Lucene search
K

EulerOS 2.0 SP12 : syslinux (EulerOS-SA-2024-2958)

🗓️ 12 Dec 2024 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 17 Views

EulerOS 2.0 SP12 is vulnerable due to multiple libpng issues affecting PNG image processing.

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins
Security Bulletin: Using Components with Known Vulnerabilities affects IBM Security Guardium (multiple CVEs)
16 Jun 201821:41
ibm
IBM Security Bulletins
Security Bulletin:Multiple Security Vulnerabilities exist in IBM Cognos Insight
24 Feb 202007:27
ibm
IBM Security Bulletins
Security Bulletin: IBM Flex System Manager (FSM) is affected by libpng vulnerabilities (CVE-2015-7981, CVE-2015-8126)
18 Jun 201801:32
ibm
IBM Security Bulletins
Security Bulletin: IBM API Connect has addressed multiple vulnerabilities in Developer Portal's dependencies - Cumulative list from June 28, 2018 to December 13, 2018
28 Jan 201917:05
ibm
IBM Security Bulletins
Title Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect Identity Governance and Intelligence 5.2
16 Jun 201821:39
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in IBM Java affect IBM Netezza Analytics for NPS
31 May 202203:16
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in IBM® Java SDK affect IBM Tivoli / Security Directory Server January 2016 CPU
16 Jun 201821:41
ibm
IBM Security Bulletins
Security Bulletin: Multiple vulnerabilities in current releases of IBM® WebSphere Real Time
15 Jun 201807:04
ibm
IBM Security Bulletins
Security Bulletin: CICS Transaction Gateway for Multiplatforms
15 Jun 201807:05
ibm
IBM Security Bulletins
Security Bulletin: Gdal vulnerabilities affect IBM Netezza Analytics for NPS
3 Jun 202214:32
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(212600);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/12/12");

  script_cve_id(
    "CVE-2011-2501",
    "CVE-2011-2690",
    "CVE-2011-2691",
    "CVE-2011-2692",
    "CVE-2011-3045",
    "CVE-2011-3048",
    "CVE-2012-3425",
    "CVE-2015-7981",
    "CVE-2015-8126",
    "CVE-2015-8472",
    "CVE-2015-8540",
    "CVE-2016-10087",
    "CVE-2017-12652"
  );

  script_name(english:"EulerOS 2.0 SP12 : syslinux (EulerOS-SA-2024-2958)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the syslinux packages installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :

    Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x
    before 1.0.66, 1.1.x and 1.2.x before 1.2.56, 1.3.x and 1.4.x before 1.4.19, and 1.5.x before 1.5.26
    allows remote attackers to have unspecified impact via a space character as a keyword in a PNG image,
    which triggers an out-of-bounds read.(CVE-2015-8540)

    Buffer overflow in the png_set_PLTE function in libpng before 1.0.65, 1.1.x and 1.2.x before 1.2.55,
    1.3.x, 1.4.x before 1.4.18, 1.5.x before 1.5.25, and 1.6.x before 1.6.20 allows remote attackers to cause
    a denial of service (application crash) or possibly have unspecified other impact via a small bit-depth
    value in an IHDR (aka image header) chunk in a PNG image.  NOTE: this vulnerability exists because of an
    incomplete fix for CVE-2015-8126.(CVE-2015-8472)

    Integer signedness error in the png_inflate function in pngrutil.c in libpng before 1.4.10beta01, as used
    in Google Chrome before 17.0.963.83 and other products, allows remote attackers to cause a denial of
    service (application crash) or possibly execute arbitrary code via a crafted PNG file, a different
    vulnerability than CVE-2011-3026.(CVE-2011-3045)

    The png_set_text_2 function in pngset.c in libpng 1.0.x before 1.0.59, 1.2.x before 1.2.49, 1.4.x before
    1.4.11, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (crash) or execute
    arbitrary code via a crafted text chunk in a PNG image file, which triggers a memory allocation failure
    that is not properly handled, leading to a heap-based buffer overflow.(CVE-2011-3048)

    Multiple buffer overflows in the (1) png_set_PLTE and (2) png_get_PLTE functions in libpng before 1.0.64,
    1.1.x and 1.2.x before 1.2.54, 1.3.x and 1.4.x before 1.4.17, 1.5.x before 1.5.24, and 1.6.x before 1.6.19
    allow remote attackers to cause a denial of service (application crash) or possibly have unspecified other
    impact via a small bit-depth value in an IHDR (aka image header) chunk in a PNG image.(CVE-2015-8126)

    The png_format_buffer function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x
    before 1.4.8, and 1.5.x before 1.5.4 allows remote attackers to cause a denial of service (application
    crash) via a crafted PNG image that triggers an out-of-bounds read during the copying of error-message
    data.  NOTE: this vulnerability exists because of a CVE-2004-0421 regression. NOTE: this is called an off-
    by-one error by some sources.(CVE-2011-2501)

    The png_err function in pngerror.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8,
    and 1.5.x before 1.5.4 makes a function call using a NULL pointer argument instead of an empty-string
    argument, which allows remote attackers to cause a denial of service (application crash) via a crafted PNG
    image.(CVE-2011-2691)

    The png_handle_sCAL function in pngrutil.c in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x
    before 1.4.8, and 1.5.x before 1.5.4 does not properly handle invalid sCAL chunks, which allows remote
    attackers to cause a denial of service (memory corruption and application crash) or possibly have
    unspecified other impact via a crafted PNG image that triggers the reading of uninitialized
    memory.(CVE-2011-2692)

    Buffer overflow in libpng 1.0.x before 1.0.55, 1.2.x before 1.2.45, 1.4.x before 1.4.8, and 1.5.x before
    1.5.4, when used by an application that calls the png_rgb_to_gray function but not the png_set_expand
    function, allows remote attackers to overwrite memory with an arbitrary amount of data, and possibly have
    unspecified other impact, via a crafted PNG image.(CVE-2011-2690)

    The png_convert_to_rfc1123 function in png.c in libpng 1.0.x before 1.0.64, 1.2.x before 1.2.54, and 1.4.x
    before 1.4.17 allows remote attackers to obtain sensitive process memory information via crafted tIME
    chunk data in an image file, which triggers an out-of-bounds read.(CVE-2015-7981)

    The png_push_read_zTXt function in pngpread.c in libpng 1.0.x before 1.0.58, 1.2.x before 1.2.48, 1.4.x
    before 1.4.10, and 1.5.x before 1.5.10 allows remote attackers to cause a denial of service (out-of-bounds
    read) via a large avail_in field value in a PNG image.(CVE-2012-3425)

    The png_set_text_2 function in libpng 0.71 before 1.0.67, 1.2.x before 1.2.57, 1.4.x before 1.4.20, 1.5.x
    before 1.5.28, and 1.6.x before 1.6.27 allows context-dependent attackers to cause a NULL pointer
    dereference vectors involving loading a text chunk into a png structure, removing the text, and then
    adding another text chunk to the structure.(CVE-2016-10087)

    libpng before 1.6.32 does not properly check the length of chunks against the user limit.(CVE-2017-12652)

Tenable has extracted the preceding description block directly from the EulerOS syslinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2024-2958
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ada5fcc4");
  script_set_attribute(attribute:"solution", value:
"Update the affected syslinux packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-8540");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2017-12652");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2011/06/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/12/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/12/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:syslinux");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:syslinux-nonlinux");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (_release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP12");

var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(12)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP12");

if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP12", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "x86" >!< cpu) audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

var flag = 0;

var pkgs = [
  "syslinux-6.04-13.h3.eulerosv2r12",
  "syslinux-nonlinux-6.04-13.h3.eulerosv2r12"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"12", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "syslinux");
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

12 Dec 2024 00:00Current
8.3High risk
Vulners AI Score8.3
CVSS 29.3
CVSS 3.19.8
CVSS 38.8
EPSS0.10339
SSVC
17