EulerOS Virtualization 2.12.0 : libyaml (EulerOS-SA-2024-2330)

2024-09-0300:00:00

www.tenable.com

euleros virtualization

libyaml

critical vulnerability

heap-based buffer overflow

remote attack

cve-2024-3205

vdb-259052

tenable.

AI Score

7.5

Confidence

Low

JSON

According to the versions of the libyaml package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

A vulnerability was found in yaml libyaml up to 0.2.5 and classified as critical. Affected by this issue     is the function yaml_emitter_emit_flow_sequence_item of the file /src/libyaml/src/emitter.c. The     manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has     been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259052. NOTE:
The vendor was contacted early about this disclosure but did not respond in any way.(CVE-2024-3205)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization libyaml security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(206523);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/03");

  script_cve_id("CVE-2024-3205");

  script_name(english:"EulerOS Virtualization 2.12.0 : libyaml (EulerOS-SA-2024-2330)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the libyaml package installed, the EulerOS Virtualization installation on the remote host
is affected by the following vulnerabilities :

    A vulnerability was found in yaml libyaml up to 0.2.5 and classified as critical. Affected by this issue
    is the function yaml_emitter_emit_flow_sequence_item of the file /src/libyaml/src/emitter.c. The
    manipulation leads to heap-based buffer overflow. The attack may be launched remotely. The exploit has
    been disclosed to the public and may be used. The identifier of this vulnerability is VDB-259052. NOTE:
    The vendor was contacted early about this disclosure but did not respond in any way.(CVE-2024-3205)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization libyaml security
advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2024-2330
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cf6a685b");
  script_set_attribute(attribute:"solution", value:
"Update the affected libyaml packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-3205");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/04/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/09/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/09/03");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libyaml");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.12.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.12.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.12.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "x86" >!< cpu) audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

var flag = 0;

var pkgs = [
  "libyaml-0.2.5-4.h1.eulerosv2r12"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libyaml");
}