EulerOS Virtualization 2.12.1 : binutils (EulerOS-SA-2026-1418)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(302685);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/03/18");

  script_cve_id(
    "CVE-2025-3198",
    "CVE-2025-5244",
    "CVE-2025-5245",
    "CVE-2025-7545"
  );

  script_name(english:"EulerOS Virtualization 2.12.1 : binutils (EulerOS-SA-2026-1418)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the binutils package installed, the EulerOS Virtualization installation on the remote host
is affected by the following vulnerabilities :

    A vulnerability classified as problematic was found in GNU Binutils 2.45. Affected by this vulnerability
    is the function copy_section of the file binutils/objcopy.c. The manipulation leads to heap-based buffer
    overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and may be
    used. The patch is named 08c3cbe5926e4d355b5cb70bbec2b1eeb40c2944. It is recommended to apply a patch to
    fix this issue.(CVE-2025-7545)

    A vulnerability was found in GNU Binutils up to 2.44. It has been rated as critical. Affected by this
    issue is the function elf_gc_sweep of the file bfd/elflink.c of the component ld. The manipulation leads
    to memory corruption. An attack has to be approached locally. The exploit has been disclosed to the public
    and may be used. Upgrading to version 2.45 is able to address this issue. It is recommended to upgrade the
    affected component.(CVE-2025-5244)

    A vulnerability has been found in GNU Binutils 2.43/2.44 and classified as problematic. Affected by this
    vulnerability is the function display_info of the file binutils/bucomm.c of the component objdump. The
    manipulation leads to memory leak. An attack has to be approached locally. The exploit has been disclosed
    to the public and may be used. The patch is named ba6ad3a18cb26b79e0e3b84c39f707535bbc344d. It is
    recommended to apply a patch to fix this issue.(CVE-2025-3198)

    A vulnerability classified as critical has been found in GNU Binutils up to 2.44. This affects the
    function debug_type_samep of the file /binutils/debug.c of the component objdump. The manipulation leads
    to memory corruption. Local access is required to approach this attack. The exploit has been disclosed to
    the public and may be used. It is recommended to apply a patch to fix this issue.(CVE-2025-5245)

Tenable has extracted the preceding description block directly from the EulerOS Virtualization binutils security
advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2026-1418
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2f25f226");
  script_set_attribute(attribute:"solution", value:
"Update the affected binutils packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-7545");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/04/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/03/16");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/03/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:binutils");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.12.1");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.12.1") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.12.1");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

var flag = 0;

var pkgs = [
  "binutils-2.37-14.h16.eulerosv2r12"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "binutils");
}