2024-29040");

  script_name(english:"EulerOS Virtualization 2.11.0 : tpm2-tss (EulerOS-SA-2024-2188)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the tpm2-tss package installed, the EulerOS Virtualization installation on the remote host
is affected by the following vulnerabilities :

    This repository hosts source code implementing the Trusted Computing Group's (TCG) TPM2 Software Stack
    (TSS). The JSON Quote Info returned by Fapi_Quote has to be deserialized by Fapi_VerifyQuote to the TPM
    Structure `TPMS_ATTEST`. For the field `TPM2_GENERATED magic` of this structure any number can be used in
    the JSON structure. The verifier can receive a state which does not represent the actual, possibly
    malicious state of the device under test. The malicious device might get access to data it shouldn't, or
    can use services it shouldn't be able to. This issue has been patched in version 4.1.0.(CVE-2024-29040)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization tpm2-tss security
advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2024-2188
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?1222673b");
  script_set_attribute(attribute:"solution", value:
"Update the affected tpm2-tss packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:C/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-29040");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/04/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/08/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/08/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:tpm2-tss");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.11.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.11.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.11.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "x86" >!< cpu) audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

var flag = 0;

var pkgs = [
  "tpm2-tss-3.1.0-1.h6.eulerosv2r11"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tpm2-tss");
}

20 Aug 2024 00:00Current

6.4Medium risk

Vulners AI Score6.4

CVSS 3.14.3

EPSS0.00346

SSVC