The remote host is affected by the vulnerability described in GLSA-202210-22 (RPM: Multiple Vulnerabilities)
- There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources. (CVE-2021-3521)
- A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35937)
- A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
(CVE-2021-35938)
- It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35939)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
{"id": "GENTOO_GLSA-202210-22.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "GLSA-202210-22 : RPM: Multiple Vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-202210-22 (RPM: Multiple Vulnerabilities)\n\n - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources. (CVE-2021-3521)\n\n - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35937)\n\n - A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2021-35938)\n\n - It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35939)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "published": "2022-10-31T00:00:00", "modified": "2022-10-31T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/166726", "reporter": "This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35938", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3521", "https://bugs.gentoo.org/show_bug.cgi?id=866716", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35939", "https://bugs.gentoo.org/show_bug.cgi?id=830380", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35937", "https://security.gentoo.org/glsa/202210-22"], "cvelist": ["CVE-2017-7500", "CVE-2017-7501", "CVE-2021-3521", "CVE-2021-35937", "CVE-2021-35938", "CVE-2021-35939"], "immutableFields": [], "lastseen": "2023-07-11T16:40:50", "viewCount": 8, "enchantments": {"score": {"value": -0.1, "vector": "NONE"}, "dependencies": {"references": [{"type": "almalinux", "idList": ["ALSA-2022:0368"]}, {"type": "alpinelinux", "idList": ["ALPINE:CVE-2021-3521", "ALPINE:CVE-2021-35937", "ALPINE:CVE-2021-35938", "ALPINE:CVE-2021-35939"]}, {"type": "cve", "idList": ["CVE-2017-7500", "CVE-2017-7501", "CVE-2021-3521", "CVE-2021-35937", "CVE-2021-35938", "CVE-2021-35939"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2017-7500", "DEBIANCVE:CVE-2017-7501", "DEBIANCVE:CVE-2021-3521", "DEBIANCVE:CVE-2021-35937", "DEBIANCVE:CVE-2021-35938", "DEBIANCVE:CVE-2021-35939"]}, {"type": "f5", "idList": ["F5:K03710547"]}, {"type": "fedora", "idList": ["FEDORA:BB68160F1C0B", "FEDORA:D90736014B80"]}, {"type": "freebsd", "idList": ["0C52ABDE-717B-11ED-98CA-40B034429ECF"]}, {"type": "gentoo", "idList": ["GLSA-201811-22", "GLSA-202210-22"]}, {"type": "ibm", "idList": ["65575758CE6E879BDCFD17ADB708B2448CDF9C00E078AEFB1967358BF519C078", "65A8186C2C8977929AF35D5602314B8018A488990BBF80CB537C3CBEB0B7BEC3", "926EC2BBAF756385F2D7D4C5C98F9F630DFB49737FCEF5BB68A74EB910687527", "97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85", "C9A62458FFCDA7D13068BA51A14F3364875030AD9E3379B54C1EB8EAA4DD8D49", "D56EBBD4671C81624AEF1C667DA00AAEE24DD2706C019B41D11E21168679B99D"]}, {"type": "mageia", "idList": ["MGASA-2017-0394", "MGASA-2022-0321"]}, {"type": "nessus", "idList": ["ALMA_LINUX_ALSA-2022-0368.NASL", "EULEROS_SA-2018-1353.NASL", "EULEROS_SA-2019-1011.NASL", "EULEROS_SA-2019-1043.NASL", "EULEROS_SA-2019-1210.NASL", "EULEROS_SA-2019-1466.NASL", "EULEROS_SA-2019-1616.NASL", "EULEROS_SA-2019-2384.NASL", "EULEROS_SA-2019-2658.NASL", "EULEROS_SA-2022-1015.NASL", "EULEROS_SA-2022-1035.NASL", "EULEROS_SA-2022-1215.NASL", "EULEROS_SA-2022-1234.NASL", "EULEROS_SA-2022-1386.NASL", "EULEROS_SA-2022-1412.NASL", "EULEROS_SA-2022-2741.NASL", "EULEROS_SA-2022-2776.NASL", "EULEROS_SA-2022-2829.NASL", "EULEROS_SA-2022-2855.NASL", "EULEROS_SA-2023-1153.NASL", "EULEROS_SA-2023-1174.NASL", "EULEROS_SA-2023-1202.NASL", "EULEROS_SA-2023-1232.NASL", "EULEROS_SA-2023-1335.NASL", "EULEROS_SA-2023-2230.NASL", "FEDORA_2017-9232EAC8E8.NASL", "FEDORA_2017-AB57A100F3.NASL", "FREEBSD_PKG_0C52ABDE717B11ED98CA40B034429ECF.NASL", "GENTOO_GLSA-201811-22.NASL", "MARINER_RPM_CVE-2021-35937.NASL", "MARINER_RPM_CVE-2021-35939.NASL", "OPENSUSE-2018-1246.NASL", "OPENSUSE-2018-808.NASL", "OPENSUSE-2019-564.NASL", "ORACLELINUX_ELSA-2022-0368.NASL", "PHOTONOS_PHSA-2017-1_0-0095.NASL", "PHOTONOS_PHSA-2017-1_0-0095_RPM.NASL", "PHOTONOS_PHSA-2018-1_0-0194_RPM.NASL", "PHOTONOS_PHSA-2018-2_0-0108_RPM.NASL", "REDHAT-RHSA-2022-0254.NASL", "REDHAT-RHSA-2022-0368.NASL", "REDHAT-RHSA-2022-0634.NASL", "ROCKY_LINUX_RLSA-2022-368.NASL", "SUSE_SU-2018-2073-1.NASL", "SUSE_SU-2018-3286-1.NASL", "SUSE_SU-2018-3884-1.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310851947", "OPENVAS:1361412562310852078", "OPENVAS:1361412562310873581", "OPENVAS:1361412562310873824", "OPENVAS:1361412562311220181353", "OPENVAS:1361412562311220191011", "OPENVAS:1361412562311220191043", "OPENVAS:1361412562311220191210", "OPENVAS:1361412562311220191466", "OPENVAS:1361412562311220191616", "OPENVAS:1361412562311220192384", "OPENVAS:1361412562311220192658"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2022-0368"]}, {"type": "photon", "idList": ["PHSA-2017-0095", "PHSA-2017-1.0-0095", "PHSA-2018-0009", "PHSA-2018-0194", "PHSA-2018-1.0-0194", "PHSA-2018-2.0-0108", "PHSA-2022-0243", "PHSA-2022-0512", "PHSA-2022-3.0-0445", "PHSA-2022-4.0-0243"]}, {"type": "redhat", "idList": ["RHSA-2022:0056", "RHSA-2022:0254", "RHSA-2022:0368", "RHSA-2022:0444", "RHSA-2022:0445", "RHSA-2022:0476", "RHSA-2022:0477", "RHSA-2022:0485", "RHSA-2022:0492", "RHSA-2022:0493", "RHSA-2022:0577", "RHSA-2022:0580", "RHSA-2022:0585", "RHSA-2022:0595", "RHSA-2022:0634", "RHSA-2022:0687", "RHSA-2022:0721", "RHSA-2022:0735", "RHSA-2022:0842", "RHSA-2022:0856", "RHSA-2022:1051", "RHSA-2022:1081", "RHSA-2022:1396", "RHSA-2022:5924"]}, {"type": "redhatcve", "idList": ["RH:CVE-2017-7500", "RH:CVE-2017-7501", "RH:CVE-2021-3521", "RH:CVE-2021-35937", "RH:CVE-2021-35938", "RH:CVE-2021-35939"]}, {"type": "rocky", "idList": ["RLSA-2022:0368", "RLSA-2022:368"]}, {"type": "rosalinux", "idList": ["ROSA-SA-2021-1963"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2018:2215-1", "OPENSUSE-SU-2018:3373-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2017-7500", "UB:CVE-2017-7501", "UB:CVE-2021-3521", "UB:CVE-2021-35937", "UB:CVE-2021-35938", "UB:CVE-2021-35939"]}, {"type": "veracode", "idList": ["VERACODE:34563", "VERACODE:36825", "VERACODE:37369", "VERACODE:37370"]}]}, "epss": [{"cve": "CVE-2017-7500", "epss": 0.00044, "percentile": 0.10277, "modified": "2023-05-01"}, {"cve": "CVE-2017-7501", "epss": 0.00059, "percentile": 0.22803, "modified": "2023-05-01"}, {"cve": "CVE-2021-3521", "epss": 0.00047, "percentile": 0.14407, "modified": "2023-05-02"}, {"cve": "CVE-2021-35937", "epss": 0.00051, "percentile": 0.17833, "modified": "2023-05-01"}, {"cve": "CVE-2021-35938", "epss": 0.00042, "percentile": 0.05657, "modified": "2023-05-01"}, {"cve": "CVE-2021-35939", "epss": 0.00042, "percentile": 0.05657, "modified": "2023-05-01"}], "vulnersScore": -0.1}, "_state": {"score": 1689093838, "dependencies": 1689093768, "epss": 0}, "_internal": {"score_hash": "4e56db324923c4d17d2287c3e6f87b82"}, "pluginID": "166726", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202210-22.\n#\n# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike\n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166726);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/31\");\n\n script_cve_id(\n \"CVE-2021-3521\",\n \"CVE-2021-35937\",\n \"CVE-2021-35938\",\n \"CVE-2021-35939\"\n );\n\n script_name(english:\"GLSA-202210-22 : RPM: Multiple Vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202210-22 (RPM: Multiple Vulnerabilities)\n\n - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a\n binding signature. RPM does not check the binding signature of subkeys prior to importing them. If an\n attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate\n public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data\n integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an\n administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and\n public keys from trusted sources. (CVE-2021-3521)\n\n - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass\n the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2021-35937)\n\n - A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials\n after installing a file. A local unprivileged user could use this flaw to exchange the original file with\n a symbolic link to a security-critical file and escalate their privileges on the system. The highest\n threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2021-35938)\n\n - It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only\n implemented for the parent directory of the file to be created. A local unprivileged user who owns another\n ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35939)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202210-22\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=830380\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugs.gentoo.org/show_bug.cgi?id=866716\");\n script_set_attribute(attribute:\"solution\", value:\n\"All RPM users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose >=app-arch/rpm-4.18.0\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3521\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-35939\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\ninclude('qpkg.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/Gentoo/release')) audit(AUDIT_OS_NOT, 'Gentoo');\nif (!get_kb_item('Host/Gentoo/qpkg-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar flag = 0;\n\nvar packages = [\n {\n 'name' : 'app-arch/rpm',\n 'unaffected' : make_list(\"ge 4.18.0\", \"lt 4.0.0\"),\n 'vulnerable' : make_list(\"lt 4.18.0\")\n }\n];\n\nforeach package( packages ) {\n if (isnull(package['unaffected'])) package['unaffected'] = make_list();\n if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();\n if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;\n}\n\n# This plugin has a different number of unaffected and vulnerable versions for\n# one or more packages. To ensure proper detection, a separate line should be \n# used for each fixed/vulnerable version pair.\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : qpkg_report_get()\n );\n exit(0);\n}\nelse\n{\n qpkg_tests = list_uniq(qpkg_tests);\n var tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'RPM');\n}\n", "naslFamily": "Gentoo Local Security Checks", "cpe": ["p-cpe:/a:gentoo:linux:rpm", "cpe:/o:gentoo:linux"], "solution": "All RPM users should upgrade to the latest version:\n\n # emerge --sync # emerge --ask --oneshot --verbose >=app-arch/rpm-4.18.0", "nessusSeverity": "Low", "cvssScoreSource": "CVE-2021-3521", "vendor_cvss2": {"score": 1.9, "vector": "CVSS2#AV:L/AC:M/Au:N/C:N/I:P/A:N"}, "vendor_cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2022-10-31T00:00:00", "vulnerabilityPublicationDate": "2022-02-22T00:00:00", "exploitableWith": []}
{"nessus": [{"lastseen": "2023-09-11T17:49:24", "description": "According to the versions of the rpm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35937)\n\n - A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2021-35938)\n\n - It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35939)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2023-01-10T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : rpm (EulerOS-SA-2023-1232)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501", "CVE-2021-35937", "CVE-2021-35938", "CVE-2021-35939"], "modified": "2023-09-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-rpm", "p-cpe:/a:huawei:euleros:rpm", "p-cpe:/a:huawei:euleros:rpm-libs", "p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2023-1232.NASL", "href": "https://www.tenable.com/plugins/nessus/169723", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169723);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/11\");\n\n script_cve_id(\"CVE-2021-35937\", \"CVE-2021-35938\", \"CVE-2021-35939\");\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : rpm (EulerOS-SA-2023-1232)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the rpm packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass\n the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2021-35937)\n\n - A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials\n after installing a file. A local unprivileged user could use this flaw to exchange the original file with\n a symbolic link to a security-critical file and escalate their privileges on the system. The highest\n threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2021-35938)\n\n - It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only\n implemented for the parent directory of the file to be created. A local unprivileged user who owns another\n ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35939)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1232\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d96e44ef\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-35939\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu && \"x86\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"x86\" >!< cpu) audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"python3-rpm-4.15.1-12.h34.eulerosv2r9\",\n \"rpm-4.15.1-12.h34.eulerosv2r9\",\n \"rpm-libs-4.15.1-12.h34.eulerosv2r9\",\n \"rpm-plugin-systemd-inhibit-4.15.1-12.h34.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-11T18:32:59", "description": "According to the versions of the rpm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35937)\n\n - A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2021-35938)\n\n - It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35939)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2023-01-10T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.10.1 : rpm (EulerOS-SA-2023-1153)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501", "CVE-2021-35937", "CVE-2021-35938", "CVE-2021-35939"], "modified": "2023-09-11T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-rpm", "p-cpe:/a:huawei:euleros:rpm", "p-cpe:/a:huawei:euleros:rpm-libs", "p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit", "cpe:/o:huawei:euleros:uvp:2.10.1"], "id": "EULEROS_SA-2023-1153.NASL", "href": "https://www.tenable.com/plugins/nessus/169737", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169737);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/11\");\n\n script_cve_id(\"CVE-2021-35937\", \"CVE-2021-35938\", \"CVE-2021-35939\");\n\n script_name(english:\"EulerOS Virtualization 2.10.1 : rpm (EulerOS-SA-2023-1153)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the rpm packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass\n the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2021-35937)\n\n - A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials\n after installing a file. A local unprivileged user could use this flaw to exchange the original file with\n a symbolic link to a security-critical file and escalate their privileges on the system. The highest\n threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2021-35938)\n\n - It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only\n implemented for the parent directory of the file to be created. A local unprivileged user who owns another\n ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35939)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1153\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2cf27ff3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-35939\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.10.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.10.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.10.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu && \"x86\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"python3-rpm-4.15.1-17.h42.eulerosv2r10\",\n \"rpm-4.15.1-17.h42.eulerosv2r10\",\n \"rpm-libs-4.15.1-17.h42.eulerosv2r10\",\n \"rpm-plugin-systemd-inhibit-4.15.1-17.h42.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-08T20:30:29", "description": "According to the versions of the rpm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35937)\n\n - A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2021-35938)\n\n - It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35939)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2023-01-11T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : rpm (EulerOS-SA-2023-1202)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501", "CVE-2021-35937", "CVE-2021-35938", "CVE-2021-35939"], "modified": "2023-09-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-rpm", "p-cpe:/a:huawei:euleros:rpm", "p-cpe:/a:huawei:euleros:rpm-libs", "p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2023-1202.NASL", "href": "https://www.tenable.com/plugins/nessus/169845", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169845);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/08\");\n\n script_cve_id(\"CVE-2021-35937\", \"CVE-2021-35938\", \"CVE-2021-35939\");\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : rpm (EulerOS-SA-2023-1202)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the rpm packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass\n the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2021-35937)\n\n - A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials\n after installing a file. A local unprivileged user could use this flaw to exchange the original file with\n a symbolic link to a security-critical file and escalate their privileges on the system. The highest\n threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2021-35938)\n\n - It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only\n implemented for the parent directory of the file to be created. A local unprivileged user who owns another\n ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35939)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1202\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d428eec9\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-35939\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu && \"x86\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"python3-rpm-4.15.1-12.h34.eulerosv2r9\",\n \"rpm-4.15.1-12.h34.eulerosv2r9\",\n \"rpm-libs-4.15.1-12.h34.eulerosv2r9\",\n \"rpm-plugin-systemd-inhibit-4.15.1-12.h34.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-08T20:28:30", "description": "According to the versions of the rpm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35937)\n\n - A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2021-35938)\n\n - It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35939)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2023-01-11T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.10.0 : rpm (EulerOS-SA-2023-1174)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501", "CVE-2021-35937", "CVE-2021-35938", "CVE-2021-35939"], "modified": "2023-09-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-rpm", "p-cpe:/a:huawei:euleros:rpm", "p-cpe:/a:huawei:euleros:rpm-libs", "p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit", "cpe:/o:huawei:euleros:uvp:2.10.0"], "id": "EULEROS_SA-2023-1174.NASL", "href": "https://www.tenable.com/plugins/nessus/169821", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169821);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/08\");\n\n script_cve_id(\"CVE-2021-35937\", \"CVE-2021-35938\", \"CVE-2021-35939\");\n\n script_name(english:\"EulerOS Virtualization 2.10.0 : rpm (EulerOS-SA-2023-1174)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the rpm packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass\n the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2021-35937)\n\n - A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials\n after installing a file. A local unprivileged user could use this flaw to exchange the original file with\n a symbolic link to a security-critical file and escalate their privileges on the system. The highest\n threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2021-35938)\n\n - It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only\n implemented for the parent directory of the file to be created. A local unprivileged user who owns another\n ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35939)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1174\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c35356ff\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-35939\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.10.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.10.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.10.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu && \"x86\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"x86\" >!< cpu) audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"python3-rpm-4.15.1-17.h42.eulerosv2r10\",\n \"rpm-4.15.1-17.h42.eulerosv2r10\",\n \"rpm-libs-4.15.1-17.h42.eulerosv2r10\",\n \"rpm-plugin-systemd-inhibit-4.15.1-17.h42.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-11T12:43:24", "description": "According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35937)\n\n - A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2021-35938)\n\n - It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35939)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-11-14T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : rpm (EulerOS-SA-2022-2741)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501", "CVE-2021-35937", "CVE-2021-35938", "CVE-2021-35939"], "modified": "2022-11-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-rpm", "p-cpe:/a:huawei:euleros:rpm", "p-cpe:/a:huawei:euleros:rpm-libs", "p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2741.NASL", "href": "https://www.tenable.com/plugins/nessus/167410", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167410);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/30\");\n\n script_cve_id(\"CVE-2021-35937\", \"CVE-2021-35938\", \"CVE-2021-35939\");\n\n script_name(english:\"EulerOS 2.0 SP9 : rpm (EulerOS-SA-2022-2741)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass\n the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2021-35937)\n\n - A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials\n after installing a file. A local unprivileged user could use this flaw to exchange the original file with\n a symbolic link to a security-critical file and escalate their privileges on the system. The highest\n threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2021-35938)\n\n - It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only\n implemented for the parent directory of the file to be created. A local unprivileged user who owns another\n ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35939)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2741\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?70a4ca3d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-35939\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (_release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"python3-rpm-4.15.1-12.h34.eulerosv2r9\",\n \"rpm-4.15.1-12.h34.eulerosv2r9\",\n \"rpm-libs-4.15.1-12.h34.eulerosv2r9\",\n \"rpm-plugin-systemd-inhibit-4.15.1-12.h34.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-11T12:42:40", "description": "According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35937)\n\n - A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2021-35938)\n\n - It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35939)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-11-14T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : rpm (EulerOS-SA-2022-2776)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501", "CVE-2021-35937", "CVE-2021-35938", "CVE-2021-35939"], "modified": "2022-11-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-rpm", "p-cpe:/a:huawei:euleros:rpm", "p-cpe:/a:huawei:euleros:rpm-libs", "p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2776.NASL", "href": "https://www.tenable.com/plugins/nessus/167372", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(167372);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/11/30\");\n\n script_cve_id(\"CVE-2021-35937\", \"CVE-2021-35938\", \"CVE-2021-35939\");\n\n script_name(english:\"EulerOS 2.0 SP9 : rpm (EulerOS-SA-2022-2776)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass\n the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2021-35937)\n\n - A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials\n after installing a file. A local unprivileged user could use this flaw to exchange the original file with\n a symbolic link to a security-critical file and escalate their privileges on the system. The highest\n threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2021-35938)\n\n - It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only\n implemented for the parent directory of the file to be created. A local unprivileged user who owns another\n ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35939)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2776\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ea9abfe4\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-35939\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/11/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/11/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (_release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"python3-rpm-4.15.1-12.h34.eulerosv2r9\",\n \"rpm-4.15.1-12.h34.eulerosv2r9\",\n \"rpm-libs-4.15.1-12.h34.eulerosv2r9\",\n \"rpm-plugin-systemd-inhibit-4.15.1-12.h34.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-12T17:09:19", "description": "According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35937)\n\n - A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2021-35938)\n\n - It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35939)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-12-21T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : rpm (EulerOS-SA-2022-2829)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501", "CVE-2021-35937", "CVE-2021-35938", "CVE-2021-35939"], "modified": "2023-09-12T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-rpm", "p-cpe:/a:huawei:euleros:rpm", "p-cpe:/a:huawei:euleros:rpm-libs", "p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2829.NASL", "href": "https://www.tenable.com/plugins/nessus/169007", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169007);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/12\");\n\n script_cve_id(\"CVE-2021-35937\", \"CVE-2021-35938\", \"CVE-2021-35939\");\n\n script_name(english:\"EulerOS 2.0 SP10 : rpm (EulerOS-SA-2022-2829)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass\n the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2021-35937)\n\n - A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials\n after installing a file. A local unprivileged user could use this flaw to exchange the original file with\n a symbolic link to a security-critical file and escalate their privileges on the system. The highest\n threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2021-35938)\n\n - It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only\n implemented for the parent directory of the file to be created. A local unprivileged user who owns another\n ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35939)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2829\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?55f0a86f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-35939\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (_release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"python3-rpm-4.15.1-17.h42.eulerosv2r10\",\n \"rpm-4.15.1-17.h42.eulerosv2r10\",\n \"rpm-libs-4.15.1-17.h42.eulerosv2r10\",\n \"rpm-plugin-systemd-inhibit-4.15.1-17.h42.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-12T21:17:06", "description": "According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35937)\n\n - A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2021-35938)\n\n - It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35939)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-12-21T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : rpm (EulerOS-SA-2022-2855)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501", "CVE-2021-35937", "CVE-2021-35938", "CVE-2021-35939"], "modified": "2023-09-12T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-rpm", "p-cpe:/a:huawei:euleros:rpm", "p-cpe:/a:huawei:euleros:rpm-libs", "p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2855.NASL", "href": "https://www.tenable.com/plugins/nessus/168989", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168989);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/12\");\n\n script_cve_id(\"CVE-2021-35937\", \"CVE-2021-35938\", \"CVE-2021-35939\");\n\n script_name(english:\"EulerOS 2.0 SP10 : rpm (EulerOS-SA-2022-2855)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass\n the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2021-35937)\n\n - A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials\n after installing a file. A local unprivileged user could use this flaw to exchange the original file with\n a symbolic link to a security-critical file and escalate their privileges on the system. The highest\n threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2021-35938)\n\n - It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only\n implemented for the parent directory of the file to be created. A local unprivileged user who owns another\n ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35939)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2855\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2317c7e7\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-35939\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (_release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"python3-rpm-4.15.1-17.h42.eulerosv2r10\",\n \"rpm-4.15.1-17.h42.eulerosv2r10\",\n \"rpm-libs-4.15.1-17.h42.eulerosv2r10\",\n \"rpm-plugin-systemd-inhibit-4.15.1-17.h42.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-21T14:06:37", "description": "The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 0c52abde-717b-11ed-98ca-40b034429ecf advisory.\n\n - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources. (CVE-2021-3521)\n\n - A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2021-35938)\n\n - It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35939)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-01T00:00:00", "type": "nessus", "title": "FreeBSD : rpm4 -- Multiple Vulnerabilities (0c52abde-717b-11ed-98ca-40b034429ecf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501", "CVE-2021-3521", "CVE-2021-35938", "CVE-2021-35939"], "modified": "2023-09-20T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:rpm4", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_0C52ABDE717B11ED98CA40B034429ECF.NASL", "href": "https://www.tenable.com/plugins/nessus/168328", "sourceData": "#%NASL_MIN_LEVEL 80900\n#\n# (C) Tenable, Inc.\n#\n# @NOAGENT@\n#\n# The descriptive text and package checks in this plugin were\n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168328);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/20\");\n\n script_cve_id(\"CVE-2021-3521\", \"CVE-2021-35938\", \"CVE-2021-35939\");\n\n script_name(english:\"FreeBSD : rpm4 -- Multiple Vulnerabilities (0c52abde-717b-11ed-98ca-40b034429ecf)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple\nvulnerabilities as referenced in the 0c52abde-717b-11ed-98ca-40b034429ecf advisory.\n\n - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a\n binding signature. RPM does not check the binding signature of subkeys prior to importing them. If an\n attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate\n public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data\n integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an\n administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and\n public keys from trusted sources. (CVE-2021-3521)\n\n - A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials\n after installing a file. A local unprivileged user could use this flaw to exchange the original file with\n a symbolic link to a security-critical file and escalate their privileges on the system. The highest\n threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2021-35938)\n\n - It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only\n implemented for the parent directory of the file to be created. A local unprivileged user who owns another\n ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35939)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n # https://vuxml.freebsd.org/freebsd/0c52abde-717b-11ed-98ca-40b034429ecf.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?919b2b98\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-35939\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rpm4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"freebsd_package.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nvar flag = 0;\n\nvar packages = [\n 'rpm4<4.18.0'\n];\n\nforeach var package( packages ) {\n if (pkg_test(save_report:TRUE, pkg: package)) flag++;\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : pkg_report_get()\n );\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-29T21:29:05", "description": "The version of rpm installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-35939 advisory.\n\n - It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35939)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-28T00:00:00", "type": "nessus", "title": "CBL Mariner 2.0 Security Update: rpm (CVE-2021-35939)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501", "CVE-2021-35939"], "modified": "2023-08-29T00:00:00", "cpe": ["p-cpe:/a:microsoft:cbl-mariner:python3-rpm", "p-cpe:/a:microsoft:cbl-mariner:rpm", "p-cpe:/a:microsoft:cbl-mariner:rpm-build", "p-cpe:/a:microsoft:cbl-mariner:rpm-build-libs", "p-cpe:/a:microsoft:cbl-mariner:rpm-debuginfo", "p-cpe:/a:microsoft:cbl-mariner:rpm-devel", "p-cpe:/a:microsoft:cbl-mariner:rpm-lang", "p-cpe:/a:microsoft:cbl-mariner:rpm-libs", "x-cpe:/o:microsoft:cbl-mariner"], "id": "MARINER_RPM_CVE-2021-35939.NASL", "href": "https://www.tenable.com/plugins/nessus/173569", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(173569);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/29\");\n\n script_cve_id(\"CVE-2021-35939\");\n\n script_name(english:\"CBL Mariner 2.0 Security Update: rpm (CVE-2021-35939)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CBL Mariner host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of rpm installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected\nby a vulnerability as referenced in the CVE-2021-35939 advisory.\n\n - It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only\n implemented for the parent directory of the file to be created. A local unprivileged user who owns another\n ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35939)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://nvd.nist.gov/vuln/detail/CVE-2021-35939\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-35939\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:rpm-build-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:rpm-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:microsoft:cbl-mariner\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MarinerOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CBLMariner/release\", \"Host/CBLMariner/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CBLMariner/release');\nif (isnull(release) || 'CBL-Mariner' >!< release) audit(AUDIT_OS_NOT, 'CBL-Mariner');\nvar os_ver = pregmatch(pattern: \"CBL-Mariner ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CBL-Mariner');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CBL-Mariner 2.0', 'CBL-Mariner ' + os_ver);\n\nif (!get_kb_item('Host/CBLMariner/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu)\n audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CBL-Mariner', cpu);\n\nvar pkgs = [\n {'reference':'python3-rpm-4.18.0-2.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-rpm-4.18.0-2.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-4.18.0-2.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-4.18.0-2.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-4.18.0-2.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-4.18.0-2.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-libs-4.18.0-2.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-libs-4.18.0-2.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-debuginfo-4.18.0-2.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-debuginfo-4.18.0-2.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-devel-4.18.0-2.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-devel-4.18.0-2.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-lang-4.18.0-2.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-lang-4.18.0-2.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-libs-4.18.0-2.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-libs-4.18.0-2.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CBLMariner-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-rpm / rpm / rpm-build / rpm-build-libs / rpm-debuginfo / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-29T21:20:59", "description": "The version of rpm installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-35937 advisory.\n\n - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2021-35937)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-28T00:00:00", "type": "nessus", "title": "CBL Mariner 2.0 Security Update: rpm (CVE-2021-35937)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501", "CVE-2021-35937"], "modified": "2023-08-29T00:00:00", "cpe": ["p-cpe:/a:microsoft:cbl-mariner:python3-rpm", "p-cpe:/a:microsoft:cbl-mariner:rpm", "p-cpe:/a:microsoft:cbl-mariner:rpm-build", "p-cpe:/a:microsoft:cbl-mariner:rpm-build-libs", "p-cpe:/a:microsoft:cbl-mariner:rpm-debuginfo", "p-cpe:/a:microsoft:cbl-mariner:rpm-devel", "p-cpe:/a:microsoft:cbl-mariner:rpm-lang", "p-cpe:/a:microsoft:cbl-mariner:rpm-libs", "x-cpe:/o:microsoft:cbl-mariner"], "id": "MARINER_RPM_CVE-2021-35937.NASL", "href": "https://www.tenable.com/plugins/nessus/173529", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(173529);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/29\");\n\n script_cve_id(\"CVE-2021-35937\");\n\n script_name(english:\"CBL Mariner 2.0 Security Update: rpm (CVE-2021-35937)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CBL Mariner host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of rpm installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected\nby a vulnerability as referenced in the CVE-2021-35937 advisory.\n\n - A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass\n the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root\n privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2021-35937)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://nvd.nist.gov/vuln/detail/CVE-2021-35937\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:M/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-35937\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/08/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/09/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:rpm-build-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:rpm-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:microsoft:cbl-mariner\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MarinerOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CBLMariner/release\", \"Host/CBLMariner/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CBLMariner/release');\nif (isnull(release) || 'CBL-Mariner' >!< release) audit(AUDIT_OS_NOT, 'CBL-Mariner');\nvar os_ver = pregmatch(pattern: \"CBL-Mariner ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CBL-Mariner');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CBL-Mariner 2.0', 'CBL-Mariner ' + os_ver);\n\nif (!get_kb_item('Host/CBLMariner/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu)\n audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CBL-Mariner', cpu);\n\nvar pkgs = [\n {'reference':'python3-rpm-4.18.0-2.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-rpm-4.18.0-2.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-4.18.0-2.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-4.18.0-2.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-4.18.0-2.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-4.18.0-2.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-libs-4.18.0-2.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-libs-4.18.0-2.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-debuginfo-4.18.0-2.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-debuginfo-4.18.0-2.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-devel-4.18.0-2.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-devel-4.18.0-2.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-lang-4.18.0-2.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-lang-4.18.0-2.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-libs-4.18.0-2.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-libs-4.18.0-2.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CBLMariner-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-rpm / rpm / rpm-build / rpm-build-libs / rpm-debuginfo / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:22:09", "description": "This latest stable release on rpm 4.13.x branch brings in several important bugfixes. For details see release notes at http://rpm.org/wiki/Releases/4.13.0.2.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-11-29T00:00:00", "type": "nessus", "title": "Fedora 25 : rpm (2017-ab57a100f3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rpm", "cpe:/o:fedoraproject:fedora:25"], "id": "FEDORA_2017-AB57A100F3.NASL", "href": "https://www.tenable.com/plugins/nessus/104828", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-ab57a100f3.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104828);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-7500\", \"CVE-2017-7501\");\n script_xref(name:\"FEDORA\", value:\"2017-ab57a100f3\");\n\n script_name(english:\"Fedora 25 : rpm (2017-ab57a100f3)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This latest stable release on rpm 4.13.x branch brings in several\nimportant bugfixes. For details see release notes at\nhttp://rpm.org/wiki/Releases/4.13.0.2.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rpm.org/wiki/Releases/4.13.0.2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-ab57a100f3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rpm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:25\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^25([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 25\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC25\", reference:\"rpm-4.13.0.2-1.fc25\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:41:39", "description": "This update for rpm fixes the following issues :\n\nThese security issues were fixed :\n\nCVE-2017-7500: rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination (bsc#943457).\n\nCVE-2017-7501: rpm used temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation (bsc#943457)\n\nThe update package also includes non-security fixes. See advisory for details.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-10-23T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : rpm (SUSE-SU-2018:3286-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501"], "modified": "2022-02-04T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:python3-rpm", "p-cpe:/a:novell:suse_linux:python3-rpm-debuginfo", "p-cpe:/a:novell:suse_linux:python3-rpm-debugsource", "p-cpe:/a:novell:suse_linux:rpm", "p-cpe:/a:novell:suse_linux:rpm-build", "p-cpe:/a:novell:suse_linux:rpm-build-debuginfo", "p-cpe:/a:novell:suse_linux:rpm-debuginfo", "p-cpe:/a:novell:suse_linux:rpm-debugsource", "p-cpe:/a:novell:suse_linux:rpm-python", "p-cpe:/a:novell:suse_linux:rpm-python-debuginfo", "p-cpe:/a:novell:suse_linux:rpm-python-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-3286-1.NASL", "href": "https://www.tenable.com/plugins/nessus/118319", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3286-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(118319);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/04\");\n\n script_cve_id(\"CVE-2017-7500\", \"CVE-2017-7501\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : rpm (SUSE-SU-2018:3286-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rpm fixes the following issues :\n\nThese security issues were fixed :\n\nCVE-2017-7500: rpm did not properly handle RPM installations when a\ndestination path was a symbolic link to a directory, possibly changing\nownership and permissions of an arbitrary directory, and RPM files\nbeing placed in an arbitrary destination (bsc#943457).\n\nCVE-2017-7501: rpm used temporary files with predictable names when\ninstalling an RPM. An attacker with ability to write in a directory\nwhere files will be installed could create symbolic links to an\narbitrary location and modify content, and possibly permissions to\narbitrary files, which could be used for denial of service or possibly\nprivilege escalation (bsc#943457)\n\nThe update package also includes non-security fixes. See advisory for\ndetails.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1077692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7500/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7501/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183286-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?dad02b1f\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-2373=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-2373=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-2373=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2373=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7500\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-rpm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpm-build-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpm-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpm-python-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP3\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python3-rpm-4.11.2-16.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python3-rpm-debuginfo-4.11.2-16.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python3-rpm-debugsource-4.11.2-16.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"rpm-32bit-4.11.2-16.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"rpm-4.11.2-16.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"rpm-build-4.11.2-16.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"rpm-build-debuginfo-4.11.2-16.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"rpm-debuginfo-32bit-4.11.2-16.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"rpm-debuginfo-4.11.2-16.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"rpm-debugsource-4.11.2-16.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"rpm-python-4.11.2-16.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"rpm-python-debuginfo-4.11.2-16.16.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"rpm-python-debugsource-4.11.2-16.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"rpm-32bit-4.11.2-16.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"rpm-4.11.2-16.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"rpm-build-4.11.2-16.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"rpm-build-debuginfo-4.11.2-16.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"rpm-debuginfo-32bit-4.11.2-16.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"rpm-debuginfo-4.11.2-16.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"rpm-debugsource-4.11.2-16.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"rpm-python-4.11.2-16.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"rpm-python-debuginfo-4.11.2-16.16.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"rpm-python-debugsource-4.11.2-16.16.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:42:04", "description": "This update for rpm fixes the following issues :\n\nThese security issues were fixed :\n\nCVE-2017-7500: rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination (bsc#943457).\n\nCVE-2017-7501: rpm used temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation (bsc#943457)\n\nThis is a reissue of the above security fixes for SUSE Linux Enterprise 12 GA, SP1 and SP2 LTSS, they have already been released for SUSE Linux Enterprise Server 12 SP3.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-11-26T00:00:00", "type": "nessus", "title": "SUSE SLED12 / SLES12 Security Update : rpm (SUSE-SU-2018:3884-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501"], "modified": "2021-02-23T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:python3-rpm", "p-cpe:/a:novell:suse_linux:python3-rpm-debuginfo", "p-cpe:/a:novell:suse_linux:python3-rpm-debugsource", "p-cpe:/a:novell:suse_linux:rpm", "p-cpe:/a:novell:suse_linux:rpm-build", "p-cpe:/a:novell:suse_linux:rpm-build-debuginfo", "p-cpe:/a:novell:suse_linux:rpm-debuginfo", "p-cpe:/a:novell:suse_linux:rpm-debugsource", "p-cpe:/a:novell:suse_linux:rpm-python", "p-cpe:/a:novell:suse_linux:rpm-python-debuginfo", "p-cpe:/a:novell:suse_linux:rpm-python-debugsource", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2018-3884-1.NASL", "href": "https://www.tenable.com/plugins/nessus/119145", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:3884-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119145);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/23\");\n\n script_cve_id(\"CVE-2017-7500\", \"CVE-2017-7501\");\n\n script_name(english:\"SUSE SLED12 / SLES12 Security Update : rpm (SUSE-SU-2018:3884-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rpm fixes the following issues :\n\nThese security issues were fixed :\n\nCVE-2017-7500: rpm did not properly handle RPM installations when a\ndestination path was a symbolic link to a directory, possibly changing\nownership and permissions of an arbitrary directory, and RPM files\nbeing placed in an arbitrary destination (bsc#943457).\n\nCVE-2017-7501: rpm used temporary files with predictable names when\ninstalling an RPM. An attacker with ability to write in a directory\nwhere files will be installed could create symbolic links to an\narbitrary location and modify content, and possibly permissions to\narbitrary files, which could be used for denial of service or possibly\nprivilege escalation (bsc#943457)\n\nThis is a reissue of the above security fixes for SUSE Linux\nEnterprise 12 GA, SP1 and SP2 LTSS, they have already been released\nfor SUSE Linux Enterprise Server 12 SP3.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7500/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7501/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20183884-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8139f1fd\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE OpenStack Cloud 7:zypper in -t patch\nSUSE-OpenStack-Cloud-7-2018-2766=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP4:zypper in -t\npatch SUSE-SLE-SDK-12-SP4-2018-2766=1\n\nSUSE Linux Enterprise Software Development Kit 12-SP3:zypper in -t\npatch SUSE-SLE-SDK-12-SP3-2018-2766=1\n\nSUSE Linux Enterprise Server for SAP 12-SP2:zypper in -t patch\nSUSE-SLE-SAP-12-SP2-2018-2766=1\n\nSUSE Linux Enterprise Server 12-SP4:zypper in -t patch\nSUSE-SLE-SERVER-12-SP4-2018-2766=1\n\nSUSE Linux Enterprise Server 12-SP3:zypper in -t patch\nSUSE-SLE-SERVER-12-SP3-2018-2766=1\n\nSUSE Linux Enterprise Server 12-SP2-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-2018-2766=1\n\nSUSE Linux Enterprise Server 12-SP2-BCL:zypper in -t patch\nSUSE-SLE-SERVER-12-SP2-BCL-2018-2766=1\n\nSUSE Linux Enterprise Server 12-SP1-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-SP1-2018-2766=1\n\nSUSE Linux Enterprise Server 12-LTSS:zypper in -t patch\nSUSE-SLE-SERVER-12-2018-2766=1\n\nSUSE Linux Enterprise Desktop 12-SP4:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP4-2018-2766=1\n\nSUSE Linux Enterprise Desktop 12-SP3:zypper in -t patch\nSUSE-SLE-DESKTOP-12-SP3-2018-2766=1\n\nSUSE Enterprise Storage 4:zypper in -t patch\nSUSE-Storage-4-2018-2766=1\n\nSUSE CaaS Platform ALL :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nSUSE CaaS Platform 3.0 :\n\nTo install this update, use the SUSE CaaS Platform Velum dashboard. It\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\n\nOpenStack Cloud Magnum Orchestration 7:zypper in -t patch\nSUSE-OpenStack-Cloud-Magnum-Orchestration-7-2018-2766=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-rpm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpm-build-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpm-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpm-python-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED12|SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED12 / SLES12\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|1|2|3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES12 SP0/1/2/3/4\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED12\" && (! preg(pattern:\"^(3|4)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED12 SP3/4\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python3-rpm-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python3-rpm-debuginfo-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"python3-rpm-debugsource-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"rpm-32bit-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"rpm-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"rpm-build-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"rpm-build-debuginfo-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"rpm-debuginfo-32bit-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"rpm-debuginfo-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"rpm-debugsource-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"rpm-python-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"rpm-python-debuginfo-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"1\", reference:\"rpm-python-debugsource-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"python3-rpm-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"python3-rpm-debuginfo-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"python3-rpm-debugsource-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"rpm-32bit-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"rpm-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"rpm-build-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"rpm-build-debuginfo-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"rpm-debuginfo-32bit-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"rpm-debuginfo-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"rpm-debugsource-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"rpm-python-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"rpm-python-debuginfo-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"4\", reference:\"rpm-python-debugsource-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python3-rpm-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python3-rpm-debuginfo-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"python3-rpm-debugsource-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"rpm-32bit-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"rpm-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"rpm-build-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"rpm-build-debuginfo-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"rpm-debuginfo-32bit-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"rpm-debuginfo-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"rpm-debugsource-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"rpm-python-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"rpm-python-debuginfo-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"0\", reference:\"rpm-python-debugsource-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python3-rpm-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python3-rpm-debuginfo-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"python3-rpm-debugsource-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"rpm-32bit-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"rpm-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"rpm-build-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"rpm-build-debuginfo-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"rpm-debuginfo-32bit-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"rpm-debuginfo-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"rpm-debugsource-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"rpm-python-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"rpm-python-debuginfo-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"3\", reference:\"rpm-python-debugsource-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"python3-rpm-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"python3-rpm-debuginfo-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"python3-rpm-debugsource-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"rpm-32bit-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"rpm-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"rpm-build-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"rpm-build-debuginfo-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"rpm-debuginfo-32bit-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"rpm-debuginfo-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"rpm-debugsource-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"rpm-python-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"rpm-python-debuginfo-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLES12\", sp:\"2\", reference:\"rpm-python-debugsource-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"python3-rpm-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"python3-rpm-debuginfo-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"python3-rpm-debugsource-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"rpm-32bit-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"rpm-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"rpm-build-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"rpm-build-debuginfo-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"rpm-debuginfo-32bit-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"rpm-debuginfo-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"rpm-debugsource-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"rpm-python-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"rpm-python-debuginfo-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"4\", cpu:\"x86_64\", reference:\"rpm-python-debugsource-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"rpm-32bit-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"rpm-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"rpm-build-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"rpm-build-debuginfo-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"rpm-debuginfo-32bit-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"rpm-debuginfo-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"rpm-debugsource-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"rpm-python-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"rpm-python-debuginfo-4.11.2-16.21.1\")) flag++;\nif (rpm_check(release:\"SLED12\", sp:\"3\", cpu:\"x86_64\", reference:\"rpm-python-debugsource-4.11.2-16.21.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:20:48", "description": "This latest stable release on rpm 4.13.x branch brings in several important bugfixes. For details see release notes at http://rpm.org/wiki/Releases/4.13.0.2.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2017-11-08T00:00:00", "type": "nessus", "title": "Fedora 26 : rpm (2017-9232eac8e8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rpm", "cpe:/o:fedoraproject:fedora:26"], "id": "FEDORA_2017-9232EAC8E8.NASL", "href": "https://www.tenable.com/plugins/nessus/104447", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2017-9232eac8e8.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(104447);\n script_version(\"3.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2017-7500\", \"CVE-2017-7501\");\n script_xref(name:\"FEDORA\", value:\"2017-9232eac8e8\");\n\n script_name(english:\"Fedora 26 : rpm (2017-9232eac8e8)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This latest stable release on rpm 4.13.x branch brings in several\nimportant bugfixes. For details see release notes at\nhttp://rpm.org/wiki/Releases/4.13.0.2.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://rpm.org/wiki/Releases/4.13.0.2\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2017-9232eac8e8\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rpm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:26\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/11/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2017/11/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2017-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^26([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 26\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC26\", reference:\"rpm-4.13.0.2-1.fc26\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:41:18", "description": "This update for rpm fixes the following issues :\n\nThese security issues were fixed :\n\n - CVE-2017-7500: rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination (bsc#943457).\n\n - CVE-2017-7501: rpm used temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation (bsc#943457)\n\nThis non-security issue was fixed :\n\n - Use ksym-provides tool [bsc#1077692]\n\nThis update was imported from the SUSE:SLE-12:Update update project.", "cvss3": {}, "published": "2018-10-25T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rpm (openSUSE-2018-1246)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:python3-rpm", "p-cpe:/a:novell:opensuse:python3-rpm-debuginfo", "p-cpe:/a:novell:opensuse:python3-rpm-debugsource", "p-cpe:/a:novell:opensuse:rpm", "p-cpe:/a:novell:opensuse:rpm-32bit", "p-cpe:/a:novell:opensuse:rpm-build", "p-cpe:/a:novell:opensuse:rpm-build-debuginfo", "p-cpe:/a:novell:opensuse:rpm-debuginfo", "p-cpe:/a:novell:opensuse:rpm-debuginfo-32bit", "p-cpe:/a:novell:opensuse:rpm-debugsource", "p-cpe:/a:novell:opensuse:rpm-devel", "p-cpe:/a:novell:opensuse:rpm-python", "p-cpe:/a:novell:opensuse:rpm-python-debuginfo", "p-cpe:/a:novell:opensuse:rpm-python-debugsource", "cpe:/o:novell:opensuse:42.3"], "id": "OPENSUSE-2018-1246.NASL", "href": "https://www.tenable.com/plugins/nessus/118382", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-1246.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118382);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-7500\", \"CVE-2017-7501\");\n\n script_name(english:\"openSUSE Security Update : rpm (openSUSE-2018-1246)\");\n script_summary(english:\"Check for the openSUSE-2018-1246 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for rpm fixes the following issues :\n\nThese security issues were fixed :\n\n - CVE-2017-7500: rpm did not properly handle RPM\n installations when a destination path was a symbolic\n link to a directory, possibly changing ownership and\n permissions of an arbitrary directory, and RPM files\n being placed in an arbitrary destination (bsc#943457).\n\n - CVE-2017-7501: rpm used temporary files with predictable\n names when installing an RPM. An attacker with ability\n to write in a directory where files will be installed\n could create symbolic links to an arbitrary location and\n modify content, and possibly permissions to arbitrary\n files, which could be used for denial of service or\n possibly privilege escalation (bsc#943457)\n\nThis non-security issue was fixed :\n\n - Use ksym-provides tool [bsc#1077692]\n\nThis update was imported from the SUSE:SLE-12:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1077692\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=943457\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-rpm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-build-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-debuginfo-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-python-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-python-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:42.3\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/10/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE42\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"42.3\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE42.3\", reference:\"python3-rpm-4.11.2-14.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"python3-rpm-debuginfo-4.11.2-14.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"python3-rpm-debugsource-4.11.2-14.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"rpm-4.11.2-14.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"rpm-build-4.11.2-14.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"rpm-build-debuginfo-4.11.2-14.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"rpm-debuginfo-4.11.2-14.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"rpm-debugsource-4.11.2-14.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"rpm-devel-4.11.2-14.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"rpm-python-4.11.2-14.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"rpm-python-debuginfo-4.11.2-14.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", reference:\"rpm-python-debugsource-4.11.2-14.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"rpm-32bit-4.11.2-14.10.1\") ) flag++;\nif ( rpm_check(release:\"SUSE42.3\", cpu:\"x86_64\", reference:\"rpm-debuginfo-32bit-4.11.2-14.10.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python3-rpm / python3-rpm-debuginfo / python3-rpm-debugsource / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T14:32:30", "description": "According to the version of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.(CVE-2017-7500)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : rpm (EulerOS-SA-2019-2658)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:rpm", "p-cpe:/a:huawei:euleros:rpm-build", "p-cpe:/a:huawei:euleros:rpm-build-libs", "p-cpe:/a:huawei:euleros:rpm-devel", "p-cpe:/a:huawei:euleros:rpm-libs", "p-cpe:/a:huawei:euleros:rpm-ostree", "p-cpe:/a:huawei:euleros:rpm-python", "p-cpe:/a:huawei:euleros:rpm-sign", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2658.NASL", "href": "https://www.tenable.com/plugins/nessus/132193", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(132193);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-7500\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : rpm (EulerOS-SA-2019-2658)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the rpm packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - It was found that rpm did not properly handle RPM\n installations when a destination path was a symbolic\n link to a directory, possibly changing ownership and\n permissions of an arbitrary directory, and RPM files\n being placed in an arbitrary destination. An attacker,\n with write access to a directory in which a\n subdirectory will be installed, could redirect that\n directory to an arbitrary location and gain root\n privilege.(CVE-2017-7500)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2658\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?09e8b38b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rpm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-build-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-ostree\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-sign\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"rpm-4.11.3-21.h7\",\n \"rpm-build-4.11.3-21.h7\",\n \"rpm-build-libs-4.11.3-21.h7\",\n \"rpm-devel-4.11.3-21.h7\",\n \"rpm-libs-4.11.3-21.h7\",\n \"rpm-ostree-2017.4-5\",\n \"rpm-python-4.11.3-21.h7\",\n \"rpm-sign-4.11.3-21.h7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:14:22", "description": "This update for rpm fixes the following issues :\n\nThis security vulnerability was fixed :\n\n - CVE-2017-7500: Fixed symlink attacks during RPM installation (bsc#943457)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2018-08-07T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rpm (openSUSE-2018-808)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:python-rpm-debugsource", "p-cpe:/a:novell:opensuse:python2-rpm", "p-cpe:/a:novell:opensuse:python2-rpm-debuginfo", "p-cpe:/a:novell:opensuse:python3-rpm", "p-cpe:/a:novell:opensuse:python3-rpm-debuginfo", "p-cpe:/a:novell:opensuse:rpm", "p-cpe:/a:novell:opensuse:rpm-32bit", "p-cpe:/a:novell:opensuse:rpm-32bit-debuginfo", "p-cpe:/a:novell:opensuse:rpm-build", "p-cpe:/a:novell:opensuse:rpm-build-debuginfo", "p-cpe:/a:novell:opensuse:rpm-debuginfo", "p-cpe:/a:novell:opensuse:rpm-debugsource", "p-cpe:/a:novell:opensuse:rpm-devel", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2018-808.NASL", "href": "https://www.tenable.com/plugins/nessus/111570", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2018-808.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(111570);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-7500\");\n\n script_name(english:\"openSUSE Security Update : rpm (openSUSE-2018-808)\");\n script_summary(english:\"Check for the openSUSE-2018-808 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for rpm fixes the following issues :\n\nThis security vulnerability was fixed :\n\n - CVE-2017-7500: Fixed symlink attacks during RPM\n installation (bsc#943457)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=943457\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-rpm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python2-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python2-rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-build-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/08/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/07\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python-rpm-debugsource-4.14.1-lp150.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python2-rpm-4.14.1-lp150.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python2-rpm-debuginfo-4.14.1-lp150.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python3-rpm-4.14.1-lp150.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python3-rpm-debuginfo-4.14.1-lp150.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rpm-4.14.1-lp150.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rpm-build-4.14.1-lp150.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rpm-build-debuginfo-4.14.1-lp150.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rpm-debuginfo-4.14.1-lp150.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rpm-debugsource-4.14.1-lp150.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rpm-devel-4.14.1-lp150.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"rpm-32bit-4.14.1-lp150.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"rpm-32bit-debuginfo-4.14.1-lp150.9.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-rpm-debugsource / python2-rpm / python2-rpm-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:37", "description": "An update of the rpm package has been released.", "cvss3": {}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Rpm PHSA-2018-2.0-0108", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:rpm", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2018-2_0-0108_RPM.NASL", "href": "https://www.tenable.com/plugins/nessus/122006", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-2.0-0108. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122006);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2017-7500\");\n\n script_name(english:\"Photon OS 2.0: Rpm PHSA-2018-2.0-0108\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the rpm package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-108.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7500\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 2.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"rpm-4.13.0.2-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"rpm-build-4.13.0.2-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"rpm-debuginfo-4.13.0.2-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"rpm-devel-4.13.0.2-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"rpm-lang-4.13.0.2-1.ph2\")) flag++;\nif (rpm_check(release:\"PhotonOS-2.0\", reference:\"rpm-libs-4.13.0.2-1.ph2\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:29", "description": "This update for rpm fixes the following issues: This security vulnerability was fixed :\n\n - CVE-2017-7500: Fixed symlink attacks during RPM installation (bsc#943457)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-02T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : rpm (SUSE-SU-2018:2073-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500"], "modified": "2021-01-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:python-rpm-debugsource", "p-cpe:/a:novell:suse_linux:python2-rpm", "p-cpe:/a:novell:suse_linux:python2-rpm-debuginfo", "p-cpe:/a:novell:suse_linux:python3-rpm", "p-cpe:/a:novell:suse_linux:python3-rpm-debuginfo", "p-cpe:/a:novell:suse_linux:rpm", "p-cpe:/a:novell:suse_linux:rpm-32bit-debuginfo", "p-cpe:/a:novell:suse_linux:rpm-build", "p-cpe:/a:novell:suse_linux:rpm-build-debuginfo", "p-cpe:/a:novell:suse_linux:rpm-debuginfo", "p-cpe:/a:novell:suse_linux:rpm-debugsource", "p-cpe:/a:novell:suse_linux:rpm-devel", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2018-2073-1.NASL", "href": "https://www.tenable.com/plugins/nessus/120062", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2018:2073-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(120062);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/13\");\n\n script_cve_id(\"CVE-2017-7500\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : rpm (SUSE-SU-2018:2073-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rpm fixes the following issues: This security\nvulnerability was fixed :\n\n - CVE-2017-7500: Fixed symlink attacks during RPM\n installation (bsc#943457)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1094735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1095148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=943457\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2017-7500/\"\n );\n # https://www.suse.com/support/update/announcement/2018/suse-su-20182073-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?753bc882\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Development Tools 15:zypper in -t\npatch SUSE-SLE-Module-Development-Tools-15-2018-1396=1\n\nSUSE Linux Enterprise Module for Basesystem 15:zypper in -t patch\nSUSE-SLE-Module-Basesystem-15-2018-1396=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python-rpm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python2-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python2-rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:python3-rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpm-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpm-build-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/02\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"rpm-32bit-4.14.1-10.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"x86_64\", reference:\"rpm-32bit-debuginfo-4.14.1-10.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python-rpm-debugsource-4.14.1-10.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python2-rpm-4.14.1-10.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python2-rpm-debuginfo-4.14.1-10.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python3-rpm-4.14.1-10.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"python3-rpm-debuginfo-4.14.1-10.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rpm-4.14.1-10.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rpm-build-4.14.1-10.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rpm-build-debuginfo-4.14.1-10.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rpm-debuginfo-4.14.1-10.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rpm-debugsource-4.14.1-10.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", reference:\"rpm-devel-4.14.1-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"rpm-32bit-4.14.1-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", cpu:\"x86_64\", reference:\"rpm-32bit-debuginfo-4.14.1-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python-rpm-debugsource-4.14.1-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python2-rpm-4.14.1-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python2-rpm-debuginfo-4.14.1-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python3-rpm-4.14.1-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"python3-rpm-debuginfo-4.14.1-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rpm-4.14.1-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rpm-build-4.14.1-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rpm-build-debuginfo-4.14.1-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rpm-debuginfo-4.14.1-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rpm-debugsource-4.14.1-10.3.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"0\", reference:\"rpm-devel-4.14.1-10.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:25:35", "description": "An update of the rpm package has been released.", "cvss3": {}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Rpm PHSA-2018-1.0-0194", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500"], "modified": "2022-05-23T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:rpm", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2018-1_0-0194_RPM.NASL", "href": "https://www.tenable.com/plugins/nessus/121897", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2018-1.0-0194. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121897);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/23\");\n\n script_cve_id(\"CVE-2017-7500\");\n\n script_name(english:\"Photon OS 1.0: Rpm PHSA-2018-1.0-0194\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the rpm package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-194.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7500\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/11/07\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"rpm-4.13.0.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"rpm-build-4.13.0.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"rpm-debuginfo-4.13.0.2-1.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"rpm-devel-4.13.0.2-1.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:19:51", "description": "According to the version of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - It was found that rpm uses temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.(CVE-2017-7501)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-02-15T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP3 : rpm (EulerOS-SA-2019-1043)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7501"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:rpm", "p-cpe:/a:huawei:euleros:rpm-build", "p-cpe:/a:huawei:euleros:rpm-build-libs", "p-cpe:/a:huawei:euleros:rpm-devel", "p-cpe:/a:huawei:euleros:rpm-libs", "p-cpe:/a:huawei:euleros:rpm-python", "p-cpe:/a:huawei:euleros:rpm-sign", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1043.NASL", "href": "https://www.tenable.com/plugins/nessus/122216", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(122216);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-7501\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : rpm (EulerOS-SA-2019-1043)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the rpm packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - It was found that rpm uses temporary files with\n predictable names when installing an RPM. An attacker\n with ability to write in a directory where files will\n be installed could create symbolic links to an\n arbitrary location and modify content, and possibly\n permissions to arbitrary files, which could be used for\n denial of service or possibly privilege\n escalation.(CVE-2017-7501)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1043\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?72601959\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rpm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/01/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-build-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-sign\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"rpm-4.11.3-21.h5\",\n \"rpm-build-4.11.3-21.h5\",\n \"rpm-build-libs-4.11.3-21.h5\",\n \"rpm-devel-4.11.3-21.h5\",\n \"rpm-libs-4.11.3-21.h5\",\n \"rpm-python-4.11.3-21.h5\",\n \"rpm-sign-4.11.3-21.h5\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:33:23", "description": "According to the version of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.(CVE-2017-7500)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-12-10T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : rpm (EulerOS-SA-2019-2384)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:rpm", "p-cpe:/a:huawei:euleros:rpm-build", "p-cpe:/a:huawei:euleros:rpm-build-libs", "p-cpe:/a:huawei:euleros:rpm-devel", "p-cpe:/a:huawei:euleros:rpm-libs", "p-cpe:/a:huawei:euleros:rpm-python", "p-cpe:/a:huawei:euleros:rpm-sign", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-2384.NASL", "href": "https://www.tenable.com/plugins/nessus/131876", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131876);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-7500\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : rpm (EulerOS-SA-2019-2384)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the rpm packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - It was found that rpm did not properly handle RPM\n installations when a destination path was a symbolic\n link to a directory, possibly changing ownership and\n permissions of an arbitrary directory, and RPM files\n being placed in an arbitrary destination. An attacker,\n with write access to a directory in which a\n subdirectory will be installed, could redirect that\n directory to an arbitrary location and gain root\n privilege.(CVE-2017-7500)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2384\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?7e7740ef\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rpm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-build-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-sign\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"rpm-4.11.3-17.h5\",\n \"rpm-build-4.11.3-17.h5\",\n \"rpm-build-libs-4.11.3-17.h5\",\n \"rpm-devel-4.11.3-17.h5\",\n \"rpm-libs-4.11.3-17.h5\",\n \"rpm-python-4.11.3-17.h5\",\n \"rpm-sign-4.11.3-17.h5\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-21T14:16:38", "description": "This update for rpm fixes the following issues :\n\nThis security vulnerability was fixed :\n\n - CVE-2017-7500: Fixed symlink attacks during RPM installation (bsc#943457)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2019-03-27T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rpm (openSUSE-2019-564)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500"], "modified": "2021-01-19T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:python-rpm-debugsource", "p-cpe:/a:novell:opensuse:python2-rpm", "p-cpe:/a:novell:opensuse:python2-rpm-debuginfo", "p-cpe:/a:novell:opensuse:python3-rpm", "p-cpe:/a:novell:opensuse:python3-rpm-debuginfo", "p-cpe:/a:novell:opensuse:rpm", "p-cpe:/a:novell:opensuse:rpm-32bit", "p-cpe:/a:novell:opensuse:rpm-32bit-debuginfo", "p-cpe:/a:novell:opensuse:rpm-build", "p-cpe:/a:novell:opensuse:rpm-build-debuginfo", "p-cpe:/a:novell:opensuse:rpm-debuginfo", "p-cpe:/a:novell:opensuse:rpm-debugsource", "p-cpe:/a:novell:opensuse:rpm-devel", "cpe:/o:novell:opensuse:15.0"], "id": "OPENSUSE-2019-564.NASL", "href": "https://www.tenable.com/plugins/nessus/123243", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2019-564.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123243);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2017-7500\");\n\n script_name(english:\"openSUSE Security Update : rpm (openSUSE-2019-564)\");\n script_summary(english:\"Check for the openSUSE-2019-564 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for rpm fixes the following issues :\n\nThis security vulnerability was fixed :\n\n - CVE-2017-7500: Fixed symlink attacks during RPM\n installation (bsc#943457)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1094735\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1095148\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=943457\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python-rpm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python2-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python2-rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-32bit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-build-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/13\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.0)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.0\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(i586|i686|x86_64)$\") audit(AUDIT_ARCH_NOT, \"i586 / i686 / x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python-rpm-debugsource-4.14.1-lp150.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python2-rpm-4.14.1-lp150.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python2-rpm-debuginfo-4.14.1-lp150.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python3-rpm-4.14.1-lp150.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"python3-rpm-debuginfo-4.14.1-lp150.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rpm-4.14.1-lp150.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rpm-build-4.14.1-lp150.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rpm-build-debuginfo-4.14.1-lp150.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rpm-debuginfo-4.14.1-lp150.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rpm-debugsource-4.14.1-lp150.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", reference:\"rpm-devel-4.14.1-lp150.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"rpm-32bit-4.14.1-lp150.9.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.0\", cpu:\"x86_64\", reference:\"rpm-32bit-debuginfo-4.14.1-lp150.9.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-rpm-debugsource / python2-rpm / python2-rpm-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T12:22:41", "description": "According to the version of the rpm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - It was found that rpm uses temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.(CVE-2017-7501)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-14T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.1.0 : rpm (EulerOS-SA-2019-1466)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7501"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:rpm", "p-cpe:/a:huawei:euleros:rpm-build", "p-cpe:/a:huawei:euleros:rpm-build-libs", "p-cpe:/a:huawei:euleros:rpm-libs", "p-cpe:/a:huawei:euleros:rpm-python", "cpe:/o:huawei:euleros:uvp:3.0.1.0"], "id": "EULEROS_SA-2019-1466.NASL", "href": "https://www.tenable.com/plugins/nessus/124969", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(124969);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-7501\"\n );\n\n script_name(english:\"EulerOS Virtualization 3.0.1.0 : rpm (EulerOS-SA-2019-1466)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the rpm packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerability :\n\n - It was found that rpm uses temporary files with\n predictable names when installing an RPM. An attacker\n with ability to write in a directory where files will\n be installed could create symbolic links to an\n arbitrary location and modify content, and possibly\n permissions to arbitrary files, which could be used for\n denial of service or possibly privilege\n escalation.(CVE-2017-7501)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1466\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?e4c43f29\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rpm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-build-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.1.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.1.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.1.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"rpm-4.11.3-32.h6\",\n \"rpm-build-4.11.3-32.h6\",\n \"rpm-build-libs-4.11.3-32.h6\",\n \"rpm-libs-4.11.3-32.h6\",\n \"rpm-python-4.11.3-32.h6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-20T14:42:17", "description": "According to the version of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - It was found that rpm uses temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.(CVE-2017-7501)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2018-11-06T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP2 : rpm (EulerOS-SA-2018-1353)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7501"], "modified": "2021-04-28T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:rpm", "p-cpe:/a:huawei:euleros:rpm-build", "p-cpe:/a:huawei:euleros:rpm-build-libs", "p-cpe:/a:huawei:euleros:rpm-devel", "p-cpe:/a:huawei:euleros:rpm-libs", "p-cpe:/a:huawei:euleros:rpm-python", "p-cpe:/a:huawei:euleros:rpm-sign", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2018-1353.NASL", "href": "https://www.tenable.com/plugins/nessus/118736", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(118736);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/28\");\n\n script_cve_id(\n \"CVE-2017-7501\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : rpm (EulerOS-SA-2018-1353)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the rpm packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - It was found that rpm uses temporary files with\n predictable names when installing an RPM. An attacker\n with ability to write in a directory where files will\n be installed could create symbolic links to an\n arbitrary location and modify content, and possibly\n permissions to arbitrary files, which could be used for\n denial of service or possibly privilege\n escalation.(CVE-2017-7501)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1353\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d33bee68\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rpm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-build-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-sign\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"rpm-4.11.3-17.h3\",\n \"rpm-build-4.11.3-17.h3\",\n \"rpm-build-libs-4.11.3-17.h3\",\n \"rpm-devel-4.11.3-17.h3\",\n \"rpm-libs-4.11.3-17.h3\",\n \"rpm-python-4.11.3-17.h3\",\n \"rpm-sign-4.11.3-17.h3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:24:19", "description": "According to the version of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - It was found that rpm uses temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.(CVE-2017-7501)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-01-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : rpm (EulerOS-SA-2019-1011)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7501"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:rpm", "p-cpe:/a:huawei:euleros:rpm-build", "p-cpe:/a:huawei:euleros:rpm-build-libs", "p-cpe:/a:huawei:euleros:rpm-devel", "p-cpe:/a:huawei:euleros:rpm-libs", "p-cpe:/a:huawei:euleros:rpm-python", "p-cpe:/a:huawei:euleros:rpm-sign", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2019-1011.NASL", "href": "https://www.tenable.com/plugins/nessus/120999", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(120999);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-7501\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : rpm (EulerOS-SA-2019-1011)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the rpm packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerability :\n\n - It was found that rpm uses temporary files with\n predictable names when installing an RPM. An attacker\n with ability to write in a directory where files will\n be installed could create symbolic links to an\n arbitrary location and modify content, and possibly\n permissions to arbitrary files, which could be used for\n denial of service or possibly privilege\n escalation.(CVE-2017-7501)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1011\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?06bcd800\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rpm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/12/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/01/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-build-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-sign\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"rpm-4.11.3-32.h6.eulerosv2r7\",\n \"rpm-build-4.11.3-32.h6.eulerosv2r7\",\n \"rpm-build-libs-4.11.3-32.h6.eulerosv2r7\",\n \"rpm-devel-4.11.3-32.h6.eulerosv2r7\",\n \"rpm-libs-4.11.3-32.h6.eulerosv2r7\",\n \"rpm-python-4.11.3-32.h6.eulerosv2r7\",\n \"rpm-sign-4.11.3-32.h6.eulerosv2r7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:11:24", "description": "According to the version of the rpm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :\n\n - It was found that rpm uses temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.i1/4^CVE-2017-7501i1/4%0\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-04-09T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.5.4 : rpm (EulerOS-SA-2019-1210)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7501"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:rpm", "p-cpe:/a:huawei:euleros:rpm-build", "p-cpe:/a:huawei:euleros:rpm-build-libs", "p-cpe:/a:huawei:euleros:rpm-libs", "p-cpe:/a:huawei:euleros:rpm-python", "cpe:/o:huawei:euleros:uvp:2.5.4"], "id": "EULEROS_SA-2019-1210.NASL", "href": "https://www.tenable.com/plugins/nessus/123896", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(123896);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-7501\"\n );\n\n script_name(english:\"EulerOS Virtualization 2.5.4 : rpm (EulerOS-SA-2019-1210)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the rpm packages installed, the EulerOS\nVirtualization installation on the remote host is affected by the\nfollowing vulnerability :\n\n - It was found that rpm uses temporary files with\n predictable names when installing an RPM. An attacker\n with ability to write in a directory where files will\n be installed could create symbolic links to an\n arbitrary location and modify content, and possibly\n permissions to arbitrary files, which could be used for\n denial of service or possibly privilege\n escalation.i1/4^CVE-2017-7501i1/4%0\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1210\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8a393c78\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rpm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/04/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/04/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-build-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.5.4\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.5.4\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.5.4\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"rpm-4.11.3-32.h6\",\n \"rpm-build-4.11.3-32.h6\",\n \"rpm-build-libs-4.11.3-32.h6\",\n \"rpm-libs-4.11.3-32.h6\",\n \"rpm-python-4.11.3-32.h6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-08-19T12:22:50", "description": "According to the version of the rpm packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :\n\n - It was found that rpm uses temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.(CVE-2017-7501)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2019-05-30T00:00:00", "type": "nessus", "title": "EulerOS Virtualization for ARM 64 3.0.2.0 : rpm (EulerOS-SA-2019-1616)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7501"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:rpm", "p-cpe:/a:huawei:euleros:rpm-build", "p-cpe:/a:huawei:euleros:rpm-build-libs", "p-cpe:/a:huawei:euleros:rpm-libs", "p-cpe:/a:huawei:euleros:rpm-python", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2019-1616.NASL", "href": "https://www.tenable.com/plugins/nessus/125568", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(125568);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2017-7501\"\n );\n\n script_name(english:\"EulerOS Virtualization for ARM 64 3.0.2.0 : rpm (EulerOS-SA-2019-1616)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization for ARM 64 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the rpm packages installed, the EulerOS\nVirtualization for ARM 64 installation on the remote host is affected\nby the following vulnerability :\n\n - It was found that rpm uses temporary files with\n predictable names when installing an RPM. An attacker\n with ability to write in a directory where files will\n be installed could create symbolic links to an\n arbitrary location and modify content, and possibly\n permissions to arbitrary files, which could be used for\n denial of service or possibly privilege\n escalation.(CVE-2017-7501)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1616\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?86ec5b81\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rpm package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/05/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/05/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-build-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-python\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"rpm-4.11.3-32.h6\",\n \"rpm-build-4.11.3-32.h6\",\n \"rpm-build-libs-4.11.3-32.h6\",\n \"rpm-libs-4.11.3-32.h6\",\n \"rpm-python-4.11.3-32.h6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-18T14:26:34", "description": "An update of the rpm package has been released.", "cvss3": {}, "published": "2019-02-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Rpm PHSA-2017-1.0-0095", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7501"], "modified": "2022-05-24T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:rpm", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-1_0-0095_RPM.NASL", "href": "https://www.tenable.com/plugins/nessus/121787", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-1.0-0095. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(121787);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/24\");\n\n script_cve_id(\"CVE-2017-7501\");\n\n script_name(english:\"Photon OS 1.0: Rpm PHSA-2017-1.0-0095\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the rpm package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-95.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-7501\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2017/12/28\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/02/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"rpm-4.13.0.1-4.ph1\")) flag++;\nif (rpm_check(release:\"PhotonOS-1.0\", reference:\"rpm-debuginfo-4.13.0.1-4.ph1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:35:47", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0634 advisory.\n\n - rpm: RPM does not require subkeys to have a valid binding signature (CVE-2021-3521)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-23T00:00:00", "type": "nessus", "title": "RHEL 8 : rpm (RHSA-2022:0634)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:rhel_aus:8.2", "cpe:/o:redhat:rhel_e4s:8.2", "cpe:/o:redhat:rhel_eus:8.2", "cpe:/o:redhat:rhel_tus:8.2", "p-cpe:/a:redhat:enterprise_linux:python3-rpm", "p-cpe:/a:redhat:enterprise_linux:rpm", "p-cpe:/a:redhat:enterprise_linux:rpm-apidocs", "p-cpe:/a:redhat:enterprise_linux:rpm-build", "p-cpe:/a:redhat:enterprise_linux:rpm-build-libs", "p-cpe:/a:redhat:enterprise_linux:rpm-cron", "p-cpe:/a:redhat:enterprise_linux:rpm-devel", "p-cpe:/a:redhat:enterprise_linux:rpm-libs", "p-cpe:/a:redhat:enterprise_linux:rpm-plugin-ima", "p-cpe:/a:redhat:enterprise_linux:rpm-plugin-prioreset", "p-cpe:/a:redhat:enterprise_linux:rpm-plugin-selinux", "p-cpe:/a:redhat:enterprise_linux:rpm-plugin-syslog", "p-cpe:/a:redhat:enterprise_linux:rpm-plugin-systemd-inhibit", "p-cpe:/a:redhat:enterprise_linux:rpm-sign"], "id": "REDHAT-RHSA-2022-0634.NASL", "href": "https://www.tenable.com/plugins/nessus/158325", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0634. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158325);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2021-3521\");\n script_xref(name:\"RHSA\", value:\"2022:0634\");\n\n script_name(english:\"RHEL 8 : rpm (RHSA-2022:0634)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:0634 advisory.\n\n - rpm: RPM does not require subkeys to have a valid binding signature (CVE-2021-3521)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3521\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:0634\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1941098\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3521\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(347);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-build-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-plugin-ima\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-plugin-prioreset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-plugin-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-plugin-syslog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-plugin-systemd-inhibit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-sign\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.2')) audit(AUDIT_OS_NOT, 'Red Hat 8.2', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.2/x86_64/appstream/debug',\n 'content/aus/rhel8/8.2/x86_64/appstream/os',\n 'content/aus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.2/x86_64/baseos/debug',\n 'content/aus/rhel8/8.2/x86_64/baseos/os',\n 'content/aus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.2/ppc64le/sap/os',\n 'content/e4s/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.2/x86_64/appstream/os',\n 'content/e4s/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.2/x86_64/baseos/os',\n 'content/e4s/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.2/x86_64/sap/debug',\n 'content/e4s/rhel8/8.2/x86_64/sap/os',\n 'content/e4s/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/appstream/debug',\n 'content/eus/rhel8/8.2/aarch64/appstream/os',\n 'content/eus/rhel8/8.2/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/baseos/debug',\n 'content/eus/rhel8/8.2/aarch64/baseos/os',\n 'content/eus/rhel8/8.2/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.2/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.2/aarch64/highavailability/os',\n 'content/eus/rhel8/8.2/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.2/aarch64/supplementary/os',\n 'content/eus/rhel8/8.2/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.2/ppc64le/appstream/os',\n 'content/eus/rhel8/8.2/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.2/ppc64le/baseos/os',\n 'content/eus/rhel8/8.2/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.2/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.2/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.2/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.2/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/sap/debug',\n 'content/eus/rhel8/8.2/ppc64le/sap/os',\n 'content/eus/rhel8/8.2/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.2/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/appstream/debug',\n 'content/eus/rhel8/8.2/s390x/appstream/os',\n 'content/eus/rhel8/8.2/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/baseos/debug',\n 'content/eus/rhel8/8.2/s390x/baseos/os',\n 'content/eus/rhel8/8.2/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.2/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/highavailability/debug',\n 'content/eus/rhel8/8.2/s390x/highavailability/os',\n 'content/eus/rhel8/8.2/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.2/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/sap/debug',\n 'content/eus/rhel8/8.2/s390x/sap/os',\n 'content/eus/rhel8/8.2/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/s390x/supplementary/debug',\n 'content/eus/rhel8/8.2/s390x/supplementary/os',\n 'content/eus/rhel8/8.2/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/appstream/debug',\n 'content/eus/rhel8/8.2/x86_64/appstream/os',\n 'content/eus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/baseos/debug',\n 'content/eus/rhel8/8.2/x86_64/baseos/os',\n 'content/eus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.2/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.2/x86_64/highavailability/os',\n 'content/eus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.2/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.2/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/sap/debug',\n 'content/eus/rhel8/8.2/x86_64/sap/os',\n 'content/eus/rhel8/8.2/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.2/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.2/x86_64/supplementary/os',\n 'content/eus/rhel8/8.2/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/appstream/debug',\n 'content/tus/rhel8/8.2/x86_64/appstream/os',\n 'content/tus/rhel8/8.2/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/baseos/debug',\n 'content/tus/rhel8/8.2/x86_64/baseos/os',\n 'content/tus/rhel8/8.2/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.2/x86_64/highavailability/os',\n 'content/tus/rhel8/8.2/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/nfv/debug',\n 'content/tus/rhel8/8.2/x86_64/nfv/os',\n 'content/tus/rhel8/8.2/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.2/x86_64/rt/debug',\n 'content/tus/rhel8/8.2/x86_64/rt/os',\n 'content/tus/rhel8/8.2/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'python3-rpm-4.14.2-40.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-4.14.2-40.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-apidocs-4.14.2-40.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-4.14.2-40.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-libs-4.14.2-40.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-cron-4.14.2-40.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-devel-4.14.2-40.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-libs-4.14.2-40.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-ima-4.14.2-40.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-prioreset-4.14.2-40.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-selinux-4.14.2-40.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-syslog-4.14.2-40.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-systemd-inhibit-4.14.2-40.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-sign-4.14.2-40.el8_2', 'sp':'2', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-rpm / rpm / rpm-apidocs / rpm-build / rpm-build-libs / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:41:29", "description": "The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:368 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : rpm (RLSA-2022:368)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2022-12-13T00:00:00", "cpe": ["p-cpe:/a:rocky:linux:python3-rpm", "p-cpe:/a:rocky:linux:python3-rpm-debuginfo", "p-cpe:/a:rocky:linux:rpm", "p-cpe:/a:rocky:linux:rpm-apidocs", "p-cpe:/a:rocky:linux:rpm-build", "p-cpe:/a:rocky:linux:rpm-build-debuginfo", "p-cpe:/a:rocky:linux:rpm-build-libs", "p-cpe:/a:rocky:linux:rpm-build-libs-debuginfo", "p-cpe:/a:rocky:linux:rpm-cron", "p-cpe:/a:rocky:linux:rpm-debuginfo", "p-cpe:/a:rocky:linux:rpm-debugsource", "p-cpe:/a:rocky:linux:rpm-devel", "p-cpe:/a:rocky:linux:rpm-devel-debuginfo", "p-cpe:/a:rocky:linux:rpm-libs", "p-cpe:/a:rocky:linux:rpm-libs-debuginfo", "p-cpe:/a:rocky:linux:rpm-plugin-fapolicyd", "p-cpe:/a:rocky:linux:rpm-plugin-fapolicyd-debuginfo", "p-cpe:/a:rocky:linux:rpm-plugin-ima", "p-cpe:/a:rocky:linux:rpm-plugin-ima-debuginfo", "p-cpe:/a:rocky:linux:rpm-plugin-prioreset", "p-cpe:/a:rocky:linux:rpm-plugin-prioreset-debuginfo", "p-cpe:/a:rocky:linux:rpm-plugin-selinux", "p-cpe:/a:rocky:linux:rpm-plugin-selinux-debuginfo", "p-cpe:/a:rocky:linux:rpm-plugin-syslog", "p-cpe:/a:rocky:linux:rpm-plugin-syslog-debuginfo", "p-cpe:/a:rocky:linux:rpm-plugin-systemd-inhibit", "p-cpe:/a:rocky:linux:rpm-plugin-systemd-inhibit-debuginfo", "p-cpe:/a:rocky:linux:rpm-sign", "p-cpe:/a:rocky:linux:rpm-sign-debuginfo", "cpe:/o:rocky:linux:8"], "id": "ROCKY_LINUX_RLSA-2022-368.NASL", "href": "https://www.tenable.com/plugins/nessus/157790", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2022:368.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157790);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\"CVE-2021-3521\");\n script_xref(name:\"RLSA\", value:\"2022:368\");\n\n script_name(english:\"Rocky Linux 8 : rpm (RLSA-2022:368)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nRLSA-2022:368 advisory.\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2022:368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=1941098\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3521\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:python3-rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rpm-build-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rpm-build-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rpm-build-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rpm-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rpm-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rpm-devel-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rpm-libs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rpm-plugin-fapolicyd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rpm-plugin-fapolicyd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rpm-plugin-ima\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rpm-plugin-ima-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rpm-plugin-prioreset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rpm-plugin-prioreset-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rpm-plugin-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rpm-plugin-selinux-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rpm-plugin-syslog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rpm-plugin-syslog-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rpm-plugin-systemd-inhibit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rpm-plugin-systemd-inhibit-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rpm-sign\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:rpm-sign-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RockyLinux/release');\nif (isnull(release) || 'Rocky Linux' >!< release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'python3-rpm-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-rpm-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-rpm-debuginfo-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-rpm-debuginfo-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-apidocs-4.14.3-19.el8_5.2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-debuginfo-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-debuginfo-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-libs-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-libs-4.14.3-19.el8_5.2', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-libs-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-libs-debuginfo-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-libs-debuginfo-4.14.3-19.el8_5.2', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-libs-debuginfo-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-cron-4.14.3-19.el8_5.2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-debuginfo-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-debuginfo-4.14.3-19.el8_5.2', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-debuginfo-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-debugsource-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-debugsource-4.14.3-19.el8_5.2', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-debugsource-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-devel-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-devel-4.14.3-19.el8_5.2', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-devel-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-devel-debuginfo-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-devel-debuginfo-4.14.3-19.el8_5.2', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-devel-debuginfo-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-libs-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-libs-4.14.3-19.el8_5.2', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-libs-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-libs-debuginfo-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-libs-debuginfo-4.14.3-19.el8_5.2', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-libs-debuginfo-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-fapolicyd-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-fapolicyd-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-fapolicyd-debuginfo-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-fapolicyd-debuginfo-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-ima-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-ima-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-ima-debuginfo-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-ima-debuginfo-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-prioreset-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-prioreset-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-prioreset-debuginfo-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-prioreset-debuginfo-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-selinux-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-selinux-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-selinux-debuginfo-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-selinux-debuginfo-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-syslog-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-syslog-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-syslog-debuginfo-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-syslog-debuginfo-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-systemd-inhibit-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-systemd-inhibit-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-systemd-inhibit-debuginfo-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-systemd-inhibit-debuginfo-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-sign-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-sign-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-sign-debuginfo-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-sign-debuginfo-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-rpm / python3-rpm-debuginfo / rpm / rpm-apidocs / rpm-build / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-13T10:58:21", "description": "According to the versions of the rpm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a 'binding signature.' RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources. (CVE-2021-3521)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2023-06-13T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.0 : rpm (EulerOS-SA-2023-2230)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2023-06-13T00:00:00", "cpe": ["cpe:/o:huawei:euleros:uvp:3.0.6.0", "p-cpe:/a:huawei:euleros:rpm", "p-cpe:/a:huawei:euleros:rpm-build", "p-cpe:/a:huawei:euleros:rpm-build-libs", "p-cpe:/a:huawei:euleros:rpm-devel", "p-cpe:/a:huawei:euleros:rpm-libs", "p-cpe:/a:huawei:euleros:rpm-sign", "p-cpe:/a:huawei:euleros:python2-rpm", "p-cpe:/a:huawei:euleros:python3-rpm", "p-cpe:/a:huawei:euleros:rpm-apidocs", "p-cpe:/a:huawei:euleros:rpm-cron", "p-cpe:/a:huawei:euleros:rpm-plugin-ima", "p-cpe:/a:huawei:euleros:rpm-plugin-prioreset", "p-cpe:/a:huawei:euleros:rpm-plugin-selinux", "p-cpe:/a:huawei:euleros:rpm-plugin-syslog", "p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit", "p-cpe:/a:huawei:euleros:rpm-sign-libs"], "id": "EULEROS_SA-2023-2230.NASL", "href": "https://www.tenable.com/plugins/nessus/177149", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(177149);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/06/13\");\n\n script_cve_id(\"CVE-2021-3521\");\n\n script_name(english:\"EulerOS Virtualization 3.0.6.0 : rpm (EulerOS-SA-2023-2230)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the rpm packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a\n 'binding signature.' RPM does not check the binding signature of subkeys prior to importing them. If an\n attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate\n public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data\n integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an\n administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and\n public keys from trusted sources. (CVE-2021-3521)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-2230\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ed8146bf\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3521\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/06/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python2-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-build-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-plugin-ima\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-plugin-prioreset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-plugin-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-plugin-syslog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-sign\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-sign-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu && \"x86\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"python2-rpm-4.14.2-1.h19.eulerosv2r8\",\n \"python3-rpm-4.14.2-1.h19.eulerosv2r8\",\n \"rpm-4.14.2-1.h19.eulerosv2r8\",\n \"rpm-apidocs-4.14.2-1.h19.eulerosv2r8\",\n \"rpm-build-4.14.2-1.h19.eulerosv2r8\",\n \"rpm-build-libs-4.14.2-1.h19.eulerosv2r8\",\n \"rpm-cron-4.14.2-1.h19.eulerosv2r8\",\n \"rpm-devel-4.14.2-1.h19.eulerosv2r8\",\n \"rpm-libs-4.14.2-1.h19.eulerosv2r8\",\n \"rpm-plugin-ima-4.14.2-1.h19.eulerosv2r8\",\n \"rpm-plugin-prioreset-4.14.2-1.h19.eulerosv2r8\",\n \"rpm-plugin-selinux-4.14.2-1.h19.eulerosv2r8\",\n \"rpm-plugin-syslog-4.14.2-1.h19.eulerosv2r8\",\n \"rpm-plugin-systemd-inhibit-4.14.2-1.h19.eulerosv2r8\",\n \"rpm-sign-4.14.2-1.h19.eulerosv2r8\",\n \"rpm-sign-libs-4.14.2-1.h19.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:40:06", "description": "According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources. (CVE-2021-3521)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-01-28T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : rpm (EulerOS-SA-2022-1035)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-rpm", "p-cpe:/a:huawei:euleros:rpm", "p-cpe:/a:huawei:euleros:rpm-libs", "p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1035.NASL", "href": "https://www.tenable.com/plugins/nessus/157172", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157172);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2021-3521\");\n\n script_name(english:\"EulerOS 2.0 SP9 : rpm (EulerOS-SA-2022-1035)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a\n binding signature. RPM does not check the binding signature of subkeys prior to importing them. If an\n attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate\n public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data\n integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an\n administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and\n public keys from trusted sources. (CVE-2021-3521)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1035\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c780bb39\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3521\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"python3-rpm-4.15.1-12.h26.eulerosv2r9\",\n \"rpm-4.15.1-12.h26.eulerosv2r9\",\n \"rpm-libs-4.15.1-12.h26.eulerosv2r9\",\n \"rpm-plugin-systemd-inhibit-4.15.1-12.h26.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-27T14:57:30", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0254 advisory.\n\n - rpm: RPM does not require subkeys to have a valid binding signature (CVE-2021-3521)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-26T00:00:00", "type": "nessus", "title": "RHEL 8 : rpm (RHSA-2022:0254)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2023-05-25T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:rpm-build-libs", "p-cpe:/a:redhat:enterprise_linux:rpm-cron", "p-cpe:/a:redhat:enterprise_linux:rpm-devel", "p-cpe:/a:redhat:enterprise_linux:rpm-libs", "p-cpe:/a:redhat:enterprise_linux:rpm-plugin-fapolicyd", "p-cpe:/a:redhat:enterprise_linux:rpm-plugin-ima", "p-cpe:/a:redhat:enterprise_linux:rpm-plugin-prioreset", "p-cpe:/a:redhat:enterprise_linux:rpm-plugin-selinux", "p-cpe:/a:redhat:enterprise_linux:rpm-plugin-syslog", "p-cpe:/a:redhat:enterprise_linux:rpm-plugin-systemd-inhibit", "p-cpe:/a:redhat:enterprise_linux:rpm-sign", "cpe:/o:redhat:rhel_aus:8.4", "cpe:/o:redhat:rhel_e4s:8.4", "cpe:/o:redhat:rhel_eus:8.4", "cpe:/o:redhat:rhel_tus:8.4", "p-cpe:/a:redhat:enterprise_linux:python3-rpm", "p-cpe:/a:redhat:enterprise_linux:rpm", "p-cpe:/a:redhat:enterprise_linux:rpm-apidocs", "p-cpe:/a:redhat:enterprise_linux:rpm-build"], "id": "REDHAT-RHSA-2022-0254.NASL", "href": "https://www.tenable.com/plugins/nessus/157100", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0254. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157100);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2021-3521\");\n script_xref(name:\"RHSA\", value:\"2022:0254\");\n\n script_name(english:\"RHEL 8 : rpm (RHSA-2022:0254)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:0254 advisory.\n\n - rpm: RPM does not require subkeys to have a valid binding signature (CVE-2021-3521)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3521\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:0254\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1941098\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3521\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(347);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/26\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.4\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-build-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-plugin-fapolicyd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-plugin-ima\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-plugin-prioreset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-plugin-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-plugin-syslog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-plugin-systemd-inhibit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-sign\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.4')) audit(AUDIT_OS_NOT, 'Red Hat 8.4', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.4/x86_64/appstream/debug',\n 'content/aus/rhel8/8.4/x86_64/appstream/os',\n 'content/aus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.4/x86_64/baseos/debug',\n 'content/aus/rhel8/8.4/x86_64/baseos/os',\n 'content/aus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/appstream/debug',\n 'content/e4s/rhel8/8.4/aarch64/appstream/os',\n 'content/e4s/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/aarch64/baseos/debug',\n 'content/e4s/rhel8/8.4/aarch64/baseos/os',\n 'content/e4s/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.4/ppc64le/sap/os',\n 'content/e4s/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/appstream/debug',\n 'content/e4s/rhel8/8.4/s390x/appstream/os',\n 'content/e4s/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/s390x/baseos/debug',\n 'content/e4s/rhel8/8.4/s390x/baseos/os',\n 'content/e4s/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.4/x86_64/appstream/os',\n 'content/e4s/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.4/x86_64/baseos/os',\n 'content/e4s/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/nfv/debug',\n 'content/e4s/rhel8/8.4/x86_64/nfv/os',\n 'content/e4s/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.4/x86_64/sap/debug',\n 'content/e4s/rhel8/8.4/x86_64/sap/os',\n 'content/e4s/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/appstream/debug',\n 'content/eus/rhel8/8.4/aarch64/appstream/os',\n 'content/eus/rhel8/8.4/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/baseos/debug',\n 'content/eus/rhel8/8.4/aarch64/baseos/os',\n 'content/eus/rhel8/8.4/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.4/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.4/aarch64/highavailability/os',\n 'content/eus/rhel8/8.4/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.4/aarch64/supplementary/os',\n 'content/eus/rhel8/8.4/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.4/ppc64le/appstream/os',\n 'content/eus/rhel8/8.4/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.4/ppc64le/baseos/os',\n 'content/eus/rhel8/8.4/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.4/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.4/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.4/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.4/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/sap/debug',\n 'content/eus/rhel8/8.4/ppc64le/sap/os',\n 'content/eus/rhel8/8.4/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.4/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/appstream/debug',\n 'content/eus/rhel8/8.4/s390x/appstream/os',\n 'content/eus/rhel8/8.4/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/baseos/debug',\n 'content/eus/rhel8/8.4/s390x/baseos/os',\n 'content/eus/rhel8/8.4/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.4/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/highavailability/debug',\n 'content/eus/rhel8/8.4/s390x/highavailability/os',\n 'content/eus/rhel8/8.4/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.4/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/sap/debug',\n 'content/eus/rhel8/8.4/s390x/sap/os',\n 'content/eus/rhel8/8.4/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/s390x/supplementary/debug',\n 'content/eus/rhel8/8.4/s390x/supplementary/os',\n 'content/eus/rhel8/8.4/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/appstream/debug',\n 'content/eus/rhel8/8.4/x86_64/appstream/os',\n 'content/eus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/baseos/debug',\n 'content/eus/rhel8/8.4/x86_64/baseos/os',\n 'content/eus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.4/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.4/x86_64/highavailability/os',\n 'content/eus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.4/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.4/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/sap/debug',\n 'content/eus/rhel8/8.4/x86_64/sap/os',\n 'content/eus/rhel8/8.4/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.4/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.4/x86_64/supplementary/os',\n 'content/eus/rhel8/8.4/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/appstream/debug',\n 'content/tus/rhel8/8.4/x86_64/appstream/os',\n 'content/tus/rhel8/8.4/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/baseos/debug',\n 'content/tus/rhel8/8.4/x86_64/baseos/os',\n 'content/tus/rhel8/8.4/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.4/x86_64/highavailability/os',\n 'content/tus/rhel8/8.4/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/nfv/debug',\n 'content/tus/rhel8/8.4/x86_64/nfv/os',\n 'content/tus/rhel8/8.4/x86_64/nfv/source/SRPMS',\n 'content/tus/rhel8/8.4/x86_64/rt/debug',\n 'content/tus/rhel8/8.4/x86_64/rt/os',\n 'content/tus/rhel8/8.4/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'python3-rpm-4.14.3-14.el8_4.2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-4.14.3-14.el8_4.2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-apidocs-4.14.3-14.el8_4.2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-4.14.3-14.el8_4.2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-libs-4.14.3-14.el8_4.2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-cron-4.14.3-14.el8_4.2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-devel-4.14.3-14.el8_4.2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-libs-4.14.3-14.el8_4.2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-fapolicyd-4.14.3-14.el8_4.2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-ima-4.14.3-14.el8_4.2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-prioreset-4.14.3-14.el8_4.2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-selinux-4.14.3-14.el8_4.2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-syslog-4.14.3-14.el8_4.2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-systemd-inhibit-4.14.3-14.el8_4.2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-sign-4.14.3-14.el8_4.2', 'sp':'4', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var subscription_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in the Red Hat Enterprise Linux\\n' +\n 'Advanced Update Support, Extended Update Support, Telco Extended Update Support or Update Services for SAP Solutions repositories.\\n' +\n 'Access to these repositories requires a paid RHEL subscription.\\n';\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();\n else extra = subscription_caveat + rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-rpm / rpm / rpm-apidocs / rpm-build / rpm-build-libs / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:42:39", "description": "According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a 'binding signature.'[1] RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. 1. https://tools.ietf.org/html/rfc4880#section-5.2.1 (CVE-2021-3521)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2023-02-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : rpm (EulerOS-SA-2023-1335)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2023-02-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:rpm-build-libs", "p-cpe:/a:huawei:euleros:rpm-cron", "p-cpe:/a:huawei:euleros:rpm-devel", "p-cpe:/a:huawei:euleros:rpm-libs", "p-cpe:/a:huawei:euleros:rpm-plugin-ima", "p-cpe:/a:huawei:euleros:rpm-plugin-prioreset", "p-cpe:/a:huawei:euleros:rpm-plugin-selinux", "p-cpe:/a:huawei:euleros:rpm-plugin-syslog", "p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit", "p-cpe:/a:huawei:euleros:rpm-sign", "p-cpe:/a:huawei:euleros:rpm-sign-libs", "cpe:/o:huawei:euleros:2.0", "p-cpe:/a:huawei:euleros:python2-rpm", "p-cpe:/a:huawei:euleros:python3-rpm", "p-cpe:/a:huawei:euleros:rpm", "p-cpe:/a:huawei:euleros:rpm-apidocs", "p-cpe:/a:huawei:euleros:rpm-build"], "id": "EULEROS_SA-2023-1335.NASL", "href": "https://www.tenable.com/plugins/nessus/171195", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(171195);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/08\");\n\n script_cve_id(\"CVE-2021-3521\");\n\n script_name(english:\"EulerOS 2.0 SP8 : rpm (EulerOS-SA-2023-1335)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a\n 'binding signature.'[1] RPM does not check the binding signature of subkeys prior to importing them. If an\n attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate\n public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data\n integrity. 1. https://tools.ietf.org/html/rfc4880#section-5.2.1 (CVE-2021-3521)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1335\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c37fffa8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3521\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/02/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python2-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-build-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-plugin-ima\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-plugin-prioreset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-plugin-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-plugin-syslog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-sign\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-sign-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (_release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu && \"x86\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"python2-rpm-4.14.2-1.h19.eulerosv2r8\",\n \"python3-rpm-4.14.2-1.h19.eulerosv2r8\",\n \"rpm-4.14.2-1.h19.eulerosv2r8\",\n \"rpm-apidocs-4.14.2-1.h19.eulerosv2r8\",\n \"rpm-build-4.14.2-1.h19.eulerosv2r8\",\n \"rpm-build-libs-4.14.2-1.h19.eulerosv2r8\",\n \"rpm-cron-4.14.2-1.h19.eulerosv2r8\",\n \"rpm-devel-4.14.2-1.h19.eulerosv2r8\",\n \"rpm-libs-4.14.2-1.h19.eulerosv2r8\",\n \"rpm-plugin-ima-4.14.2-1.h19.eulerosv2r8\",\n \"rpm-plugin-prioreset-4.14.2-1.h19.eulerosv2r8\",\n \"rpm-plugin-selinux-4.14.2-1.h19.eulerosv2r8\",\n \"rpm-plugin-syslog-4.14.2-1.h19.eulerosv2r8\",\n \"rpm-plugin-systemd-inhibit-4.14.2-1.h19.eulerosv2r8\",\n \"rpm-sign-4.14.2-1.h19.eulerosv2r8\",\n \"rpm-sign-libs-4.14.2-1.h19.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:42:25", "description": "The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:0368 advisory.\n\n - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources. (CVE-2021-3521)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-11T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : rpm (ALSA-2022:0368)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:/a:alma:linux:rpm-plugin-selinux", "p-cpe:/a:alma:linux:rpm-plugin-syslog", "p-cpe:/a:alma:linux:rpm-plugin-systemd-inhibit", "p-cpe:/a:alma:linux:rpm-sign", "cpe:/o:alma:linux:8", "p-cpe:/a:alma:linux:python3-rpm", "p-cpe:/a:alma:linux:rpm", "p-cpe:/a:alma:linux:rpm-apidocs", "p-cpe:/a:alma:linux:rpm-build", "p-cpe:/a:alma:linux:rpm-build-libs", "p-cpe:/a:alma:linux:rpm-cron", "p-cpe:/a:alma:linux:rpm-devel", "p-cpe:/a:alma:linux:rpm-libs", "p-cpe:/a:alma:linux:rpm-plugin-fapolicyd", "p-cpe:/a:alma:linux:rpm-plugin-ima", "p-cpe:/a:alma:linux:rpm-plugin-prioreset"], "id": "ALMA_LINUX_ALSA-2022-0368.NASL", "href": "https://www.tenable.com/plugins/nessus/158835", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:0368.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158835);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2021-3521\");\n script_xref(name:\"ALSA\", value:\"2022:0368\");\n\n script_name(english:\"AlmaLinux 8 : rpm (ALSA-2022:0368)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the\nALSA-2022:0368 advisory.\n\n - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a\n binding signature. RPM does not check the binding signature of subkeys prior to importing them. If an\n attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate\n public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data\n integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an\n administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and\n public keys from trusted sources. (CVE-2021-3521)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-0368.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3521\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:rpm-build-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:rpm-plugin-fapolicyd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:rpm-plugin-ima\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:rpm-plugin-prioreset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:rpm-plugin-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:rpm-plugin-syslog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:rpm-plugin-systemd-inhibit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:rpm-sign\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'python3-rpm-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-apidocs-4.14.3-19.el8_5.2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-libs-4.14.3-19.el8_5.2', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-libs-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-cron-4.14.3-19.el8_5.2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-devel-4.14.3-19.el8_5.2', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-devel-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-libs-4.14.3-19.el8_5.2', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-libs-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-fapolicyd-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-ima-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-prioreset-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-selinux-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-syslog-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-systemd-inhibit-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-sign-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-rpm / rpm / rpm-apidocs / rpm-build / rpm-build-libs / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:43:41", "description": "According to the versions of the rpm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources. (CVE-2021-3521)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-04-18T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.10.0 : rpm (EulerOS-SA-2022-1412)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-rpm", "p-cpe:/a:huawei:euleros:rpm", "p-cpe:/a:huawei:euleros:rpm-libs", "p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit", "cpe:/o:huawei:euleros:uvp:2.10.0"], "id": "EULEROS_SA-2022-1412.NASL", "href": "https://www.tenable.com/plugins/nessus/159842", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159842);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2021-3521\");\n\n script_name(english:\"EulerOS Virtualization 2.10.0 : rpm (EulerOS-SA-2022-1412)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the rpm packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a\n binding signature. RPM does not check the binding signature of subkeys prior to importing them. If an\n attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate\n public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data\n integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an\n administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and\n public keys from trusted sources. (CVE-2021-3521)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1412\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?61ac8e51\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3521\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.10.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.10.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.10.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"python3-rpm-4.15.1-17.h36.eulerosv2r10\",\n \"rpm-4.15.1-17.h36.eulerosv2r10\",\n \"rpm-libs-4.15.1-17.h36.eulerosv2r10\",\n \"rpm-plugin-systemd-inhibit-4.15.1-17.h36.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:41:59", "description": "According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources. (CVE-2021-3521)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-02-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : rpm (EulerOS-SA-2022-1234)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-rpm", "p-cpe:/a:huawei:euleros:rpm", "p-cpe:/a:huawei:euleros:rpm-libs", "p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1234.NASL", "href": "https://www.tenable.com/plugins/nessus/158431", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158431);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2021-3521\");\n\n script_name(english:\"EulerOS 2.0 SP10 : rpm (EulerOS-SA-2022-1234)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a\n binding signature. RPM does not check the binding signature of subkeys prior to importing them. If an\n attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate\n public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data\n integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an\n administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and\n public keys from trusted sources. (CVE-2021-3521)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1234\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d8e55759\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3521\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"python3-rpm-4.15.1-17.h31.eulerosv2r10\",\n \"rpm-4.15.1-17.h31.eulerosv2r10\",\n \"rpm-libs-4.15.1-17.h31.eulerosv2r10\",\n \"rpm-plugin-systemd-inhibit-4.15.1-17.h31.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:40:17", "description": "According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources. (CVE-2021-3521)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-01-28T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : rpm (EulerOS-SA-2022-1015)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-rpm", "p-cpe:/a:huawei:euleros:rpm", "p-cpe:/a:huawei:euleros:rpm-libs", "p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1015.NASL", "href": "https://www.tenable.com/plugins/nessus/157170", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157170);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2021-3521\");\n\n script_name(english:\"EulerOS 2.0 SP9 : rpm (EulerOS-SA-2022-1015)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a\n binding signature. RPM does not check the binding signature of subkeys prior to importing them. If an\n attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate\n public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data\n integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an\n administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and\n public keys from trusted sources. (CVE-2021-3521)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1015\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0e1b0a5a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3521\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"python3-rpm-4.15.1-12.h26.eulerosv2r9\",\n \"rpm-4.15.1-12.h26.eulerosv2r9\",\n \"rpm-libs-4.15.1-12.h26.eulerosv2r9\",\n \"rpm-plugin-systemd-inhibit-4.15.1-12.h26.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:43:57", "description": "According to the versions of the rpm packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources. (CVE-2021-3521)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-04-18T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.10.1 : rpm (EulerOS-SA-2022-1386)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-rpm", "p-cpe:/a:huawei:euleros:rpm", "p-cpe:/a:huawei:euleros:rpm-build", "p-cpe:/a:huawei:euleros:rpm-devel", "p-cpe:/a:huawei:euleros:rpm-help", "p-cpe:/a:huawei:euleros:rpm-libs", "p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit", "cpe:/o:huawei:euleros:uvp:2.10.1"], "id": "EULEROS_SA-2022-1386.NASL", "href": "https://www.tenable.com/plugins/nessus/159874", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159874);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2021-3521\");\n\n script_name(english:\"EulerOS Virtualization 2.10.1 : rpm (EulerOS-SA-2022-1386)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the rpm packages installed, the EulerOS Virtualization installation on the remote host is\naffected by the following vulnerabilities :\n\n - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a\n binding signature. RPM does not check the binding signature of subkeys prior to importing them. If an\n attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate\n public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data\n integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an\n administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and\n public keys from trusted sources. (CVE-2021-3521)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1386\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9e81f35c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3521\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-help\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.10.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.10.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.10.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"python3-rpm-4.15.1-17.h36.eulerosv2r10\",\n \"rpm-4.15.1-17.h36.eulerosv2r10\",\n \"rpm-build-4.15.1-17.h36.eulerosv2r10\",\n \"rpm-devel-4.15.1-17.h36.eulerosv2r10\",\n \"rpm-help-4.15.1-17.h36.eulerosv2r10\",\n \"rpm-libs-4.15.1-17.h36.eulerosv2r10\",\n \"rpm-plugin-systemd-inhibit-4.15.1-17.h36.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:41:14", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-0368 advisory.\n\n - rpm: RPM does not require subkeys to have a valid binding signature (CVE-2021-3521)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-02T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : rpm (ELSA-2022-0368)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2022-12-13T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:python3-rpm", "p-cpe:/a:oracle:linux:rpm", "p-cpe:/a:oracle:linux:rpm-apidocs", "p-cpe:/a:oracle:linux:rpm-build", "p-cpe:/a:oracle:linux:rpm-build-libs", "p-cpe:/a:oracle:linux:rpm-cron", "p-cpe:/a:oracle:linux:rpm-devel", "p-cpe:/a:oracle:linux:rpm-libs", "p-cpe:/a:oracle:linux:rpm-plugin-fapolicyd", "p-cpe:/a:oracle:linux:rpm-plugin-ima", "p-cpe:/a:oracle:linux:rpm-plugin-prioreset", "p-cpe:/a:oracle:linux:rpm-plugin-selinux", "p-cpe:/a:oracle:linux:rpm-plugin-syslog", "p-cpe:/a:oracle:linux:rpm-plugin-systemd-inhibit", "p-cpe:/a:oracle:linux:rpm-sign"], "id": "ORACLELINUX_ELSA-2022-0368.NASL", "href": "https://www.tenable.com/plugins/nessus/157317", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-0368.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157317);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/13\");\n\n script_cve_id(\"CVE-2021-3521\");\n\n script_name(english:\"Oracle Linux 8 : rpm (ELSA-2022-0368)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-0368 advisory.\n\n - rpm: RPM does not require subkeys to have a valid binding signature (CVE-2021-3521)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-0368.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3521\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/25\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-build-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-plugin-fapolicyd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-plugin-ima\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-plugin-prioreset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-plugin-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-plugin-syslog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-plugin-systemd-inhibit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:rpm-sign\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'python3-rpm-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-rpm-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-apidocs-4.14.3-19.el8_5.2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-libs-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-libs-4.14.3-19.el8_5.2', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-libs-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-cron-4.14.3-19.el8_5.2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-devel-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-devel-4.14.3-19.el8_5.2', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-devel-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-libs-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-libs-4.14.3-19.el8_5.2', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-libs-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-fapolicyd-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-fapolicyd-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-ima-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-ima-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-prioreset-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-prioreset-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-selinux-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-selinux-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-syslog-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-syslog-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-systemd-inhibit-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-systemd-inhibit-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-sign-4.14.3-19.el8_5.2', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-sign-4.14.3-19.el8_5.2', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-rpm / rpm / rpm-apidocs / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:48:23", "description": "According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a binding signature. RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources. (CVE-2021-3521)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-02-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : rpm (EulerOS-SA-2022-1215)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2023-03-21T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:python3-rpm", "p-cpe:/a:huawei:euleros:rpm", "p-cpe:/a:huawei:euleros:rpm-build", "p-cpe:/a:huawei:euleros:rpm-devel", "p-cpe:/a:huawei:euleros:rpm-help", "p-cpe:/a:huawei:euleros:rpm-libs", "p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1215.NASL", "href": "https://www.tenable.com/plugins/nessus/158394", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158394);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/21\");\n\n script_cve_id(\"CVE-2021-3521\");\n\n script_name(english:\"EulerOS 2.0 SP10 : rpm (EulerOS-SA-2022-1215)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the rpm packages installed, the EulerOS installation on the remote host is affected by the\nfollowing vulnerabilities :\n\n - There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a\n binding signature. RPM does not check the binding signature of subkeys prior to importing them. If an\n attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate\n public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data\n integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an\n administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and\n public keys from trusted sources. (CVE-2021-3521)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1215\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f35b5e09\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected rpm packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3521\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-help\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:rpm-plugin-systemd-inhibit\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"python3-rpm-4.15.1-17.h31.eulerosv2r10\",\n \"rpm-4.15.1-17.h31.eulerosv2r10\",\n \"rpm-build-4.15.1-17.h31.eulerosv2r10\",\n \"rpm-devel-4.15.1-17.h31.eulerosv2r10\",\n \"rpm-help-4.15.1-17.h31.eulerosv2r10\",\n \"rpm-libs-4.15.1-17.h31.eulerosv2r10\",\n \"rpm-plugin-systemd-inhibit-4.15.1-17.h31.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:36:05", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:0368 advisory.\n\n - rpm: RPM does not require subkeys to have a valid binding signature (CVE-2021-3521)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-02T00:00:00", "type": "nessus", "title": "RHEL 8 : rpm (RHSA-2022:0368)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:rpm-plugin-ima", "p-cpe:/a:redhat:enterprise_linux:rpm-plugin-prioreset", "p-cpe:/a:redhat:enterprise_linux:rpm-plugin-selinux", "p-cpe:/a:redhat:enterprise_linux:rpm-plugin-syslog", "p-cpe:/a:redhat:enterprise_linux:rpm-plugin-systemd-inhibit", "p-cpe:/a:redhat:enterprise_linux:rpm-sign", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:python3-rpm", "p-cpe:/a:redhat:enterprise_linux:rpm", "p-cpe:/a:redhat:enterprise_linux:rpm-apidocs", "p-cpe:/a:redhat:enterprise_linux:rpm-build", "p-cpe:/a:redhat:enterprise_linux:rpm-build-libs", "p-cpe:/a:redhat:enterprise_linux:rpm-cron", "p-cpe:/a:redhat:enterprise_linux:rpm-devel", "p-cpe:/a:redhat:enterprise_linux:rpm-libs", "p-cpe:/a:redhat:enterprise_linux:rpm-plugin-fapolicyd"], "id": "REDHAT-RHSA-2022-0368.NASL", "href": "https://www.tenable.com/plugins/nessus/157312", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:0368. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157312);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2021-3521\");\n script_xref(name:\"RHSA\", value:\"2022:0368\");\n\n script_name(english:\"RHEL 8 : rpm (RHSA-2022:0368)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:0368 advisory.\n\n - rpm: RPM does not require subkeys to have a valid binding signature (CVE-2021-3521)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-3521\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:0368\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1941098\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:H/Au:N/C:N/I:C/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3521\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(347);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/22\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-apidocs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-build\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-build-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-cron\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-plugin-fapolicyd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-plugin-ima\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-plugin-prioreset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-plugin-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-plugin-syslog\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-plugin-systemd-inhibit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:rpm-sign\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'python3-rpm-4.14.3-19.el8_5.2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-4.14.3-19.el8_5.2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-apidocs-4.14.3-19.el8_5.2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-4.14.3-19.el8_5.2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-libs-4.14.3-19.el8_5.2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-cron-4.14.3-19.el8_5.2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-devel-4.14.3-19.el8_5.2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-libs-4.14.3-19.el8_5.2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-fapolicyd-4.14.3-19.el8_5.2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-ima-4.14.3-19.el8_5.2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-prioreset-4.14.3-19.el8_5.2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-selinux-4.14.3-19.el8_5.2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-syslog-4.14.3-19.el8_5.2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-systemd-inhibit-4.14.3-19.el8_5.2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-sign-4.14.3-19.el8_5.2', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'python3-rpm-4.14.3-19.el8_5.2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-4.14.3-19.el8_5.2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-apidocs-4.14.3-19.el8_5.2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-4.14.3-19.el8_5.2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-build-libs-4.14.3-19.el8_5.2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-cron-4.14.3-19.el8_5.2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-devel-4.14.3-19.el8_5.2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-libs-4.14.3-19.el8_5.2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-fapolicyd-4.14.3-19.el8_5.2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-ima-4.14.3-19.el8_5.2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-prioreset-4.14.3-19.el8_5.2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-selinux-4.14.3-19.el8_5.2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-syslog-4.14.3-19.el8_5.2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-plugin-systemd-inhibit-4.14.3-19.el8_5.2', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'rpm-sign-4.14.3-19.el8_5.2', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-rpm / rpm / rpm-apidocs / rpm-build / rpm-build-libs / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:42:44", "description": "The remote host is affected by the vulnerability described in GLSA-201811-22 (RPM: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in RPM. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A remote attacker, by enticing the user to process a specially crafted RPM file, could escalate privileges, execute arbitrary code, or cause a Denial of Service condition.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2018-11-29T00:00:00", "type": "nessus", "title": "GLSA-201811-22 : RPM: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2013-6435", "CVE-2014-8118", "CVE-2017-7501"], "modified": "2020-06-24T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:rpm", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-201811-22.NASL", "href": "https://www.tenable.com/plugins/nessus/119276", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 201811-22.\n#\n# The advisory text is Copyright (C) 2001-2020 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(119276);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/24\");\n\n script_cve_id(\"CVE-2013-6435\", \"CVE-2014-8118\", \"CVE-2017-7501\");\n script_xref(name:\"GLSA\", value:\"201811-22\");\n\n script_name(english:\"GLSA-201811-22 : RPM: Multiple vulnerabilities\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The remote host is affected by the vulnerability described in GLSA-201811-22\n(RPM: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in RPM. Please review the\n CVE identifiers referenced below for details.\n \nImpact :\n\n A remote attacker, by enticing the user to process a specially crafted\n RPM file, could escalate privileges, execute arbitrary code, or cause a\n Denial of Service condition.\n \nWorkaround :\n\n There is no known workaround at this time.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/201811-22\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"All RPM users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-arch/rpm-4.14.1'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2014/12/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/11/29\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-arch/rpm\", unaffected:make_list(\"ge 4.14.1\"), vulnerable:make_list(\"lt 4.14.1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"RPM\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T14:14:44", "description": "An update of 'curl', 'docker', 'binutils', 'linux','rpm' packages of Photon OS has been released.", "cvss3": {}, "published": "2018-08-17T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Binutils / Curl / Docker / Linux / Rpm PHSA-2017-1.0-0095 (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-1000407", "CVE-2017-12190", "CVE-2017-14992", "CVE-2017-17121", "CVE-2017-17122", "CVE-2017-17124", "CVE-2017-17125", "CVE-2017-7501", "CVE-2017-8818"], "modified": "2019-02-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:binutils", "p-cpe:/a:vmware:photonos:curl", "p-cpe:/a:vmware:photonos:docker", "p-cpe:/a:vmware:photonos:linux", "p-cpe:/a:vmware:photonos:rpm", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2017-1_0-0095.NASL", "href": "https://www.tenable.com/plugins/nessus/111904", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# @DEPRECATED@\n#\n# Disabled on 2/7/2019\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2017-1.0-0095. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111904);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/02/07 18:59:50\");\n\n script_cve_id(\n \"CVE-2017-7501\",\n \"CVE-2017-8818\",\n \"CVE-2017-12190\",\n \"CVE-2017-14992\",\n \"CVE-2017-17121\",\n \"CVE-2017-17122\",\n \"CVE-2017-17124\",\n \"CVE-2017-17125\",\n \"CVE-2017-1000407\"\n );\n\n script_name(english:\"Photon OS 1.0: Binutils / Curl / Docker / Linux / Rpm PHSA-2017-1.0-0095 (deprecated)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of 'curl', 'docker', 'binutils', 'linux','rpm' packages of\nPhoton OS has been released.\");\n # https://github.com/vmware/photon/wiki/Security-Updates-1.0-95\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5e92d3f9\");\n script_set_attribute(attribute:\"solution\", value:\"n/a.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2017-8818\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2017/12/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/08/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:rpm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\nexit(0, \"This plugin has been deprecated.\");\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/PhotonOS/release\");\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, \"PhotonOS\");\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"PhotonOS 1.0\");\n\nif (!get_kb_item(\"Host/PhotonOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"PhotonOS\", cpu);\n\nflag = 0;\n\npkgs = [\n \"binutils-2.29.1-3.ph1\",\n \"binutils-debuginfo-2.29.1-3.ph1\",\n \"binutils-devel-2.29.1-3.ph1\",\n \"curl-7.56.1-2.ph1\",\n \"curl-debuginfo-7.56.1-2.ph1\",\n \"docker-17.06.0-2.ph1\",\n \"docker-doc-17.06.0-2.ph1\",\n \"linux-4.4.106-1.ph1\",\n \"linux-api-headers-4.4.106-1.ph1\",\n \"linux-debuginfo-4.4.106-1.ph1\",\n \"linux-dev-4.4.106-1.ph1\",\n \"linux-docs-4.4.106-1.ph1\",\n \"linux-drivers-gpu-4.4.106-1.ph1\",\n \"linux-esx-4.4.106-1.ph1\",\n \"linux-esx-debuginfo-4.4.106-1.ph1\",\n \"linux-esx-devel-4.4.106-1.ph1\",\n \"linux-esx-docs-4.4.106-1.ph1\",\n \"linux-oprofile-4.4.106-1.ph1\",\n \"linux-sound-4.4.106-1.ph1\",\n \"linux-tools-4.4.106-1.ph1\",\n \"rpm-4.13.0.1-4.ph1\",\n \"rpm-debuginfo-4.13.0.1-4.ph1\"\n];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"PhotonOS-1.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"binutils / curl / docker / linux / rpm\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "gentoo": [{"lastseen": "2023-05-23T16:31:50", "description": "### Background\n\nThe Red Hat Package Manager (RPM) is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating computer software packages.\n\n### Description\n\nMultiple vulnerabilities have been discovered in RPM. Please review the CVE identifiers referenced below for details.\n\n### Impact\n\nPlease review the referenced CVE identifiers for details.\n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll RPM users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/rpm-4.18.0\"", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-31T00:00:00", "type": "gentoo", "title": "RPM: Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-3521", "CVE-2021-35937", "CVE-2021-35938", "CVE-2021-35939"], "modified": "2022-10-31T00:00:00", "id": "GLSA-202210-22", "href": "https://security.gentoo.org/glsa/202210-22", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-20T12:52:53", "description": "### Background\n\nThe Red Hat Package Manager (RPM) is a command line driven package management system capable of installing, uninstalling, verifying, querying, and updating computer software packages. \n\n### Description\n\nMultiple vulnerabilities have been discovered in RPM. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA remote attacker, by enticing the user to process a specially crafted RPM file, could escalate privileges, execute arbitrary code, or cause a Denial of Service condition. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll RPM users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=app-arch/rpm-4.14.1\"", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-28T00:00:00", "type": "gentoo", "title": "RPM: Multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2013-6435", "CVE-2014-8118", "CVE-2017-7501"], "modified": "2018-11-28T00:00:00", "id": "GLSA-201811-22", "href": "https://security.gentoo.org/glsa/201811-22", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "freebsd": [{"lastseen": "2023-05-23T16:23:44", "description": "\n\nrpm project reports:\n\nFix intermediate symlinks not verified (CVE-2021-35939).\nFix subkey binding signatures not checked on PGP public keys (CVE-2021-3521).\nRefactor file and directory operations to use fd-based APIs throughout (CVE-2021-35938)\n\n\n", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-22T00:00:00", "type": "freebsd", "title": "rpm4 -- Multiple Vulnerabilities", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-3521", "CVE-2021-35938", "CVE-2021-35939"], "modified": "2022-08-22T00:00:00", "id": "0C52ABDE-717B-11ED-98CA-40B034429ECF", "href": "https://vuxml.freebsd.org/freebsd/0c52abde-717b-11ed-98ca-40b034429ecf.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhatcve": [{"lastseen": "2023-08-15T18:30:34", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n#### Mitigation\n\nMitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. \n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T17:22:58", "type": "redhatcve", "title": "CVE-2021-35937", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501", "CVE-2021-35937"], "modified": "2023-08-15T13:18:53", "id": "RH:CVE-2021-35937", "href": "https://access.redhat.com/security/cve/cve-2021-35937", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-15T18:30:40", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n#### Mitigation\n\nMitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. \n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T17:51:18", "type": "redhatcve", "title": "CVE-2021-35939", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501", "CVE-2021-35939"], "modified": "2023-08-15T13:19:12", "id": "RH:CVE-2021-35939", "href": "https://access.redhat.com/security/cve/cve-2021-35939", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-15T18:30:49", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\n#### Mitigation\n\nMitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability. \n\n", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-01T17:23:07", "type": "redhatcve", "title": "CVE-2021-35938", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-35938"], "modified": "2023-08-15T13:19:03", "id": "RH:CVE-2021-35938", "href": "https://access.redhat.com/security/cve/cve-2021-35938", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-09-02T22:49:15", "description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-03T15:19:24", "type": "redhatcve", "title": "CVE-2017-7500", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7500"], "modified": "2019-10-12T02:57:38", "id": "RH:CVE-2017-7500", "href": "https://access.redhat.com/security/cve/cve-2017-7500", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-09-02T22:49:15", "description": "It was found that rpm uses temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-07-03T15:19:09", "type": "redhatcve", "title": "CVE-2017-7501", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7501"], "modified": "2019-10-12T01:17:00", "id": "RH:CVE-2017-7501", "href": "https://access.redhat.com/security/cve/cve-2017-7501", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-01T02:30:10", "description": "There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a \"binding signature.\"[1] RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. 1\\. https://tools.ietf.org/html/rfc4880#section-5.2.1\n", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2021-09-29T15:51:36", "type": "redhatcve", "title": "CVE-2021-3521", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2023-08-31T16:08:19", "id": "RH:CVE-2021-3521", "href": "https://access.redhat.com/security/cve/cve-2021-3521", "cvss": {"score": 0.0, "vector": "NONE"}}], "veracode": [{"lastseen": "2023-06-26T20:11:36", "description": "rpm is vulnerable to denial of service. An attacker can bypass the checks introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges and causing an application crash. \n", "cvss3": {"exploitabilityScore": 0.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.4, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-01T00:52:29", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501", "CVE-2021-35937"], "modified": "2023-06-26T18:48:05", "id": "VERACODE:37370", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37370/summary", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T14:13:16", "description": "librpm.so is vulnerable to privilege escalation. A local unauthenticated user who owns another ancestor directory is able to potentially gain root privileges of the system due to the lack of sanitizations in `lib/fsm.c` during `symlink` validations. This vulnerability exists due to incomplete fixes for `CVE-2017-7500` and `CVE-2017-7501`.\n", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-29T04:37:38", "type": "veracode", "title": "Privilege Escalation", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501", "CVE-2021-35939"], "modified": "2023-02-04T06:36:44", "id": "VERACODE:36825", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-36825/summary", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T13:52:31", "description": "rpm is vulnerable to Privilege Escalation. The vulnerability exists because of sets the desired permissions and credentials after installing a files in the system which allows a remote attacker to elevate privileges. \n", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-10-01T00:52:27", "type": "veracode", "title": "Privilege Escalation", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-35938"], "modified": "2023-03-28T04:25:46", "id": "VERACODE:37369", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-37369/summary", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-04-18T06:18:39", "description": "rpm has insecure signature. The vulnerability exists due to an untrusted RPM or public key. \n", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-03-08T23:52:39", "type": "veracode", "title": "Insecure Signature", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2023-02-13T01:44:25", "id": "VERACODE:34563", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-34563/summary", "cvss": {"score": 0.0, "vector": "NONE"}}], "prion": [{"lastseen": "2023-08-16T06:14:12", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "cvss3": {"exploitabilityScore": 0.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.4, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-25T20:15:00", "type": "prion", "title": "CVE-2021-35937", "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501", "CVE-2021-35937"], "modified": "2023-06-26T17:48:00", "id": "PRION:CVE-2021-35937", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-35937", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-16T06:14:16", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-26T16:15:00", "type": "prion", "title": "CVE-2021-35939", "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501", "CVE-2021-35939"], "modified": "2023-02-04T01:16:00", "id": "PRION:CVE-2021-35939", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-35939", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-16T06:14:14", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-25T20:15:00", "type": "prion", "title": "CVE-2021-35938", "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2021-35938"], "modified": "2022-11-29T18:06:00", "id": "PRION:CVE-2021-35938", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-35938", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-16T06:09:08", "description": "There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a \"binding signature.\" RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-08-22T15:15:00", "type": "prion", "title": "CVE-2021-3521", "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2023-02-12T23:41:00", "id": "PRION:CVE-2021-3521", "href": "https://kb.prio-n.com/vulnerability/CVE-2021-3521", "cvss": {"score": 0.0, "vector": "NONE"}}], "ubuntucve": [{"lastseen": "2023-07-27T19:04:31", "description": "A race condition vulnerability was found in rpm. A local unprivileged user\ncould use this flaw to bypass the checks that were introduced in response\nto CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges.\nThe highest threat from this vulnerability is to data confidentiality and\nintegrity as well as system availability.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[seth-arnold](<https://launchpad.net/~seth-arnold>) | Only debugedit and librpmio9 binary packages are in main, and triaged with view to how they are used in the build process as described in https://bugs.launchpad.net/ubuntu/+source/rpm/+bug/1913871\n", "cvss3": {"exploitabilityScore": 0.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.4, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-25T00:00:00", "type": "ubuntucve", "title": "CVE-2021-35937", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501", "CVE-2021-35937"], "modified": "2022-08-25T00:00:00", "id": "UB:CVE-2021-35937", "href": "https://ubuntu.com/security/CVE-2021-35937", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-27T19:12:12", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was\nincomplete: the check was only implemented for the parent directory of the\nfile to be created. A local unprivileged user who owns another ancestor\ndirectory could potentially use this flaw to gain root privileges. The\nhighest threat from this vulnerability is to data confidentiality and\nintegrity as well as system availability.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[seth-arnold](<https://launchpad.net/~seth-arnold>) | Only debugedit and librpmio9 binary packages are in main, and triaged with view to how they are used in the build process as described in https://bugs.launchpad.net/ubuntu/+source/rpm/+bug/1913871\n", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-26T00:00:00", "type": "ubuntucve", "title": "CVE-2021-35939", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501", "CVE-2021-35939"], "modified": "2022-08-26T00:00:00", "id": "UB:CVE-2021-35939", "href": "https://ubuntu.com/security/CVE-2021-35939", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-27T19:04:24", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired\npermissions and credentials after installing a file. A local unprivileged\nuser could use this flaw to exchange the original file with a symbolic link\nto a security-critical file and escalate their privileges on the system.\nThe highest threat from this vulnerability is to data confidentiality and\nintegrity as well as system availability.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[seth-arnold](<https://launchpad.net/~seth-arnold>) | Only debugedit and librpmio9 binary packages are in main, and triaged with view to how they are used in the build process as described in https://bugs.launchpad.net/ubuntu/+source/rpm/+bug/1913871\n", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-25T00:00:00", "type": "ubuntucve", "title": "CVE-2021-35938", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-35938"], "modified": "2022-08-25T00:00:00", "id": "UB:CVE-2021-35938", "href": "https://ubuntu.com/security/CVE-2021-35938", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-06T13:57:48", "description": "It was found that rpm did not properly handle RPM installations when a\ndestination path was a symbolic link to a directory, possibly changing\nownership and permissions of an arbitrary directory, and RPM files being\nplaced in an arbitrary destination. An attacker, with write access to a\ndirectory in which a subdirectory will be installed, could redirect that\ndirectory to an arbitrary location and gain root privilege.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[mdeslaur](<https://launchpad.net/~mdeslaur>) | fixed in 4.13.0.2 and 4.14.0\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-13T00:00:00", "type": "ubuntucve", "title": "CVE-2017-7500", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7500"], "modified": "2018-08-13T00:00:00", "id": "UB:CVE-2017-7500", "href": "https://ubuntu.com/security/CVE-2017-7500", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-28T14:17:50", "description": "It was found that versions of rpm before 4.13.0.2 use temporary files with\npredictable names when installing an RPM. An attacker with ability to write\nin a directory where files will be installed could create symbolic links to\nan arbitrary location and modify content, and possibly permissions to\narbitrary files, which could be used for denial of service or possibly\nprivilege escalation.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-22T00:00:00", "type": "ubuntucve", "title": "CVE-2017-7501", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7501"], "modified": "2017-11-22T00:00:00", "id": "UB:CVE-2017-7501", "href": "https://ubuntu.com/security/CVE-2017-7501", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-07-27T19:13:33", "description": "There is a flaw in RPM's signature functionality. OpenPGP subkeys are\nassociated with a primary key via a \"binding signature.\" RPM does not check\nthe binding signature of subkeys prior to importing them. If an attacker is\nable to add or socially engineer another party to add a malicious subkey to\na legitimate public key, RPM could wrongly trust a malicious signature. The\ngreatest impact of this flaw is to data integrity. To exploit this flaw, an\nattacker must either compromise an RPM repository or convince an\nadministrator to install an untrusted RPM or public key. It is strongly\nrecommended to only use RPMs and public keys from trusted sources.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[seth-arnold](<https://launchpad.net/~seth-arnold>) | Only debugedit and librpmio9 binary packages are in main, and triaged with view to how they are used in the build process as described in https://bugs.launchpad.net/ubuntu/+source/rpm/+bug/1913871\n", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-08-22T00:00:00", "type": "ubuntucve", "title": "CVE-2021-3521", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2022-08-22T00:00:00", "id": "UB:CVE-2021-3521", "href": "https://ubuntu.com/security/CVE-2021-3521", "cvss": {"score": 0.0, "vector": "NONE"}}], "cve": [{"lastseen": "2023-05-23T15:33:37", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "cvss3": {"exploitabilityScore": 0.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.4, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-25T20:15:00", "type": "cve", "title": "CVE-2021-35937", "cwe": ["CWE-59", "CWE-367"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501", "CVE-2021-35937"], "modified": "2022-11-16T20:05:00", "cpe": ["cpe:/o:fedoraproject:fedora:34", "cpe:/o:redhat:enterprise_linux:7.0", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/o:redhat:enterprise_linux:9.0", "cpe:/o:redhat:enterprise_linux:6.0"], "id": "CVE-2021-35937", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35937", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:33:37", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-26T16:15:00", "type": "cve", "title": "CVE-2021-35939", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501", "CVE-2021-35939"], "modified": "2023-02-04T01:16:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8.0"], "id": "CVE-2021-35939", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35939", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"]}, {"lastseen": "2023-05-23T15:33:37", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-25T20:15:00", "type": "cve", "title": "CVE-2021-35938", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2021-35938"], "modified": "2022-11-29T18:06:00", "cpe": ["cpe:/o:fedoraproject:fedora:34", "cpe:/o:redhat:enterprise_linux:8.0", "cpe:/o:redhat:enterprise_linux:9.0", "cpe:/o:redhat:enterprise_linux:7.0"], "id": "CVE-2021-35938", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-35938", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": ["cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*"]}, {"lastseen": "2023-06-05T15:27:28", "description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-13T17:29:00", "type": "cve", "title": "CVE-2017-7500", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7500"], "modified": "2019-10-09T23:29:00", "cpe": ["cpe:/a:rpm:rpm:4.14.0.0"], "id": "CVE-2017-7500", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7500", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:rpm:rpm:4.14.0.0:rc2:*:*:*:*:*:*", "cpe:2.3:a:rpm:rpm:4.14.0.0:rc1:*:*:*:*:*:*"]}, {"lastseen": "2023-06-05T15:27:35", "description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-22T22:29:00", "type": "cve", "title": "CVE-2017-7501", "cwe": ["CWE-59"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7501"], "modified": "2021-06-29T15:15:00", "cpe": [], "id": "CVE-2017-7501", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2017-7501", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": []}, {"lastseen": "2023-05-23T15:32:44", "description": "There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a \"binding signature.\" RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-08-22T15:15:00", "type": "cve", "title": "CVE-2021-3521", "cwe": ["CWE-347"], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2023-02-12T23:41:00", "cpe": [], "id": "CVE-2021-3521", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3521", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}], "alpinelinux": [{"lastseen": "2023-09-24T07:57:15", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-26T16:15:00", "type": "alpinelinux", "title": "CVE-2021-35939", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501", "CVE-2021-35939"], "modified": "2023-02-04T01:16:00", "id": "ALPINE:CVE-2021-35939", "href": "https://security.alpinelinux.org/vuln/CVE-2021-35939", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-24T07:57:15", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-25T20:15:00", "type": "alpinelinux", "title": "CVE-2021-35937", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501", "CVE-2021-35937"], "modified": "2022-11-16T20:05:00", "id": "ALPINE:CVE-2021-35937", "href": "https://security.alpinelinux.org/vuln/CVE-2021-35937", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-09-24T07:57:15", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-25T20:15:00", "type": "alpinelinux", "title": "CVE-2021-35938", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-35938"], "modified": "2022-11-29T18:06:00", "id": "ALPINE:CVE-2021-35938", "href": "https://security.alpinelinux.org/vuln/CVE-2021-35938", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-24T07:57:15", "description": "There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a \"binding signature.\" RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-08-22T15:15:00", "type": "alpinelinux", "title": "CVE-2021-3521", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2023-02-12T23:41:00", "id": "ALPINE:CVE-2021-3521", "href": "https://security.alpinelinux.org/vuln/CVE-2021-3521", "cvss": {"score": 0.0, "vector": "NONE"}}], "debiancve": [{"lastseen": "2023-05-24T10:11:59", "description": "It was found that the fix for CVE-2017-7500 and CVE-2017-7501 was incomplete: the check was only implemented for the parent directory of the file to be created. A local unprivileged user who owns another ancestor directory could potentially use this flaw to gain root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-26T16:15:00", "type": "debiancve", "title": "CVE-2021-35939", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501", "CVE-2021-35939"], "modified": "2022-08-26T16:15:00", "id": "DEBIANCVE:CVE-2021-35939", "href": "https://security-tracker.debian.org/tracker/CVE-2021-35939", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T10:11:59", "description": "A race condition vulnerability was found in rpm. A local unprivileged user could use this flaw to bypass the checks that were introduced in response to CVE-2017-7500 and CVE-2017-7501, potentially gaining root privileges. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "cvss3": {"exploitabilityScore": 0.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.4, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-25T20:15:00", "type": "debiancve", "title": "CVE-2021-35937", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501", "CVE-2021-35937"], "modified": "2022-08-25T20:15:00", "id": "DEBIANCVE:CVE-2021-35937", "href": "https://security-tracker.debian.org/tracker/CVE-2021-35937", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-24T10:11:59", "description": "A symbolic link issue was found in rpm. It occurs when rpm sets the desired permissions and credentials after installing a file. A local unprivileged user could use this flaw to exchange the original file with a symbolic link to a security-critical file and escalate their privileges on the system. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.", "cvss3": {"exploitabilityScore": 0.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.7, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-25T20:15:00", "type": "debiancve", "title": "CVE-2021-35938", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-35938"], "modified": "2022-08-25T20:15:00", "id": "DEBIANCVE:CVE-2021-35938", "href": "https://security-tracker.debian.org/tracker/CVE-2021-35938", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-05T18:17:41", "description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-08-13T17:29:00", "type": "debiancve", "title": "CVE-2017-7500", "bulletinFamily": "info", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7500"], "modified": "2018-08-13T17:29:00", "id": "DEBIANCVE:CVE-2017-7500", "href": "https://security-tracker.debian.org/tracker/CVE-2017-7500", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-06-05T18:17:41", "description": "It was found that versions of rpm before 4.13.0.2 use temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-11-22T22:29:00", "type": "debiancve", "title": "CVE-2017-7501", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7501"], "modified": "2017-11-22T22:29:00", "id": "DEBIANCVE:CVE-2017-7501", "href": "https://security-tracker.debian.org/tracker/CVE-2017-7501", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-05-24T10:11:59", "description": "There is a flaw in RPM's signature functionality. OpenPGP subkeys are associated with a primary key via a \"binding signature.\" RPM does not check the binding signature of subkeys prior to importing them. If an attacker is able to add or socially engineer another party to add a malicious subkey to a legitimate public key, RPM could wrongly trust a malicious signature. The greatest impact of this flaw is to data integrity. To exploit this flaw, an attacker must either compromise an RPM repository or convince an administrator to install an untrusted RPM or public key. It is strongly recommended to only use RPMs and public keys from trusted sources.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-08-22T15:15:00", "type": "debiancve", "title": "CVE-2021-3521", "bulletinFamily": "info", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2022-08-22T15:15:00", "id": "DEBIANCVE:CVE-2021-3521", "href": "https://security-tracker.debian.org/tracker/CVE-2021-3521", "cvss": {"score": 0.0, "vector": "NONE"}}], "openvas": [{"lastseen": "2020-01-31T17:34:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-25T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for rpm (openSUSE-SU-2018:3373-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310851947", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310851947", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.851947\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-25 06:00:31 +0200 (Thu, 25 Oct 2018)\");\n script_cve_id(\"CVE-2017-7500\", \"CVE-2017-7501\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"openSUSE: Security Advisory for rpm (openSUSE-SU-2018:3373-1)\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rpm'\n package(s) announced via the referenced advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for rpm fixes the following issues:\n\n These security issues were fixed:\n\n - CVE-2017-7500: rpm did not properly handle RPM installations when a\n destination path was a symbolic link to a directory, possibly changing\n ownership and permissions of an arbitrary directory, and RPM files being\n placed in an arbitrary destination (bsc#943457).\n\n - CVE-2017-7501: rpm used temporary files with predictable names when\n installing an RPM. An attacker with ability to write in a directory\n where files will be installed could create symbolic links to an\n arbitrary location and modify content, and possibly permissions to\n arbitrary files, which could be used for denial of service or possibly\n privilege escalation (bsc#943457)\n\n This non-security issue was fixed:\n\n - Use ksym-provides tool [bsc#1077692]\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 42.3:\n\n zypper in -t patch openSUSE-2018-1246=1\");\n\n script_tag(name:\"affected\", value:\"rpm on openSUSE Leap 42.3\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:3373-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-10/msg00058.html\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap42\\.3\");\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap42.3\") {\n if(!isnull(res = isrpmvuln(pkg:\"python3-rpm\", rpm:\"python3-rpm~4.11.2~14.10.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-rpm-debuginfo\", rpm:\"python3-rpm-debuginfo~4.11.2~14.10.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-rpm-debugsource\", rpm:\"python3-rpm-debugsource~4.11.2~14.10.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm\", rpm:\"rpm~4.11.2~14.10.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-build\", rpm:\"rpm-build~4.11.2~14.10.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-build-debuginfo\", rpm:\"rpm-build-debuginfo~4.11.2~14.10.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-debuginfo\", rpm:\"rpm-debuginfo~4.11.2~14.10.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-debugsource\", rpm:\"rpm-debugsource~4.11.2~14.10.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-devel\", rpm:\"rpm-devel~4.11.2~14.10.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-python\", rpm:\"rpm-python~4.11.2~14.10.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-python-debuginfo\", rpm:\"rpm-python-debuginfo~4.11.2~14.10.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-python-debugsource\", rpm:\"rpm-python-debugsource~4.11.2~14.10.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-32bit\", rpm:\"rpm-32bit~4.11.2~14.10.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pm-debuginfo-32bit\", rpm:\"pm-debuginfo-32bit~4.11.2~14.10.1\", rls:\"openSUSELeap42.3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:48", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-12-04T00:00:00", "type": "openvas", "title": "Fedora Update for rpm FEDORA-2017-ab57a100f3", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873824", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873824", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_ab57a100f3_rpm_fc25.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for rpm FEDORA-2017-ab57a100f3\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873824\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-12-04 18:47:58 +0530 (Mon, 04 Dec 2017)\");\n script_cve_id(\"CVE-2017-7500\", \"CVE-2017-7501\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rpm FEDORA-2017-ab57a100f3\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rpm'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rpm on Fedora 25\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-ab57a100f3\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZDTWP3MAJYZYFU2SKY5WNNBP4ITNUFMN\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC25\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC25\")\n{\n\n if ((res = isrpmvuln(pkg:\"rpm\", rpm:\"rpm~4.13.0.2~1.fc25\", rls:\"FC25\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-05-29T18:34:46", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2017-11-08T00:00:00", "type": "openvas", "title": "Fedora Update for rpm FEDORA-2017-9232eac8e8", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501"], "modified": "2019-03-15T00:00:00", "id": "OPENVAS:1361412562310873581", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310873581", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_fedora_2017_9232eac8e8_rpm_fc26.nasl 14223 2019-03-15 13:49:35Z cfischer $\n#\n# Fedora Update for rpm FEDORA-2017-9232eac8e8\n#\n# Authors:\n# System Generated Check\n#\n# Copyright:\n# Copyright (C) 2017 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.873581\");\n script_version(\"$Revision: 14223 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-15 14:49:35 +0100 (Fri, 15 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2017-11-08 10:32:18 +0100 (Wed, 08 Nov 2017)\");\n script_cve_id(\"CVE-2017-7501\", \"CVE-2017-7500\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"qod_type\", value:\"package\");\n script_name(\"Fedora Update for rpm FEDORA-2017-9232eac8e8\");\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rpm'\n package(s) announced via the referenced advisory.\");\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n script_tag(name:\"affected\", value:\"rpm on Fedora 26\");\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n script_xref(name:\"FEDORA\", value:\"2017-9232eac8e8\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JIR2ZIKHQV3RNO7MINMTYG35IDRBXCS2\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2017 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC26\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\n\nif(release == \"FC26\")\n{\n\n if ((res = isrpmvuln(pkg:\"rpm\", rpm:\"rpm~4.13.0.2~1.fc26\", rls:\"FC26\")) != NULL)\n {\n security_message(data:res);\n exit(0);\n }\n\n if (__pkg_match) exit(99);\n exit(0);\n}\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:34:09", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2019-2384)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192384", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192384", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2384\");\n script_version(\"2020-01-23T12:52:40+0000\");\n script_cve_id(\"CVE-2017-7500\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:52:40 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:52:40 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2019-2384)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2384\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2384\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'rpm' package(s) announced via the EulerOS-SA-2019-2384 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.(CVE-2017-7500)\");\n\n script_tag(name:\"affected\", value:\"'rpm' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm\", rpm:\"rpm~4.11.3~17.h5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-build\", rpm:\"rpm-build~4.11.3~17.h5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-build-libs\", rpm:\"rpm-build-libs~4.11.3~17.h5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-devel\", rpm:\"rpm-devel~4.11.3~17.h5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-libs\", rpm:\"rpm-libs~4.11.3~17.h5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-python\", rpm:\"rpm-python~4.11.3~17.h5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-sign\", rpm:\"rpm-sign~4.11.3~17.h5\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:36:11", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2019-2658)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220192658", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220192658", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.2658\");\n script_version(\"2020-01-23T13:13:03+0000\");\n script_cve_id(\"CVE-2017-7500\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 13:13:03 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 13:13:03 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2019-2658)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-2658\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2658\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'rpm' package(s) announced via the EulerOS-SA-2019-2658 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege.(CVE-2017-7500)\");\n\n script_tag(name:\"affected\", value:\"'rpm' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm\", rpm:\"rpm~4.11.3~21.h7\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-build\", rpm:\"rpm-build~4.11.3~21.h7\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-build-libs\", rpm:\"rpm-build-libs~4.11.3~21.h7\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-devel\", rpm:\"rpm-devel~4.11.3~21.h7\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-libs\", rpm:\"rpm-libs~4.11.3~21.h7\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-ostree\", rpm:\"rpm-ostree~2017.4~5\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-python\", rpm:\"rpm-python~4.11.3~21.h7\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-sign\", rpm:\"rpm-sign~4.11.3~21.h7\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-31T17:33:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2018-10-26T00:00:00", "type": "openvas", "title": "openSUSE: Security Advisory for rpm (openSUSE-SU-2018:2215-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7500"], "modified": "2020-01-31T00:00:00", "id": "OPENVAS:1361412562310852078", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310852078", "sourceData": "# Copyright (C) 2018 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) of their respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.852078\");\n script_version(\"2020-01-31T08:23:39+0000\");\n script_cve_id(\"CVE-2017-7500\");\n script_tag(name:\"cvss_base\", value:\"7.2\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_tag(name:\"last_modification\", value:\"2020-01-31 08:23:39 +0000 (Fri, 31 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2018-10-26 06:42:12 +0200 (Fri, 26 Oct 2018)\");\n script_name(\"openSUSE: Security Advisory for rpm (openSUSE-SU-2018:2215-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2018 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.0\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2018:2215-1\");\n script_xref(name:\"URL\", value:\"https://lists.opensuse.org/opensuse-security-announce/2018-08/msg00016.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rpm'\n package(s) announced via the openSUSE-SU-2018:2215-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for rpm fixes the following issues:\n\n This security vulnerability was fixed:\n\n - CVE-2017-7500: Fixed symlink attacks during RPM installation (bsc#943457)\n\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.0:\n\n zypper in -t patch openSUSE-2018-808=1\");\n\n script_tag(name:\"affected\", value:\"rpm on openSUSE Leap 15.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.0\") {\n if(!isnull(res = isrpmvuln(pkg:\"python-rpm-debugsource\", rpm:\"python-rpm-debugsource~4.14.1~lp150.9.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python2-rpm\", rpm:\"python2-rpm~4.14.1~lp150.9.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python2-rpm-debuginfo\", rpm:\"python2-rpm-debuginfo~4.14.1~lp150.9.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-rpm\", rpm:\"python3-rpm~4.14.1~lp150.9.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"python3-rpm-debuginfo\", rpm:\"python3-rpm-debuginfo~4.14.1~lp150.9.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm\", rpm:\"rpm~4.14.1~lp150.9.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-build\", rpm:\"rpm-build~4.14.1~lp150.9.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-build-debuginfo\", rpm:\"rpm-build-debuginfo~4.14.1~lp150.9.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-debuginfo\", rpm:\"rpm-debuginfo~4.14.1~lp150.9.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-debugsource\", rpm:\"rpm-debugsource~4.14.1~lp150.9.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-devel\", rpm:\"rpm-devel~4.14.1~lp150.9.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-32bit\", rpm:\"rpm-32bit~4.14.1~lp150.9.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"pm-32bit-debuginfo\", rpm:\"pm-32bit-debuginfo~4.14.1~lp150.9.3.1\", rls:\"openSUSELeap15.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-01-27T18:41:25", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2018-1353)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7501"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220181353", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220181353", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2018.1353\");\n script_version(\"2020-01-23T11:23:05+0000\");\n script_cve_id(\"CVE-2017-7501\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:23:05 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:23:05 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2018-1353)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP2\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2018-1353\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1353\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'rpm' package(s) announced via the EulerOS-SA-2018-1353 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that rpm uses temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.(CVE-2017-7501)\");\n\n script_tag(name:\"affected\", value:\"'rpm' package(s) on Huawei EulerOS V2.0SP2.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP2\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm\", rpm:\"rpm~4.11.3~17.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-build\", rpm:\"rpm-build~4.11.3~17.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-build-libs\", rpm:\"rpm-build-libs~4.11.3~17.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-devel\", rpm:\"rpm-devel~4.11.3~17.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-libs\", rpm:\"rpm-libs~4.11.3~17.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-python\", rpm:\"rpm-python~4.11.3~17.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-sign\", rpm:\"rpm-sign~4.11.3~17.h3\", rls:\"EULEROS-2.0SP2\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:37:10", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2019-1210)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7501"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191210", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191210", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1210\");\n script_version(\"2020-01-23T11:34:57+0000\");\n script_cve_id(\"CVE-2017-7501\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:34:57 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:34:57 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2019-1210)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-2\\.5\\.4\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1210\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1210\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'rpm' package(s) announced via the EulerOS-SA-2019-1210 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that rpm uses temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.CVE-2017-7501\");\n\n script_tag(name:\"affected\", value:\"'rpm' package(s) on Huawei EulerOS Virtualization 2.5.4.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-2.5.4\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm\", rpm:\"rpm~4.11.3~32.h6\", rls:\"EULEROSVIRT-2.5.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-build\", rpm:\"rpm-build~4.11.3~32.h6\", rls:\"EULEROSVIRT-2.5.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-build-libs\", rpm:\"rpm-build-libs~4.11.3~32.h6\", rls:\"EULEROSVIRT-2.5.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-libs\", rpm:\"rpm-libs~4.11.3~32.h6\", rls:\"EULEROSVIRT-2.5.4\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-python\", rpm:\"rpm-python~4.11.3~32.h6\", rls:\"EULEROSVIRT-2.5.4\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:35:41", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2019-1466)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7501"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191466", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191466", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1466\");\n script_version(\"2020-01-23T11:48:15+0000\");\n script_cve_id(\"CVE-2017-7501\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:48:15 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:48:15 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2019-1466)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.1\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1466\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1466\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'rpm' package(s) announced via the EulerOS-SA-2019-1466 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that rpm uses temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.(CVE-2017-7501)\");\n\n script_tag(name:\"affected\", value:\"'rpm' package(s) on Huawei EulerOS Virtualization 3.0.1.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.1.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm\", rpm:\"rpm~4.11.3~32.h6\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-build\", rpm:\"rpm-build~4.11.3~32.h6\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-build-libs\", rpm:\"rpm-build-libs~4.11.3~32.h6\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-libs\", rpm:\"rpm-libs~4.11.3~32.h6\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-python\", rpm:\"rpm-python~4.11.3~32.h6\", rls:\"EULEROSVIRT-3.0.1.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:37:36", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2019-1043)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7501"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191043", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191043", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1043\");\n script_version(\"2020-01-23T11:28:45+0000\");\n script_cve_id(\"CVE-2017-7501\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:28:45 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:28:45 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2019-1043)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1043\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1043\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'rpm' package(s) announced via the EulerOS-SA-2019-1043 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that rpm uses temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.(CVE-2017-7501)\");\n\n script_tag(name:\"affected\", value:\"'rpm' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm\", rpm:\"rpm~4.11.3~21.h5\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-build\", rpm:\"rpm-build~4.11.3~21.h5\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-build-libs\", rpm:\"rpm-build-libs~4.11.3~21.h5\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-devel\", rpm:\"rpm-devel~4.11.3~21.h5\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-libs\", rpm:\"rpm-libs~4.11.3~21.h5\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-python\", rpm:\"rpm-python~4.11.3~21.h5\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-sign\", rpm:\"rpm-sign~4.11.3~21.h5\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:32:51", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2019-1616)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7501"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191616", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191616", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1616\");\n script_version(\"2020-01-23T12:17:29+0000\");\n script_cve_id(\"CVE-2017-7501\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 12:17:29 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 12:17:29 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2019-1616)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1616\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1616\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'rpm' package(s) announced via the EulerOS-SA-2019-1616 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that rpm uses temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.(CVE-2017-7501)\");\n\n script_tag(name:\"affected\", value:\"'rpm' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm\", rpm:\"rpm~4.11.3~32.h6\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-build\", rpm:\"rpm-build~4.11.3~32.h6\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-build-libs\", rpm:\"rpm-build-libs~4.11.3~32.h6\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-libs\", rpm:\"rpm-libs~4.11.3~32.h6\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-python\", rpm:\"rpm-python~4.11.3~32.h6\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-01-27T18:34:57", "description": "The remote host is missing an update for the Huawei EulerOS\n ", "cvss3": {}, "published": "2020-01-23T00:00:00", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2019-1011)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2017-7501"], "modified": "2020-01-23T00:00:00", "id": "OPENVAS:1361412562311220191011", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220191011", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2019.1011\");\n script_version(\"2020-01-23T11:27:15+0000\");\n script_cve_id(\"CVE-2017-7501\");\n script_tag(name:\"cvss_base\", value:\"4.6\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-23 11:27:15 +0000 (Thu, 23 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-23 11:27:15 +0000 (Thu, 23 Jan 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for rpm (EulerOS-SA-2019-1011)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2019-1011\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1011\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'rpm' package(s) announced via the EulerOS-SA-2019-1011 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was found that rpm uses temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.(CVE-2017-7501)\");\n\n script_tag(name:\"affected\", value:\"'rpm' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm\", rpm:\"rpm~4.11.3~32.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-build\", rpm:\"rpm-build~4.11.3~32.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-build-libs\", rpm:\"rpm-build-libs~4.11.3~32.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-devel\", rpm:\"rpm-devel~4.11.3~32.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-libs\", rpm:\"rpm-libs~4.11.3~32.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-python\", rpm:\"rpm-python~4.11.3~32.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"rpm-sign\", rpm:\"rpm-sign~4.11.3~32.h6.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "mageia": [{"lastseen": "2023-06-05T16:28:27", "description": "It was found that rpm did not properly handle RPM installations when a destination path was a symbolic link to a directory, possibly changing ownership and permissions of an arbitrary directory, and RPM files being placed in an arbitrary destination. An attacker, with write access to a directory in which a subdirectory will be installed, could redirect that directory to an arbitrary location and gain root privilege (CVE-2017-7500). It was found that rpm uses temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation (CVE-2017-7501) \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-10-30T19:23:17", "type": "mageia", "title": "Updated rpm package fixes security vulnerabilities\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501"], "modified": "2017-10-24T20:09:45", "id": "MGASA-2017-0394", "href": "https://advisories.mageia.org/MGASA-2017-0394.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-05-23T16:24:18", "description": "RPM does not require subkeys to have a valid binding signature (CVE-2021-3521) \n", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-09-10T20:26:43", "type": "mageia", "title": "Updated rpm packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2022-09-10T20:26:43", "id": "MGASA-2022-0321", "href": "https://advisories.mageia.org/MGASA-2022-0321.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "fedora": [{"lastseen": "2020-12-21T08:17:54", "description": "The RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package like its version, a description, etc. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-28T17:35:50", "type": "fedora", "title": "[SECURITY] Fedora 25 Update: rpm-4.13.0.2-1.fc25", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501"], "modified": "2017-11-28T17:35:50", "id": "FEDORA:D90736014B80", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/ZDTWP3MAJYZYFU2SKY5WNNBP4ITNUFMN/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2020-12-21T08:17:54", "description": "The RPM Package Manager (RPM) is a powerful command line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages. Each software package consists of an archive of files along with information about the package like its version, a description, etc. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-11-07T22:21:47", "type": "fedora", "title": "[SECURITY] Fedora 26 Update: rpm-4.13.0.2-1.fc26", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501"], "modified": "2017-11-07T22:21:47", "id": "FEDORA:BB68160F1C0B", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/JIR2ZIKHQV3RNO7MINMTYG35IDRBXCS2/", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}], "suse": [{"lastseen": "2018-10-24T16:31:11", "description": "This update for rpm fixes the following issues:\n\n These security issues were fixed:\n\n - CVE-2017-7500: rpm did not properly handle RPM installations when a\n destination path was a symbolic link to a directory, possibly changing\n ownership and permissions of an arbitrary directory, and RPM files being\n placed in an arbitrary destination (bsc#943457).\n - CVE-2017-7501: rpm used temporary files with predictable names when\n installing an RPM. An attacker with ability to write in a directory\n where files will be installed could create symbolic links to an\n arbitrary location and modify content, and possibly permissions to\n arbitrary files, which could be used for denial of service or possibly\n privilege escalation (bsc#943457)\n\n This non-security issue was fixed:\n\n - Use ksym-provides tool [bsc#1077692]\n\n This update was imported from the SUSE:SLE-12:Update update project.\n\n", "cvss3": {}, "published": "2018-10-24T15:11:26", "type": "suse", "title": "Security update for rpm (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-7500", "CVE-2017-7501"], "modified": "2018-10-24T15:11:26", "id": "OPENSUSE-SU-2018:3373-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00058.html", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-06T17:54:23", "description": "This update for rpm fixes the following issues:\n\n This security vulnerability was fixed:\n\n - CVE-2017-7500: Fixed symlink attacks during RPM installation (bsc#943457)\n\n\n This update was imported from the SUSE:SLE-15:Update update project.\n\n", "cvss3": {}, "published": "2018-08-06T15:17:09", "type": "suse", "title": "Security update for rpm (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2017-7500"], "modified": "2018-08-06T15:17:09", "id": "OPENSUSE-SU-2018:2215-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2018-08/msg00016.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "f5": [{"lastseen": "2019-06-28T14:42:39", "description": "\nF5 Product Development has assigned CPF-24785, CPF-24786, and CPF-24787 (Traffix SDC) to this vulnerability.\n\nTo determine if your product and version have been evaluated for this vulnerability, refer to the **Applies to (see versions)** box. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table.\n\nProduct | Branch | Versions known to be vulnerable | Fixes introduced in | Severity | CVSSv3 score1 | Vulnerable component or feature \n---|---|---|---|---|---|--- \nBIG-IP (LTM, AAM, AFM, Analytics, APM, ASM, DNS, Edge Gateway, GTM, Link Controller, PEM, WebAccelerator, WebSafe) | 13.x | None | Not applicable | Not vulnerable | None | None \n12.x | None | Not applicable \n11.x | None | Not applicable \nARX | 6.x | None | Not applicable | Not vulnerable | None | None \nEnterprise Manager | 3.x | None | Not applicable | Not vulnerable | None | None \nBIG-IQ (Cloud, Device, Security, ADC) | 4.x | None | Not applicable | Not vulnerable | None | None \nBIG-IQ Centralized Management | 5.x | None | Not applicable | Not vulnerable | None | None \n4.x | None | Not applicable \nBIG-IQ Cloud and Orchestration | 1.x | None | Not applicable | Not vulnerable | None | None \nF5 iWorkflow | 2.x | None | Not applicable | Not vulnerable | None | None \nLineRate | 2.x | None | Not applicable | Not vulnerable | None | None \nTraffix SDC | 5.x | 5.0.0 - 5.1.0 | Not applicable | High | [7.3](<https://first.org/cvss/calculator/3.0#CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H>) | Linux RPM \n4.x | 4.0.0 - 4.4.0 | Not applicable \n \n1The CVSSv3 score link takes you to a resource outside of AskF5, and it is possible that the document may be removed without our knowledge.\n\nIf you are running a version listed in the **Versions known to be vulnerable** column, you can eliminate this vulnerability by upgrading to a version listed in the **Fixes introduced in** column. If the table lists only an older version than what you are currently running, or does not list a non-vulnerable version, then no upgrade candidate currently exists.\n\n**Note**: For details about how Security Advisory articles are versioned, and what versions are listed in the table, refer to [K51812227: Understanding Security Advisory versioning](<https://support.f5.com/csp/article/K51812227>).\n\nMitigation\n\nNone\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-26T19:01:00", "type": "f5", "title": "Linux RPM vulnerability CVE-2017-7501", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7501"], "modified": "2018-01-26T19:01:00", "id": "F5:K03710547", "href": "https://support.f5.com/csp/article/K03710547", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "almalinux": [{"lastseen": "2023-05-23T17:12:24", "description": "The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.\n\nSecurity Fix(es):\n\n* rpm: RPM does not require subkeys to have a valid binding signature (CVE-2021-3521)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-02-01T20:13:05", "type": "almalinux", "title": "Moderate: rpm security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2022-02-02T11:55:08", "id": "ALSA-2022:0368", "href": "https://errata.almalinux.org/8/ALSA-2022-0368.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "rocky": [{"lastseen": "2022-08-26T19:07:30", "description": "An update for rpm is now available for Rocky Linux 8.\nRocky Linux Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.\nThe RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-02-02T04:36:50", "type": "rocky", "title": "rpm security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2022-02-02T04:36:50", "id": "RLSA-2022:368", "href": "https://errata.rockylinux.org/RLSA-2022:368", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-24T17:24:53", "description": "An update is available for rpm.\nThis update affects Rocky Linux 8.\nA Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list\nThe RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.\n\nSecurity Fix(es):\n\n* rpm: RPM does not require subkeys to have a valid binding signature (CVE-2021-3521)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-02-01T20:13:05", "type": "rocky", "title": "rpm security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2022-02-01T20:13:05", "id": "RLSA-2022:0368", "href": "https://errata.rockylinux.org/RLSA-2022:0368", "cvss": {"score": 0.0, "vector": "NONE"}}], "redhat": [{"lastseen": "2023-05-25T12:20:40", "description": "The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.\n\nSecurity Fix(es):\n\n* rpm: RPM does not require subkeys to have a valid binding signature (CVE-2021-3521)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-02-22T14:34:44", "type": "redhat", "title": "(RHSA-2022:0634) Moderate: rpm security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2022-02-22T14:45:53", "id": "RHSA-2022:0634", "href": "https://access.redhat.com/errata/RHSA-2022:0634", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T12:20:40", "description": "The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.\n\nSecurity Fix(es):\n\n* rpm: RPM does not require subkeys to have a valid binding signature (CVE-2021-3521)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-01-25T08:44:09", "type": "redhat", "title": "(RHSA-2022:0254) Moderate: rpm security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2022-01-25T08:51:22", "id": "RHSA-2022:0254", "href": "https://access.redhat.com/errata/RHSA-2022:0254", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-25T12:20:40", "description": "The RPM Package Manager (RPM) is a command-line driven package management system capable of installing, uninstalling, verifying, querying, and updating software packages.\n\nSecurity Fix(es):\n\n* rpm: RPM does not require subkeys to have a valid binding signature (CVE-2021-3521)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-02-01T20:13:05", "type": "redhat", "title": "(RHSA-2022:0368) Moderate: rpm security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2022-02-01T20:19:08", "id": "RHSA-2022:0368", "href": "https://access.redhat.com/errata/RHSA-2022:0368", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.\n\nSecurity Fix(es):\n\n* gitops: Path traversal and dereference of symlinks when passing Helm value files (CVE-2022-24348)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 7.7, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2022-02-08T22:07:57", "type": "redhat", "title": "(RHSA-2022:0477) Important: Red Hat OpenShift GitOps security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3521", "CVE-2022-24348"], "modified": "2022-02-08T22:08:16", "id": "RHSA-2022:0477", "href": "https://access.redhat.com/errata/RHSA-2022:0477", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:P/I:N/A:N"}}, {"lastseen": "2023-05-25T12:20:40", "description": "Service Telemetry Framework (STF) provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform (OCP) deployment for storage, retrieval, and monitoring.\n\nSecurity fixes:\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716) For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nBug fixes:\n\n* In some cases, Ceilometer metrics were not handled properly by sg-core. This resulted in some Ceilometer metrics not being stored in Prometheus. In this release, the processing of metrics has been enhanced to be more robust. While the sg-core has been enhanced to support larger messages from Ceilometer, an additional change is required to support passing the larger messages through the sg-bridge ring buffer. The changes required to fully support this functionality is being tracked in RHBZ#2053681. (BZ#2051615)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-21T13:44:50", "type": "redhat", "title": "(RHSA-2022:0585) Important: Service Telemetry Framework 1.4 (sg-core-container) security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3521", "CVE-2021-44716"], "modified": "2022-02-21T13:45:13", "id": "RHSA-2022:0585", "href": "https://access.redhat.com/errata/RHSA-2022:0585", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-05-27T16:20:55", "description": "OpenShift API for Data Protection (OADP) enables you to back up and restore application resources, persistent volume data, and internal container images to external backup storage. OADP enables both file system-based and snapshot-based backups for persistent volumes.\n\nSecurity Fix(es):\n\n* ulikunitz/xz: Infinite loop in readUvarint allows for denial of service (CVE-2021-29482)\n\n* opencontainers: OCI manifest and index parsing confusion (CVE-2021-41190)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-28T09:35:55", "type": "redhat", "title": "(RHSA-2022:0687) Moderate: OpenShift API for Data Protection (OADP) 1.0.1 security and bug fix update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-29482", "CVE-2021-3521", "CVE-2021-41190", "CVE-2021-4122"], "modified": "2022-02-28T09:37:02", "id": "RHSA-2022:0687", "href": "https://access.redhat.com/errata/RHSA-2022:0687", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.\n\nSecurity Fix(es):\n\n* gitops: Path traversal and dereference of symlinks when passing Helm value files (CVE-2022-24348)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-02-08T22:00:22", "type": "redhat", "title": "(RHSA-2022:0476) Important: Red Hat OpenShift GitOps security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3521", "CVE-2021-3712", "CVE-2021-3872", "CVE-2021-3984", "CVE-2021-4019", "CVE-2021-4122", "CVE-2021-4192", "CVE-2021-4193", "CVE-2022-24348"], "modified": "2022-02-08T22:00:39", "id": "RHSA-2022:0476", "href": "https://access.redhat.com/errata/RHSA-2022:0476", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "OpenShift Logging bug fix and security update (5.3.5)\n\nSecurity Fix(es):\n\n* jackson-dataformat-cbor: Unchecked allocation of byte buffer can cause a java.lang.OutOfMemoryError exception (CVE-2020-28491)\n\n* origin-aggregated-logging/elasticsearch: Incomplete fix for netty-codec-http CVE-2021-21409 (CVE-2022-0552)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-03-01T14:01:24", "type": "redhat", "title": "(RHSA-2022:0721) Moderate: OpenShift Logging bug fix and security update (5.3.5)", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28491", "CVE-2021-21409", "CVE-2021-3521", "CVE-2021-3872", "CVE-2021-3984", "CVE-2021-4019", "CVE-2021-4122", "CVE-2021-4192", "CVE-2021-4193", "CVE-2022-0552"], "modified": "2022-03-01T14:01:38", "id": "RHSA-2022:0721", "href": "https://access.redhat.com/errata/RHSA-2022:0721", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.7.43. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHSA-2022:0492\n\nSecurity Fix(es):\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-16T11:22:56", "type": "redhat", "title": "(RHSA-2022:0493) Moderate: OpenShift Container Platform 4.7.43 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3521", "CVE-2021-44832", "CVE-2022-21248", "CVE-2022-21282", "CVE-2022-21283", "CVE-2022-21293", "CVE-2022-21294", "CVE-2022-21296", "CVE-2022-21299", "CVE-2022-21305", "CVE-2022-21340", "CVE-2022-21341", "CVE-2022-21360", "CVE-2022-21365"], "modified": "2022-02-16T11:23:34", "id": "RHSA-2022:0493", "href": "https://access.redhat.com/errata/RHSA-2022:0493", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Windows Container Support for Red Hat OpenShift allows you to deploy Windows container workloads running on Windows Server containers.\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while parsing -u- extension (CVE-2020-28851)\n* golang.org/x/text: Panic in language.ParseAcceptLanguage while processing bcp47 tag (CVE-2020-28852)\n* golang: net: incorrect parsing of extraneous zero characters at the beginning of an IP address octet (CVE-2021-29923)\n* golang: net/http: panic in ReadRequest and ReadResponse when reading a very large header (CVE-2021-31525)\n* golang: net: lookup functions may return invalid host names (CVE-2021-33195)\n* golang: net/http/httputil: ReverseProxy forwards connection headers if first one is empty (CVE-2021-33197)\n* golang: math/big.Rat: may cause a panic or an unrecoverable fatal error if passed inputs with very large exponents (CVE-2021-33198)\n* golang: crypto/tls: certificate of wrong type is causing TLS client to panic (CVE-2021-34558)\n* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-28T08:52:30", "type": "redhat", "title": "(RHSA-2022:0577) Moderate: Windows Container Support for Red Hat OpenShift 5.0.0 [security update]", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-28851", "CVE-2020-28852", "CVE-2021-29923", "CVE-2021-3121", "CVE-2021-31525", "CVE-2021-33195", "CVE-2021-33197", "CVE-2021-33198", "CVE-2021-34558", "CVE-2021-3521", "CVE-2021-36221", "CVE-2021-3712", "CVE-2021-42574", "CVE-2022-24407"], "modified": "2022-03-28T08:52:50", "id": "RHSA-2022:0577", "href": "https://access.redhat.com/errata/RHSA-2022:0577", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.31. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2022:0484\n\nSecurity Fix(es):\n\n* log4j-core: remote code execution via JDBC Appender (CVE-2021-44832)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nAll OpenShift Container Platform 4.8 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available at https://docs.openshift.com/container-platform/4.8/updating/updating-cluster-cli.html", "cvss3": {"exploitabilityScore": 0.7, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "baseScore": 6.6, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-16T14:52:41", "type": "redhat", "title": "(RHSA-2022:0485) Moderate: OpenShift Container Platform 4.8.31 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 6.8, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 8.5, "vectorString": "AV:N/AC:M/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3521", "CVE-2021-44832", "CVE-2022-21248", "CVE-2022-21282", "CVE-2022-21283", "CVE-2022-21293", "CVE-2022-21294", "CVE-2022-21296", "CVE-2022-21299", "CVE-2022-21305", "CVE-2022-21340", "CVE-2022-21341", "CVE-2022-21360", "CVE-2022-21365"], "modified": "2022-02-16T14:55:09", "id": "RHSA-2022:0485", "href": "https://access.redhat.com/errata/RHSA-2022:0485", "cvss": {"score": 8.5, "vector": "AV:N/AC:M/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container Platform 4.7.43. See the following advisory for the RPM packages for this release:\n\nhttps://access.redhat.com/errata/RHSA-2022:0491\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.7/release_notes/ocp-4-7-release-notes.html\n\nSecurity Fix(es):\n\n* containernetworking-cni: Arbitrary path injection via type field in CNI\nconfiguration (CVE-2021-20206)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nYou may download the oc tool and use it to inspect release image metadata as follows:\n\n(For x86_64 architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.43-x86_64\n\nThe image digest is sha256:45defc4b9ed55d539c50678387fe2d3e755c56f23afa210ea087b799d1138d48\n\n(For s390x architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.43-s390x\n\nThe image digest is sha256:dc6363e8522ec44e852d2ab93209789a916b590d2185cffa1c4fb92d515376e9\n\n(For ppc64le architecture)\n\n $ oc adm release info quay.io/openshift-release-dev/ocp-release:4.7.43-ppc64le\n\nThe image digest is sha256:2bd16240cbc87f4d532bfae6d280742d986459a058a1f91f55f5b0e937f2cc03\n\nAll OpenShift Container Platform 4.7 users are advised to upgrade to these updated packages and images when they are available in the appropriate release channel. To check for available updates, use the OpenShift Console or the CLI oc command. Instructions for upgrading a cluster are available\nat https://docs.openshift.com/container-platform/4.7/updating/updating-cluster-cli.html", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-16T10:57:55", "type": "redhat", "title": "(RHSA-2022:0492) Moderate: OpenShift Container Platform 4.7.43 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-20206", "CVE-2021-3521", "CVE-2021-4034", "CVE-2022-20612", "CVE-2022-20617", "CVE-2022-21248", "CVE-2022-21282", "CVE-2022-21283", "CVE-2022-21293", "CVE-2022-21294", "CVE-2022-21296", "CVE-2022-21299", "CVE-2022-21305", "CVE-2022-21340", "CVE-2022-21341", "CVE-2022-21360", "CVE-2022-21365", "CVE-2022-23094"], "modified": "2022-02-16T11:07:48", "id": "RHSA-2022:0492", "href": "https://access.redhat.com/errata/RHSA-2022:0492", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-16T15:27:36", "description": "This version of the OpenShift Serverless Operator is supported on Red Hat\nOpenShift Container Platform versions 4.6, 4.7, 4.8, 4.9, and 4.10, includes\nsecurity and bug fixes and enhancements. For more information, see the\ndocumentation listed in the References section.\n\nSecurity Fix(es):\n\n* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)\n\n* golang: net/http: limit growth of header canonicalization cache\n(CVE-2021-44716)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-24T12:26:05", "type": "redhat", "title": "(RHSA-2022:1051) Moderate: Release of OpenShift Serverless 1.21.0", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.5, "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3521", "CVE-2021-3712", "CVE-2021-44716", "CVE-2021-44717", "CVE-2022-21248", "CVE-2022-21277", "CVE-2022-21282", "CVE-2022-21283", "CVE-2022-21291", "CVE-2022-21293", "CVE-2022-21294", "CVE-2022-21296", "CVE-2022-21299", "CVE-2022-21305", "CVE-2022-21340", "CVE-2022-21341", "CVE-2022-21360", "CVE-2022-21365", "CVE-2022-21366", "CVE-2022-24407"], "modified": "2022-03-24T12:26:38", "id": "RHSA-2022:1051", "href": "https://access.redhat.com/errata/RHSA-2022:1051", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.3.6 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console\u2014with security policy built in.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE links in the References section.\n\nThis advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide some security fixes and bug fixes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.3/html/release_notes/\n\nSecurity updates:\n\n* Nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918)\n\n* Nanoid: Information disclosure via valueOf() function (CVE-2021-23566)\n\n* Golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* Follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)\n\nBug fixes:\n\n* Inform ACM policy is not checking properly the node fields (BZ# 2015588)\n\n* ImagePullPolicy is \"Always\" for multicluster-operators-subscription-rhel8 image (BZ# 2021128)\n\n* Traceback blocks reconciliation of helm repository hosted on AWS S3 storage (BZ# 2021576)\n\n* RHACM 2.3.6 images (BZ# 2029507)\n\n* Console UI enabled SNO UI Options not displayed during cluster creating (BZ# 2030002)\n\n* Grc pod restarts for each new GET request to the Governance Policy Page (BZ# 2037351)\n\n* Clustersets do not appear in UI (BZ# 2049810)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-22T13:33:53", "type": "redhat", "title": "(RHSA-2022:0595) Important: Red Hat Advanced Cluster Management 2.3.6 security updates and bug fixes", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25704", "CVE-2020-36322", "CVE-2021-20321", "CVE-2021-23566", "CVE-2021-3521", "CVE-2021-3712", "CVE-2021-3872", "CVE-2021-3918", "CVE-2021-3984", "CVE-2021-4019", "CVE-2021-4034", "CVE-2021-4122", "CVE-2021-4155", "CVE-2021-4192", "CVE-2021-4193", "CVE-2021-42574", "CVE-2021-42739", "CVE-2021-43565", "CVE-2022-0155", "CVE-2022-0185", "CVE-2022-20612", "CVE-2022-20617"], "modified": "2022-03-04T00:06:50", "id": "RHSA-2022:0595", "href": "https://access.redhat.com/errata/RHSA-2022:0595", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services.\n\nThis erratum releases a new image for Red Hat Single Sign-On 7.4.10 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.\n\nSecurity Fix(es):\n\n* log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n* log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-07T13:32:05", "type": "redhat", "title": "(RHSA-2022:0444) Moderate: Red Hat Single Sign-On 7.4.10 on OpenJDK for OpenShift image security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3521", "CVE-2021-3872", "CVE-2021-3984", "CVE-2021-4019", "CVE-2021-4104", "CVE-2021-4122", "CVE-2021-4192", "CVE-2021-4193", "CVE-2022-21248", "CVE-2022-21282", "CVE-2022-21283", "CVE-2022-21293", "CVE-2022-21294", "CVE-2022-21296", "CVE-2022-21299", "CVE-2022-21305", "CVE-2022-21340", "CVE-2022-21341", "CVE-2022-21360", "CVE-2022-21365", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2022-02-07T13:33:17", "id": "RHSA-2022:0444", "href": "https://access.redhat.com/errata/RHSA-2022:0444", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.4.2 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments. Clusters and applications are all visible and managed from a single console\u2014with security policy built in.\n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE links in the References section.\n\nThis advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide some security fixes and bug fixes. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.4/html/release_notes/\n\nSecurity updates:\n\n* nodejs-json-schema: Prototype pollution vulnerability (CVE-2021-3918)\n\n* containerd: Unprivileged pod may bind mount any privileged regular file on disk (CVE-2021-43816)\n\n* minio-go: user privilege escalation in AddUser() admin API (CVE-2021-43858)\n\n* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)\n\n* fastify-static: open redirect via an URL with double slash followed by a domain (CVE-2021-22963) \n\n* moby: `docker cp` allows unexpected chmod of host file (CVE-2021-41089)\n\n* moby: data directory contains subdirectories with insufficiently restricted permissions, which could lead to directory traversal (CVE-2021-41091)\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* node-fetch: Exposure of Sensitive Information to an Unauthorized Actor (CVE-2022-0235)\n\n* nats-server: misusing the \"dynamically provisioned sandbox accounts\" feature authenticated user can obtain the privileges of the System account (CVE-2022-24450)\n\nBug fixes:\n\n* Trying to create a new cluster on vSphere and no feedback, stuck in \"creating\" (Bugzilla #1937078)\n\n* The hyperlink of *ks cluster node cannot be opened when I want to check the node (Bugzilla #2028100)\n\n* Unable to make SSH connection to a Bitbucket server (Bugzilla #2028196)\n\n* RHACM cannot deploy Helm Charts with version numbers starting with letters (e.g. v1.6.1) (Bugzilla #2028931)\n\n* RHACM 2.4.2 images (Bugzilla #2029506)\n\n* Git Application still appears in Application Table and Resources are Still Seen in Advanced Configuration Upon Deletion after Upgrade from 2.4.0 (Bugzilla #2030005)\n\n* Namespace left orphaned after destroying the cluster (Bugzilla #2030379)\n\n* The results filtered through the filter contain some data that should not be present in cluster page (Bugzilla #2034198)\n\n* Git over ssh doesn't use custom port set in url (Bugzilla #2036057)\n\n* The value of name label changed from clusterclaim name to cluster name (Bugzilla #2042223)\n\n* ACM configuration policies do not handle Limitrange or Quotas values (Bugzilla #2042545)\n\n* Cluster addons do not appear after upgrade from ACM 2.3.5 to ACM 2.3.6 (Bugzilla #2050847)\n\n* The azure government regions were not list in the region drop down list when creating the cluster (Bugzilla #2051797)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-03T01:33:59", "type": "redhat", "title": "(RHSA-2022:0735) Important: Red Hat Advanced Cluster Management 2.4.2 security updates and bug fixes", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-22963", "CVE-2021-3521", "CVE-2021-3712", "CVE-2021-3807", "CVE-2021-3872", "CVE-2021-3918", "CVE-2021-3984", "CVE-2021-4019", "CVE-2021-4034", "CVE-2021-41089", "CVE-2021-41091", "CVE-2021-4122", "CVE-2021-4155", "CVE-2021-4192", "CVE-2021-4193", "CVE-2021-42574", "CVE-2021-43565", "CVE-2021-43816", "CVE-2021-43858", "CVE-2022-0185", "CVE-2022-0235", "CVE-2022-24407", "CVE-2022-24450"], "modified": "2022-08-17T07:48:36", "id": "RHSA-2022:0735", "href": "https://access.redhat.com/errata/RHSA-2022:0735", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Red Hat Single Sign-On is an integrated sign-on solution, available as a Red Hat JBoss Middleware for OpenShift containerized image. The Red Hat Single Sign-On for OpenShift image provides an authentication server that you can use to log in centrally, log out, and register. You can also manage user accounts for web applications, mobile applications, and RESTful web services.\n\nThis erratum releases a new image for Red Hat Single Sign-On 7.4.10 for use within the OpenShift Container Platform 3.10, OpenShift Container Platform 3.11, and within the OpenShift Container Platform 4.3 cloud computing Platform-as-a-Service (PaaS) for on-premise or private cloud deployments, aligning with the standalone product release.\n\nSecurity Fix(es):\n\n* log4j: SQL injection in Log4j 1.x when application is configured to use JDBCAppender (CVE-2022-23305)\n\n* log4j: Unsafe deserialization flaw in Chainsaw log viewer (CVE-2022-23307)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSAppender (CVE-2021-4104)\n\n* log4j: Remote code execution in Log4j 1.x when application is configured to use JMSSink (CVE-2022-23302)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-07T13:32:11", "type": "redhat", "title": "(RHSA-2022:0445) Moderate: Red Hat Single Sign-On 7.4.10 on OpenJ9 for OpenShift image security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3521", "CVE-2021-3872", "CVE-2021-3984", "CVE-2021-4019", "CVE-2021-4104", "CVE-2021-4122", "CVE-2021-4192", "CVE-2021-4193", "CVE-2022-21248", "CVE-2022-21282", "CVE-2022-21283", "CVE-2022-21293", "CVE-2022-21294", "CVE-2022-21296", "CVE-2022-21299", "CVE-2022-21305", "CVE-2022-21340", "CVE-2022-21341", "CVE-2022-21360", "CVE-2022-21365", "CVE-2022-23302", "CVE-2022-23305", "CVE-2022-23307"], "modified": "2022-02-07T13:33:33", "id": "RHSA-2022:0445", "href": "https://access.redhat.com/errata/RHSA-2022:0445", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Gatekeeper Operator v0.2\n\nGatekeeper is an open source project that applies the OPA Constraint\nFramework to enforce policies on your Kubernetes clusters. \n\nThis advisory contains the container images for Gatekeeper that include security updates, and container upgrades.\n\nRed Hat Product Security has rated this update as having a security impact\nof Moderate. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\nNote: Gatekeeper support from the Red Hat support team is limited cases\nwhere it is integrated and used with Red Hat Advanced Cluster Management\nfor Kubernetes. For support options for any other use, see the Gatekeeper\nopen source project website at:\nhttps://open-policy-agent.github.io/gatekeeper/website/docs/howto/.\n\nSecurity updates:\n\n* golang.org/x/crypto: empty plaintext packet causes panic (CVE-2021-43565)\n\n* golang: crypto/elliptic IsOnCurve returns true for invalid field elements (CVE-2022-23806)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-28T12:46:09", "type": "redhat", "title": "(RHSA-2022:1081) Moderate: Gatekeeper Operator v0.2 security updates and bug fixes", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-24370", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-23177", "CVE-2021-28153", "CVE-2021-31566", "CVE-2021-3200", "CVE-2021-33560", "CVE-2021-3445", "CVE-2021-3521", "CVE-2021-3580", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3712", "CVE-2021-3800", "CVE-2021-3999", "CVE-2021-42574", "CVE-2021-43565", "CVE-2022-23218", "CVE-2022-23219", "CVE-2022-23308", "CVE-2022-23806", "CVE-2022-24407"], "modified": "2022-03-28T12:46:25", "id": "RHSA-2022:1081", "href": "https://access.redhat.com/errata/RHSA-2022:1081", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Release osp-director-operator images\n\nSecurity Fix(es):\n\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-14T09:17:24", "type": "redhat", "title": "(RHSA-2022:0842) Important: Release of containers for OSP 16.2 director operator tech preview", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-24370", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-3200", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3521", "CVE-2021-3572", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3712", "CVE-2021-3800", "CVE-2021-3872", "CVE-2021-3984", "CVE-2021-4019", "CVE-2021-4122", "CVE-2021-4192", "CVE-2021-4193", "CVE-2021-42574", "CVE-2021-44716", "CVE-2022-24407"], "modified": "2022-03-14T09:17:56", "id": "RHSA-2022:0842", "href": "https://access.redhat.com/errata/RHSA-2022:0842", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-08-16T15:27:36", "description": "Red Hat Openshift GitOps is a declarative way to implement continuous deployment for cloud native applications.\n\nSecurity Fix(es):\n\n* gitops: Path traversal and dereference of symlinks when passing Helm value files (CVE-2022-24348)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-02-17T21:43:14", "type": "redhat", "title": "(RHSA-2022:0580) Important: Red Hat OpenShift GitOps security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-4658", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14145", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-24370", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-20271", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-3200", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3521", "CVE-2021-3572", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3712", "CVE-2021-37750", "CVE-2021-3800", "CVE-2021-39241", "CVE-2021-40346", "CVE-2021-42574", "CVE-2021-43527", "CVE-2021-44790", "CVE-2022-24348"], "modified": "2022-02-17T21:43:37", "id": "RHSA-2022:0580", "href": "https://access.redhat.com/errata/RHSA-2022:0580", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-30T12:45:50", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.2.11 images\n\nRed Hat Advanced Cluster Management for Kubernetes provides the capabilities to address common challenges that administrators and site reliability engineers face as they work across a range of public and private cloud environments.\n\nClusters and applications are all visible and managed from a single console \u2014 with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster Management for Kubernetes, which provide security fixes, bug fixes and container upgrades. See the following Release Notes documentation, which will be updated shortly for this release, for additional details about this release:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.2/html/release_notes/\n\nSecurity updates:\n\n* object-path: Type confusion vulnerability can lead to a bypass of CVE-2020-15256 (CVE-2021-23434)\n\n* follow-redirects: Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)\n\nRelated bugs: \n\n* RHACM 2.2.11 images (Bugzilla #2029508)\n\n* ClusterImageSet has 4.5 which is not supported in ACM 2.2.10 (Bugzilla #2030859)", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-14T12:22:55", "type": "redhat", "title": "(RHSA-2022:0856) Moderate: Red Hat Advanced Cluster Management 2.2.11 security updates and bug fixes", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 5.5, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.9, "vectorString": "AV:A/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-0465", "CVE-2020-0466", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14155", "CVE-2020-15256", "CVE-2020-16135", "CVE-2020-24370", "CVE-2020-25709", "CVE-2020-25710", "CVE-2021-0920", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-23434", "CVE-2021-25214", "CVE-2021-27645", "CVE-2021-28153", "CVE-2021-3200", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3521", "CVE-2021-3564", "CVE-2021-3572", "CVE-2021-3573", "CVE-2021-3580", "CVE-2021-35942", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-3712", "CVE-2021-3752", "CVE-2021-3800", "CVE-2021-3872", "CVE-2021-39241", "CVE-2021-3984", "CVE-2021-4019", "CVE-2021-40346", "CVE-2021-4122", "CVE-2021-4155", "CVE-2021-4192", "CVE-2021-4193", "CVE-2021-42574", "CVE-2022-0155", "CVE-2022-0185", "CVE-2022-0330", "CVE-2022-22942", "CVE-2022-24407"], "modified": "2022-03-14T12:23:27", "id": "RHSA-2022:0856", "href": "https://access.redhat.com/errata/RHSA-2022:0856", "cvss": {"score": 7.9, "vector": "AV:A/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-30T12:45:50", "description": "The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API.\n\nSecurity Fix(es):\n\n* golang: net/http/httputil: panic due to racy read of persistConn after handler panic (CVE-2021-36221)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-04-19T10:16:29", "type": "redhat", "title": "(RHSA-2022:1396) Moderate: Migration Toolkit for Containers (MTC) 1.5.4 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3577", "CVE-2019-13750", "CVE-2019-13751", "CVE-2019-17594", "CVE-2019-17595", "CVE-2019-18218", "CVE-2019-19603", "CVE-2019-20838", "CVE-2019-5827", "CVE-2020-12762", "CVE-2020-13435", "CVE-2020-14155", "CVE-2020-16135", "CVE-2020-24370", "CVE-2020-25709", "CVE-2020-25710", "CVE-2021-0920", "CVE-2021-20231", "CVE-2021-20232", "CVE-2021-21684", "CVE-2021-22876", "CVE-2021-22898", "CVE-2021-22925", "CVE-2021-23177", "CVE-2021-28153", "CVE-2021-31566", "CVE-2021-3200", "CVE-2021-33560", "CVE-2021-3426", "CVE-2021-3445", "CVE-2021-3521", "CVE-2021-3572", "CVE-2021-3580", "CVE-2021-36084", "CVE-2021-36085", "CVE-2021-36086", "CVE-2021-36087", "CVE-2021-36221", "CVE-2021-3800", "CVE-2021-3999", "CVE-2021-41190", "CVE-2021-4122", "CVE-2021-4154", "CVE-2021-42574", "CVE-2021-44716", "CVE-2021-44717", "CVE-2021-45960", "CVE-2021-46143", "CVE-2022-0261", "CVE-2022-0318", "CVE-2022-0330", "CVE-2022-0359", "CVE-2022-0361", "CVE-2022-0392", "CVE-2022-0413", "CVE-2022-0435", "CVE-2022-0492", "CVE-2022-0516", "CVE-2022-0532", "CVE-2022-0778", "CVE-2022-0847", "CVE-2022-22816", "CVE-2022-22817", "CVE-2022-22822", "CVE-2022-22823", "CVE-2022-22824", "CVE-2022-22825", "CVE-2022-22826", "CVE-2022-22827", "CVE-2022-22942", "CVE-2022-23218", "CVE-2022-23219", "CVE-2022-23308", "CVE-2022-23852", "CVE-2022-24407", "CVE-2022-25235", "CVE-2022-25236", "CVE-2022-25315"], "modified": "2022-04-19T10:16:51", "id": "RHSA-2022:1396", "href": "https://access.redhat.com/errata/RHSA-2022:1396", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-03T15:19:09", "description": "Service Telemetry Framework (STF) provides automated collection of measurements and data from remote clients, such as Red Hat OpenStack Platform or third-party nodes. STF then transmits the information to a centralized, receiving Red Hat OpenShift Container Platform (OCP) deployment for storage, retrieval, and monitoring.\n\nSecurity Fix(es):\n\n* golang: compress/gzip: stack exhaustion in Reader.Read (CVE-2022-30631)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-08-08T16:13:09", "type": "redhat", "title": "(RHSA-2022:5924) Important: Service Telemetry Framework 1.4 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-10228", "CVE-2017-14502", "CVE-2018-1000858", "CVE-2018-25032", "CVE-2019-13050", "CVE-2019-13627", "CVE-2019-14889", "CVE-2019-20454", "CVE-2019-20807", "CVE-2019-25013", "CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2019-9169", "CVE-2020-10018", "CVE-2020-11793", "CVE-2020-13434", "CVE-2020-14391", "CVE-2020-15358", "CVE-2020-15503", "CVE-2020-1730", "CVE-2020-27618", "CVE-2020-29361", "CVE-2020-29362", "CVE-2020-29363", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-8927", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925", "CVE-2020-9952", "CVE-2021-20305", "CVE-2021-22946", "CVE-2021-22947", "CVE-2021-27218", "CVE-2021-30666", "CVE-2021-30761", "CVE-2021-30762", "CVE-2021-3326", "CVE-2021-33928", "CVE-2021-33929", "CVE-2021-33930", "CVE-2021-33938", "CVE-2021-3516", "CVE-2021-3517", "CVE-2021-3518", "CVE-2021-3520", "CVE-2021-3521", "CVE-2021-3537", "CVE-2021-3541", "CVE-2021-36222", "CVE-2021-37750", "CVE-2022-0778", "CVE-2022-1271", "CVE-2022-23852", "CVE-2022-24407", "CVE-2022-30631"], "modified": "2022-08-08T16:13:55", "id": "RHSA-2022:5924", "href": "https://access.redhat.com/errata/RHSA-2022:5924", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-08-30T12:45:50", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the container images for Red Hat OpenShift Container\nPlatform 4.10.3. See the following advisory for the RPM packages for this\nrelease:\n\nhttps://access.redhat.com/errata/RHSA-2022:0055\n\nSpace precludes documenting all of the container images in this advisory.\nSee the following Release Notes documentation, which will be updated\nshortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html\n\nSecurity Fix(es):\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n* grafana: Snapshot authentication bypass (CVE-2021-39226)\n* golang: net/http: limit growth of header canonicalization cache (CVE-2021-44716)\n* nodejs-axios: Regular expression denial of service in trim function (CVE-2021-3749)\n* golang: syscall: don't close fd 0 on ForkExec error (CVE-2021-44717)\n* grafana: Forward OAuth Identity Token can allow users to access some data sources (CVE-2022-21673)\n* grafana: directory traversal vulnerability (CVE-2021-43813)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nYou may download the oc tool and use it to inspect release image metadata\nas follows:\n\n(For x86_64 architecture)\n\n$ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-x86_64\n\nThe image digest is\nsha256:7ffe4cd612be27e355a640e5eec5cd8f923c1400d969fd590f806cffdaabcc56\n\n(For s390x architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-s390x\n\nThe image digest is\nsha256:4cf21a9399da1ce8427246f251ae5dedacfc8c746d2345f9cfe039ed9eda3e69\n\n(For ppc64le architecture)\n\n $ oc adm release info\nquay.io/openshift-release-dev/ocp-release:4.10.3-ppc64le\n\nThe image digest is\nsha256:4ee571da1edf59dfee4473aa4604aba63c224bf8e6bcf57d048305babbbde93c\n\nAll OpenShift Container Platform 4.10 users are advised to upgrade to these\nupdated packages and images when they are available in the appropriate\nrelease channel. To check for available updates, use the OpenShift Console\nor the CLI oc command. Instructions for upgrading a cluster are available\nat\nhttps://docs.openshift.com/container-platform/4.10/updating/updating-cluster-cli.html", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-03-10T15:13:45", "type": "redhat", "title": "(RHSA-2022:0056) Moderate: OpenShift Container Platform 4.10.3 security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2014-3577", "CVE-2016-10228", "CVE-2017-14502", "CVE-2018-1000858", "CVE-2018-20843", "CVE-2019-13050", "CVE-2019-13627", "CVE-2019-14889", "CVE-2019-15903", "CVE-2019-19906", "CVE-2019-20454", "CVE-2019-20807", "CVE-2019-25013", "CVE-2019-8625", "CVE-2019-8710", "CVE-2019-8720", "CVE-2019-8743", "CVE-2019-8764", "CVE-2019-8766", "CVE-2019-8769", "CVE-2019-8771", "CVE-2019-8782", "CVE-2019-8783", "CVE-2019-8808", "CVE-2019-8811", "CVE-2019-8812", "CVE-2019-8813", "CVE-2019-8814", "CVE-2019-8815", "CVE-2019-8816", "CVE-2019-8819", "CVE-2019-8820", "CVE-2019-8823", "CVE-2019-8835", "CVE-2019-8844", "CVE-2019-8846", "CVE-2019-9169", "CVE-2020-10018", "CVE-2020-11793", "CVE-2020-13434", "CVE-2020-14391", "CVE-2020-15358", "CVE-2020-15503", "CVE-2020-1730", "CVE-2020-25660", "CVE-2020-25677", "CVE-2020-27618", "CVE-2020-27781", "CVE-2020-29361", "CVE-2020-29362", "CVE-2020-29363", "CVE-2020-3862", "CVE-2020-3864", "CVE-2020-3865", "CVE-2020-3867", "CVE-2020-3868", "CVE-2020-3885", "CVE-2020-3894", "CVE-2020-3895", "CVE-2020-3897", "CVE-2020-3899", "CVE-2020-3900", "CVE-2020-3901", "CVE-2020-3902", "CVE-2020-8927", "CVE-2020-9802", "CVE-2020-9803", "CVE-2020-9805", "CVE-2020-9806", "CVE-2020-9807", "CVE-2020-9843", "CVE-2020-9850", "CVE-2020-9862", "CVE-2020-9893", "CVE-2020-9894", "CVE-2020-9895", "CVE-2020-9915", "CVE-2020-9925", "CVE-2020-9952", "CVE-2021-20305", "CVE-2021-21684", "CVE-2021-22946", "CVE-2021-22947", "CVE-2021-25215", "CVE-2021-27218", "CVE-2021-30666", "CVE-2021-30761", "CVE-2021-30762", "CVE-2021-3121", "CVE-2021-3326", "CVE-2021-33928", "CVE-2021-33929", "CVE-2021-33930", "CVE-2021-33938", "CVE-2021-3449", "CVE-2021-3450", "CVE-2021-3516", "CVE-2021-3517", "CVE-2021-3518", "CVE-2021-3520", "CVE-2021-3521", "CVE-2021-3537", "CVE-2021-3541", "CVE-2021-36222", "CVE-2021-3733", "CVE-2021-3749", "CVE-2021-37750", "CVE-2021-39226", "CVE-2021-41190", "CVE-2021-41772", "CVE-2021-43813", "CVE-2021-44716", "CVE-2021-44717", "CVE-2022-0532", "CVE-2022-21673", "CVE-2022-24407"], "modified": "2022-12-21T11:22:50", "id": "RHSA-2022:0056", "href": "https://access.redhat.com/errata/RHSA-2022:0056", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2022-02-10T00:00:00", "description": "[4.14.3-19.2]\n- Address covscan issues in binding sigs validation patch (#2022537)\n[4.14.3-19.1]\n- Validate and require subkey binding sigs on PGP pubkeys (#2022537)\n- Fixes CVE-2021-3521", "cvss3": {}, "published": "2022-02-02T00:00:00", "type": "oraclelinux", "title": "rpm security update", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2022-02-02T00:00:00", "id": "ELSA-2022-0368", "href": "http://linux.oracle.com/errata/ELSA-2022-0368.html", "cvss": {"score": 0.0, "vector": "NONE"}}], "photon": [{"lastseen": "2022-09-26T04:08:03", "description": "Updates of ['rpm'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-09-08T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2022-0243", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2022-09-08T00:00:00", "id": "PHSA-2022-0243", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-243", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-23T17:19:06", "description": "Updates of ['rpm'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 4.7, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-09-08T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2022-4.0-0243", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-3521"], "modified": "2022-09-08T00:00:00", "id": "PHSA-2022-4.0-0243", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-243", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-23T17:02:32", "description": "Updates of ['glib', 'rpm', 'elfutils'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-11-07T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2018-0194", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7500", "CVE-2018-16402", "CVE-2018-16428", "CVE-2018-16429"], "modified": "2018-11-07T00:00:00", "id": "PHSA-2018-0194", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-194", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-01T20:54:20", "description": "An update of {'elfutils', 'glib', 'rpm'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-11-07T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2018-1.0-0194", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7500", "CVE-2018-16402", "CVE-2018-16428", "CVE-2018-16429"], "modified": "2018-11-07T00:00:00", "id": "PHSA-2018-1.0-0194", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-194", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-02T00:03:39", "description": "An update of {'rpm', 'libgd', 'elfutils', 'glib'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2018-11-08T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2018-2.0-0108", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7500", "CVE-2018-1000222", "CVE-2018-16402", "CVE-2018-16428", "CVE-2018-16429"], "modified": "2018-11-08T00:00:00", "id": "PHSA-2018-2.0-0108", "href": "https://github.com/vmware/photon/wiki/Security-Updates-2-108", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-03T08:52:43", "description": "An update of {'curl', 'docker', 'binutils', 'linux','rpm'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2017-12-28T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2017-1.0-0095", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000407", "CVE-2017-12190", "CVE-2017-14992", "CVE-2017-17121", "CVE-2017-17122", "CVE-2017-17124", "CVE-2017-17125", "CVE-2017-7501", "CVE-2017-8818"], "modified": "2017-12-28T00:00:00", "id": "PHSA-2017-1.0-0095", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-95", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-23T14:59:05", "description": "Updates of ['curl', 'linux', 'rpm', 'binutils', 'linux-esx', 'docker'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2017-12-28T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2017-0095", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": true, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-1000407", "CVE-2017-12190", "CVE-2017-14992", "CVE-2017-17121", "CVE-2017-17122", "CVE-2017-17124", "CVE-2017-17125", "CVE-2017-7501", "CVE-2017-8818", "CVE-2018-18559", "CVE-2018-7492"], "modified": "2017-12-28T00:00:00", "id": "PHSA-2017-0095", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-95", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-25T17:40:06", "description": "Updates of ['linux-aws', 'glibc', 'linux-secure', 'rpm', 'rsync', 'linux-esx', 'linux', 'curl'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2018-01-04T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2018-0009", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-15129", "CVE-2017-16995", "CVE-2017-17426", "CVE-2017-17433", "CVE-2017-17434", "CVE-2017-17448", "CVE-2017-17449", "CVE-2017-17450", "CVE-2017-17712", "CVE-2017-17862", "CVE-2017-7501", "CVE-2017-8818", "CVE-2017-8824"], "modified": "2018-01-04T00:00:00", "id": "PHSA-2018-0009", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-9", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-09-23T09:01:47", "description": "Updates of ['curl', 'sqlite', 'go', 'rpm', 'python3'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-06T00:00:00", "type": "photon", "title": "Critical Photon OS Security Update - PHSA-2022-0512", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "COMPLETE", "baseScore": 8.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:C/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-20107", "CVE-2021-20223", "CVE-2021-3521", "CVE-2022-1705", "CVE-2022-1962", "CVE-2022-28131", "CVE-2022-29804", "CVE-2022-30580", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148", "CVE-2022-32189", "CVE-2022-35252"], "modified": "2022-09-06T00:00:00", "id": "PHSA-2022-0512", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-512", "cvss": {"score": 8.0, "vector": "AV:N/AC:L/Au:S/C:P/I:C/A:P"}}, {"lastseen": "2023-09-24T14:02:27", "description": "Updates of ['rpm', 'curl', 'gnutls', 'go', 'python3'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-09-05T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-3.0-0445", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "COMPLETE", "baseScore": 8.0, "vectorString": "AV:N/AC:L/Au:S/C:P/I:C/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 8.5, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-20107", "CVE-2021-28861", "CVE-2021-3521", "CVE-2022-1705", "CVE-2022-1962", "CVE-2022-2509", "CVE-2022-28131", "CVE-2022-29526", "CVE-2022-30580", "CVE-2022-30629", "CVE-2022-30630", "CVE-2022-30631", "CVE-2022-30632", "CVE-2022-30633", "CVE-2022-30635", "CVE-2022-32148", "CVE-2022-32189", "CVE-2022-35252"], "modified": "2022-09-05T00:00:00", "id": "PHSA-2022-3.0-0445", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-445", "cvss": {"score": 8.0, "vector": "AV:N/AC:L/Au:S/C:P/I:C/A:P"}}], "rosalinux": [{"lastseen": "2023-09-08T23:20:36", "description": "Software: rpm 4.11.3\nOS: Cobalt 7.9\n\nCVE-ID: CVE-2017-7501\nCVE-Crit: HIGH\nCVE-DESC: It was discovered that rpm versions prior to 4.13.0.2 use temporary files with predictable names when installing RPM. An attacker with the ability to write to the directory where the files will be installed could create symbolic links to an arbitrary location and change content and possibly permissions on arbitrary files that could be used for denial of service or possibly privilege escalation. \nCVE-STATUS: default\nCVE-REV: Default\n\nCVE-ID: CVE-2021-20266\nCVE-Crit: MEDIUM\nCVE-DESC: A bug was found in hdrblobInit () RPM in lib / header.c. This flaw allows an attacker who can modify rpmdb to cause reads outside the valid range. The biggest threat from this vulnerability is to system availability. \nCVE-STATUS: default\nCVE-REV: default\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-07-02T18:04:36", "type": "rosalinux", "title": "Advisory ROSA-SA-2021-1963", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2017-7501", "CVE-2021-20266"], "modified": "2021-07-02T18:04:36", "id": "ROSA-SA-2021-1963", "href": "https://abf.rosalinux.ru/advisories/ROSA-SA-2021-1963", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "ibm": [{"lastseen": "2023-06-24T06:05:03", "description": "## Summary\n\nMultiple issues were identified in Red Hat UBI(ubi8/ubi-minimal) v8.5-x packages that were shipped with IBM MQ Operator and IBM supplied MQ Advanced container images. We have also identified an issue in the IBM WebSphere Application Server Liberty component that is packaged with IBM supplied MQ Advanced container images. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-3521](<https://vulners.com/cve/CVE-2021-3521>) \n** DESCRIPTION: **RPM Project RPM could allow a remote attacker to bypass security restrictions, caused by improper validation the binding signature of subkeys prior to importing them. By persuading a victim to add a specially-crafted subkey to a legitimate public key, an attacker could exploit this vulnerability cause the victim to trust a malicious signature. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213411](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213411>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-3999](<https://vulners.com/cve/CVE-2021-3999>) \n** DESCRIPTION: **GNU glibc is vulnerable to an off-by-one buffer overflow and underflow, caused by improper bounds checking by the getcwd() function. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217981](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217981>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-39031](<https://vulners.com/cve/CVE-2021-39031>) \n** DESCRIPTION: **IBM WebSphere Application Server - Liberty 17.0.0.3 through 22.0.0.1 could allow a remote authenticated attacker to conduct an LDAP injection. By using a specially crafted request, an attacker could exploit this vulnerability and could result in in granting permission to unauthorized resources. IBM X-Force ID: 213875. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23219](<https://vulners.com/cve/CVE-2022-23219>) \n** DESCRIPTION: **GNU C Library (aka glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the clnt_create function in the sunrpc module. By sending a specially-crafted hostname argument, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23218](<https://vulners.com/cve/CVE-2022-23218>) \n** DESCRIPTION: **GNU C Library (aka glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the svcunix_create function in the sunrpc module. By sending a specially-crafted path argument, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM MQ Operator CD Release| v1.7.0 \nIBM MQ Operator EUS Release| v1.3.2 \nIBM MQ Advanced Server Container image| v9.2.4.0-r1,9.2.0.4-r1-eus \n \n## Remediation/Fixes\n\nIssues listed by this security bulletin are addressed in IBM MQ Operator v1.8.0 CD release that included IBM supplied MQ Advanced v9.2.5.0 container images and IBM MQ Operator v1.3.3 EUS release that included IBM supplied MQ Advanced v9.2.0.5 container images.\n\nIBM MQ Operator v1.8.0 CD release details:\n\n**Image **| **Fix Version**| **Registry**| **Image Location** \n---|---|---|--- \nibm-mq-operator| v1.8.0| icr.io| icr.io/cpopen/ibm-mq-operator@sha256:e53a119acde5773bd052257e2a6bb9780b954fb2a33c6879328a19b333abaf3e \nibm-mqadvanced-server| 9.2.5.0-r1| cp.icr.io| cp.icr.io/cp/ibm-mqadvanced-server@sha256:f12bfa6088ae7af3bcbf4377cd41818ab9160d90b232ed2d952327dea1b70e21 \nibm-mqadvanced-server-integration| 9.2.5.0-r1| cp.icr.io| cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:97d8d002ff34cd2a6d07f81f9104a3b8eb6eda6626e646e32b47f0fd108c6ad1 \nibm-mqadvanced-server-dev| 9.2.5.0-r1| icr.io| icr.io/ibm-messaging/mq@sha256:8236529768dfe9ab29f5a91a20a7b4b1f9dde1b54f21ff926769fb3e929d0bcc \n \nIBM MQ Operator v1.3.3 EUS release details:\n\n**Image **| **Fix Version**| **Registry**| **Image Location** \n---|---|---|--- \nibm-mq-operator| v1.3.3| icr.io| icr.io/cpopen/ibm-mq-operator@sha256:ecacd486bd170ad5ac3494ef3853670cb911cfbac676e175ba8b54b72e12a340 \nibm-mqadvanced-server-integration| 9.2.0.5-r1-eus| cp.icr.io| cp.icr.io/cp/ibm-mqadvanced-server-integration@sha256:7902ec5de627a7c6ea09d14ca9a672435bec9923a3d28e5c097cbe8385ba39a6 \n \nFor remediation, upgrading your current IBM MQ Operator and Queue managers to corresponding versions mentioned above will fix the vulnerabilities.\n\n \n \n\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-05-16T08:18:44", "type": "ibm", "title": "Security Bulletin: IBM MQ Operator and IBM supplied MQ Advanced container images are vulnerable to multiple issues from Red Hat UBI packages and the IBM WebSphere Application Server Liberty", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3521", "CVE-2021-39031", "CVE-2021-3999", "CVE-2022-23218", "CVE-2022-23219"], "modified": "2022-05-16T08:18:44", "id": "926EC2BBAF756385F2D7D4C5C98F9F630DFB49737FCEF5BB68A74EB910687527", "href": "https://www.ibm.com/support/pages/node/6569153", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T06:00:25", "description": "## Summary\n\nSecurity Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-21986](<https://vulners.com/cve/CVE-2022-21986>) \n** DESCRIPTION: **Microsoft .Net is vulnerable to a denial of service, caused by a flaw in the Kestrel Web Server. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218253](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218253>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-4122](<https://vulners.com/cve/CVE-2021-4122>) \n** DESCRIPTION: **Cryptsetup could allow a physical attacker to obtain sensitive information, caused by a flaw in the LUKS2 online reencryption is an optional extension. By modifying on-disk metadata to simulate decryption in progress with crashed (unfinished) reencryption step, an attacker could exploit this vulnerability to decrypt part of the LUKS device to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217238](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217238>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2021-3872](<https://vulners.com/cve/CVE-2021-3872>) \n** DESCRIPTION: **Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By sending a specially-crafted input using Clang 12 + ASan, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211573](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211573>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3984](<https://vulners.com/cve/CVE-2021-3984>) \n** DESCRIPTION: **Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/214373](<https://exchange.xforce.ibmcloud.com/vulnerabilities/214373>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-4019](<https://vulners.com/cve/CVE-2021-4019>) \n** DESCRIPTION: **Vim is vulnerable to a heap-based buffer overflow, caused by improper bounds checking. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/214374](<https://exchange.xforce.ibmcloud.com/vulnerabilities/214374>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-4192](<https://vulners.com/cve/CVE-2021-4192>) \n** DESCRIPTION: **Vim could allow a remote attacker to obtain sensitive information, caused by a use-after-free flaw. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216466](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216466>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-4193](<https://vulners.com/cve/CVE-2021-4193>) \n** DESCRIPTION: **Vim could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read. By persuading a victim to open a specially-crafted file, a remote attacker could exploit this vulnerability obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216465](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216465>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-3521](<https://vulners.com/cve/CVE-2021-3521>) \n** DESCRIPTION: **RPM Project RPM could allow a remote attacker to bypass security restrictions, caused by improper validation the binding signature of subkeys prior to importing them. By persuading a victim to add a specially-crafted subkey to a legitimate public key, an attacker could exploit this vulnerability cause the victim to trust a malicious signature. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213411](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213411>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N)\n\n## Affected Products and Versions\n\n**Affected Product(s)**| **Version(s) \n** \n---|--- \nIBM Robotic Process Automation for Cloud Pak| 21.0.2 \n \n \n\n\n## Remediation/Fixes\n\n**IBM strongly recommends addressing the vulnerability now.**\n\n**Product(s)**| **Version(s) number and/or range **| **Remediation/Fix/Instructions** \n---|---|--- \nIBM Robotic Process Automation for Cloud Pak| < 21.0.2.2| Follow [instructions](<https://www.ibm.com/docs/en/rpa/21.0?topic=platform-preparing-applying-upgraded-custom-resource> \"instructions\" ) to update to version 21.0.2.2 (2.1.0.2 IF002) or higher. \n \n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 5.9}, "published": "2022-08-20T18:34:23", "type": "ibm", "title": "Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3521", "CVE-2021-3872", "CVE-2021-3984", "CVE-2021-4019", "CVE-2021-4122", "CVE-2021-4192", "CVE-2021-4193", "CVE-2022-21986"], "modified": "2022-08-20T18:34:23", "id": "D56EBBD4671C81624AEF1C667DA00AAEE24DD2706C019B41D11E21168679B99D", "href": "https://www.ibm.com/support/pages/node/6614453", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T05:53:05", "description": "## Summary\n\nIBM Cloud Pak for Security includes components with multiple known vulnerabilities. These components have been updated in the latest release and the vulnerabilities have been addressed. \n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-24407](<https://vulners.com/cve/CVE-2022-24407>) \n** DESCRIPTION: **Cyrus SASL is vulnerable to SQL injection. A remote authenticated attacker could send a specially-crafted SQL statements to view, add, modify or delete information in the back-end database. \nCVSS Base score: 8.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/220223](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220223>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3521](<https://vulners.com/cve/CVE-2021-3521>) \n** DESCRIPTION: **RPM Project RPM could allow a remote attacker to bypass security restrictions, caused by improper validation the binding signature of subkeys prior to importing them. By persuading a victim to add a specially-crafted subkey to a legitimate public key, an attacker could exploit this vulnerability cause the victim to trust a malicious signature. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213411](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213411>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-45960](<https://vulners.com/cve/CVE-2021-45960>) \n** DESCRIPTION: **Expat (aka libexpat) is vulnerable to a denial of service, caused by a realloc misbehavior issue in the storeAtts function in xmlparse.c. By persuading a victim to open a specially-crafted XML content, a remote attacker could exploit this vulnerability to cause a the application to crash. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216473](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216473>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-46143](<https://vulners.com/cve/CVE-2021-46143>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of m_groupSize in doProlog in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216875](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216875>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22822](<https://vulners.com/cve/CVE-2022-22822>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of addBinding in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216908](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216908>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22823](<https://vulners.com/cve/CVE-2022-22823>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of build_model in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216907](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216907>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22824](<https://vulners.com/cve/CVE-2022-22824>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of defineAttribute in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216906](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216906>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22825](<https://vulners.com/cve/CVE-2022-22825>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of lookup in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216905](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216905>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22826](<https://vulners.com/cve/CVE-2022-22826>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of nextScaffoldPart in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216904](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216904>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-22827](<https://vulners.com/cve/CVE-2022-22827>) \n** DESCRIPTION: **Expat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow of storeAtts in xmlparse.c. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216901](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216901>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23852](<https://vulners.com/cve/CVE-2022-23852>) \n** DESCRIPTION: **Expat (aka libexpat) could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the XML_GetBuffer function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/218007](<https://exchange.xforce.ibmcloud.com/vulnerabilities/218007>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-25235](<https://vulners.com/cve/CVE-2022-25235>) \n** DESCRIPTION: **libexpat is vulnerable to a denial of service, caused by improper input validation in xmltok_impl.c. By persuading a victim to open a specially-crafted content with malformed encoding, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219782](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219782>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-25236](<https://vulners.com/cve/CVE-2022-25236>) \n** DESCRIPTION: **libexpat is vulnerable to a denial of service, caused by improper protection against insertion of namesep characters into namespace URIs in xmlparse.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219784](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219784>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-25315](<https://vulners.com/cve/CVE-2022-25315>) \n** DESCRIPTION: **libexpat could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in storeRawNames. By persuading a victim to open a specially-crafted file, an attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/219945](<https://exchange.xforce.ibmcloud.com/vulnerabilities/219945>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-1271](<https://vulners.com/cve/CVE-2022-1271>) \n** DESCRIPTION: **GNU gzip could allow a remote authenticated attacker to bypass security restrictions, caused by improper validation of file name by the zgrep utility. By using a specially-crafted file name, an attacker could exploit this vulnerability to write arbitrary files on the system. \nCVSS Base score: 7.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/223754](<https://exchange.xforce.ibmcloud.com/vulnerabilities/223754>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nIBM Cloud Pak for Security (CP4S)| 1.10.0.0 - 1.10.1.0 \n \n \n\n\n## Remediation/Fixes\n\n**IBM strongly encourages customers to update their systems promptly.**\n\nPlease upgrade to at least CP4S 1.10.2.0 following these instructions: <https://www.ibm.com/docs/en/cloud-paks/cp-security/1.10?topic=installing-upgrading-cloud-pak-security>\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-11-09T18:38:30", "type": "ibm", "title": "Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.0, "vectorString": "AV:N/AC:L/Au:S/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3521", "CVE-2021-45960", "CVE-2021-46143", "CVE-2022-1271", "CVE-2022-22822", "CVE-2022-22823", "CVE-2022-22824", "CVE-2022-22825", "CVE-2022-22826", "CVE-2022-22827", "CVE-2022-23852", "CVE-2022-24407", "CVE-2022-25235", "CVE-2022-25236", "CVE-2022-25315"], "modified": "2022-11-09T18:38:30", "id": "65A8186C2C8977929AF35D5602314B8018A488990BBF80CB537C3CBEB0B7BEC3", "href": "https://www.ibm.com/support/pages/node/6838291", "cvss": {"score": 9.0, "vector": "AV:N/AC:L/Au:S/C:C/I:C/A:C"}}, {"lastseen": "2023-06-24T06:03:47", "description": "## Summary\n\nNetcool Operations Insight v1.6.4 contains fixes for multiple security vulnerabilities, listed in the CVEs below.\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2021-23450](<https://vulners.com/cve/CVE-2021-23450>) \n** DESCRIPTION: **Dojo could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the setObject function. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/216463](<https://exchange.xforce.ibmcloud.com/vulnerabilities/216463>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3521](<https://vulners.com/cve/CVE-2021-3521>) \n** DESCRIPTION: **RPM Project RPM could allow a remote attacker to bypass security restrictions, caused by improper validation the binding signature of subkeys prior to importing them. By persuading a victim to add a specially-crafted subkey to a legitimate public key, an attacker could exploit this vulnerability cause the victim to trust a malicious signature. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213411](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213411>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-4122](<https://vulners.com/cve/CVE-2021-4122>) \n** DESCRIPTION: **Cryptsetup could allow a physical attacker to obtain sensitive information, caused by a flaw in the LUKS2 online reencryption is an optional extension. By modifying on-disk metadata to simulate decryption in progress with crashed (unfinished) reencryption step, an attacker could exploit this vulnerability to decrypt part of the LUKS device to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217238](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217238>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2022-21248](<https://vulners.com/cve/CVE-2022-21248>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 3.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217543](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217543>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-21277](<https://vulners.com/cve/CVE-2022-21277>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217572](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217572>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21282](<https://vulners.com/cve/CVE-2022-21282>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the JAXP component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217577](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217577>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-21283](<https://vulners.com/cve/CVE-2022-21283>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217578](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217578>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21291](<https://vulners.com/cve/CVE-2022-21291>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217586](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217586>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-21293](<https://vulners.com/cve/CVE-2022-21293>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217588](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217588>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21294](<https://vulners.com/cve/CVE-2022-21294>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217589](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217589>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21296](<https://vulners.com/cve/CVE-2022-21296>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the JAXP component could allow an unauthenticated attacker to obtain sensitive information resulting in a low confidentiality impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217591](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217591>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2022-21299](<https://vulners.com/cve/CVE-2022-21299>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the JAXP component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217594](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217594>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21305](<https://vulners.com/cve/CVE-2022-21305>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow an unauthenticated attacker to cause no confidentiality impact, low integrity impact, and no availability impact. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217600](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217600>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-21340](<https://vulners.com/cve/CVE-2022-21340>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Libraries component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217635](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217635>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21341](<https://vulners.com/cve/CVE-2022-21341>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the Serialization component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217636](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217636>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21360](<https://vulners.com/cve/CVE-2022-21360>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217654](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217654>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21365](<https://vulners.com/cve/CVE-2022-21365>) \n** DESCRIPTION: **An unspecified vulnerability in Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217659](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217659>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-21366](<https://vulners.com/cve/CVE-2022-21366>) \n** DESCRIPTION: **An unspecified vulnerability in Oracle Java SE related to the ImageIO component could allow an unauthenticated attacker to cause a denial of service resulting in a low availability impact using unknown attack vectors. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217660](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217660>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-33503](<https://vulners.com/cve/CVE-2021-33503>) \n** DESCRIPTION: **urllib3 is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw due to catastrophic backtracking. By sending a specially-crafted URL request, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203109](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203109>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2019-14540](<https://vulners.com/cve/CVE-2019-14540>) \n** DESCRIPTION: **FasterXML jackson-databind could allow a remote attacker to obtain sensitive information, caused by a polymorphic typing issue in com.zaxxer.hikari.HikariConfig. A remote attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/167354](<https://exchange.xforce.ibmcloud.com/vulnerabilities/167354>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\n## Affected Products and Versions\n\nAffected Product(s)| Version(s) \n---|--- \nNetcool Operations Insight| 1.4.x \nNetcool Operations Insight| 1.5.x \nNetcool Operations Insight| 1.6.x \n \n## Remediation/Fixes\n\nNetcool Operations Insight v1.6.4 can be deployed on-premises, on a supported cloud platform, or on a hybrid cloud and on-premises architecture. \n\nPlease go to <https://www.ibm.com/docs/en/noi/1.6.4?topic=installing> to follow the installation instructions relevant to your chosen architecture.\n\n## Workarounds and Mitigations\n\nNone\n\n## ", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-06-14T15:48:07", "type": "ibm", "title": "Security Bulletin: Netcool Operations Insight v1.6.4 contains fixes for multiple security vulnerabilities.", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-14540", "CVE-2021-23450", "CVE-2021-33503", "CVE-2021-3521", "CVE-2021-4122", "CVE-2022-21248", "CVE-2022-21277", "CVE-2022-21282", "CVE-2022-21283", "CVE-2022-21291", "CVE-2022-21293", "CVE-2022-21294", "CVE-2022-21296", "CVE-2022-21299", "CVE-2022-21305", "CVE-2022-21340", "CVE-2022-21341", "CVE-2022-21360", "CVE-2022-21365", "CVE-2022-21366"], "modified": "2022-06-14T15:48:07", "id": "65575758CE6E879BDCFD17ADB708B2448CDF9C00E078AEFB1967358BF519C078", "href": "https://www.ibm.com/support/pages/node/6594459", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-06-24T05:49:14", "description": "## Summary\n\nIBM Cloud Pak for Security includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version of Cloud Pak for Security (CP4S).\n\n## Vulnerability Details\n\n** CVEID: **[CVE-2022-29824](<https://vulners.com/cve/CVE-2022-29824>) \n** DESCRIPTION: **GNOME libxml2 is vulnerable to a denial of service, caused by an integer overflows in several buffer handling functions in buf.c (xmlBuf*) and tree.c (xmlBuffer*). By persuading a victim to open a specially-crafted XML file, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225645](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225645>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2022-23308](<https://vulners.com/cve/CVE-2022-23308>) \n** DESCRIPTION: **libxml2 is vulnerable to a denial of service, caused by a use-after-free in the ID and IDREF attributes. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/220772](<https://exchange.xforce.ibmcloud.com/vulnerabilities/220772>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-36087](<https://vulners.com/cve/CVE-2021-36087>) \n** DESCRIPTION: **SELinux Project SELinux is vulnerable to a denial of service, caused by a heap-based buffer over-read in ebitmap_match_any. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204796](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204796>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36086](<https://vulners.com/cve/CVE-2021-36086>) \n** DESCRIPTION: **SELinux Project SELinux is vulnerable to a denial of service, caused by a use-after-free in cil_reset_classpermission . By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204795](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204795>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36085](<https://vulners.com/cve/CVE-2021-36085>) \n** DESCRIPTION: **SELinux Project SELinux is vulnerable to a denial of service, caused by a use-after-free in __cil_verify_classperms. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204794](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204794>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-36084](<https://vulners.com/cve/CVE-2021-36084>) \n** DESCRIPTION: **SELinux Project SELinux is vulnerable to a denial of service, caused by a use-after-free in __cil_verify_classperms. By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 6.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/204792](<https://exchange.xforce.ibmcloud.com/vulnerabilities/204792>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-17595](<https://vulners.com/cve/CVE-2019-17595>) \n** DESCRIPTION: **GNU ncurses could allow a remote attacker to obtain sensitive information, caused by a heap-based buffer over-read in the fmt_entry function in tinfo/comp_hash.c in the terminfo library. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168972](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168972>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-17594](<https://vulners.com/cve/CVE-2019-17594>) \n** DESCRIPTION: **GNU ncurses could allow a remote attacker to obtain sensitive information, caused by a heap-based buffer over-read in the _nc_find_entry function in tinfo/comp_hash.c in the terminfo library. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/168970](<https://exchange.xforce.ibmcloud.com/vulnerabilities/168970>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2021-20270](<https://vulners.com/cve/CVE-2021-20270>) \n** DESCRIPTION: **Pygments is vulnerable to a denial of service, caused by an infinite loop in SMLLexer. By performing syntax highlighting of an SML source file, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198758](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198758>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-27291](<https://vulners.com/cve/CVE-2021-27291>) \n** DESCRIPTION: **pygments is vulnerable to a denial of service. By persuading a victim to open a specially-crafted ODIN file using the \"<\" character, a remote attacker could exploit this vulnerability to cause the application to process the file for an extended time. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198308](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198308>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-20673](<https://vulners.com/cve/CVE-2018-20673>) \n** DESCRIPTION: **GNU Binutils is vulnerable to a heap-based buffer overflow, caused by an integer overflow in the demangle_template function in cplus-dem.c. By persuading a victim to open a specially-crafted file, a remote attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/155168](<https://exchange.xforce.ibmcloud.com/vulnerabilities/155168>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2022-23457](<https://vulners.com/cve/CVE-2022-23457>) \n** DESCRIPTION: **ESAPI could allow a remote authenticated attacker to bypass security restrictions, caused by a flaw in the default implementation of `Validator.getValidDirectoryPath(String, String, File, boolean)`. By sending a specially-crafted request, an attacker could exploit this vulnerability to bypass control-flow. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225192](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225192>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-24891](<https://vulners.com/cve/CVE-2022-24891>) \n** DESCRIPTION: **ESAPI is vulnerable to cross-site scripting, caused by incorrect regular expression for onsiteURL in the antisamy-esapi.xml configuration file. A remote attacker could exploit this vulnerability using a specially-crafted URL to execute script in a victim's Web browser within the security context of the hosting Web site, once the URL is clicked. An attacker could use this vulnerability to steal the victim's cookie-based authentication credentials. \nCVSS Base score: 6.1 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/225344](<https://exchange.xforce.ibmcloud.com/vulnerabilities/225344>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N) \n \n** CVEID: **[CVE-2020-13435](<https://vulners.com/cve/CVE-2020-13435>) \n** DESCRIPTION: **SQLite is vulnerable to a denial of service, caused by flaw in the sqlite3ExprCodeTarget function in expr.c. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause a segmentation fault. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182406](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182406>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2019-19603](<https://vulners.com/cve/CVE-2019-19603>) \n** DESCRIPTION: **An error during handling of CREATE TABLE and CREATE VIEW statements in SQLite has an unknown impact via a specially crafted table name. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172765](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172765>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-5827](<https://vulners.com/cve/CVE-2019-5827>) \n** DESCRIPTION: **Google Chrome could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds access in SQLite. By persuading a victim to visit a specially-crafted Web site, a remote attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. \nCVSS Base score: 6.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/160450](<https://exchange.xforce.ibmcloud.com/vulnerabilities/160450>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2019-13751](<https://vulners.com/cve/CVE-2019-13751>) \n** DESCRIPTION: **Google Chrome could allow a remote attacker to obtain sensitive information, caused by uninitialized use in SQLite. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to obtain sensitive information from process memory. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172987](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172987>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N) \n \n** CVEID: **[CVE-2019-13750](<https://vulners.com/cve/CVE-2019-13750>) \n** DESCRIPTION: **Google Chrome could allow a remote attacker to bypass security restrictions, caused by insufficient data validation in SQLite. By persuading a victim to visit a specially crafted Web site, an attacker could exploit this vulnerability to bypass defense-in-depth measures. \nCVSS Base score: 4.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/172986](<https://exchange.xforce.ibmcloud.com/vulnerabilities/172986>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) \n \n** CVEID: **[CVE-2022-36083](<https://vulners.com/cve/CVE-2022-36083>) \n** DESCRIPTION: **Node.js jose module is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted request using the p2c JOSE Header Parameter, a remote attacker could exploit this vulnerability to consume unreasonable amount of CPU time, and results in a denial of service condition. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/235579](<https://exchange.xforce.ibmcloud.com/vulnerabilities/235579>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2022-23219](<https://vulners.com/cve/CVE-2022-23219>) \n** DESCRIPTION: **GNU C Library (aka glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the clnt_create function in the sunrpc module. By sending a specially-crafted hostname argument, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217303](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217303>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2022-23218](<https://vulners.com/cve/CVE-2022-23218>) \n** DESCRIPTION: **GNU C Library (aka glibc) is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the svcunix_create function in the sunrpc module. By sending a specially-crafted path argument, a local attacker could overflow a buffer and execute arbitrary code or cause a denial of service on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217302](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217302>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-3999](<https://vulners.com/cve/CVE-2021-3999>) \n** DESCRIPTION: **GNU glibc is vulnerable to an off-by-one buffer overflow and underflow, caused by improper bounds checking by the getcwd() function. By sending a specially-crafted request, a local authenticated attacker could overflow a buffer and execute arbitrary code on the system. \nCVSS Base score: 8.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217981](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217981>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-35942](<https://vulners.com/cve/CVE-2021-35942>) \n** DESCRIPTION: **GNU C Library (aka glibc) could allow a local attacker to obtain sensitive information, caused by a flaw when called with an untrusted, crafted pattern in thewordexp function. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain read arbitrary memory in parse_param (in posix/wordexp.c), or cause the application to crash. \nCVSS Base score: 7.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/206317](<https://exchange.xforce.ibmcloud.com/vulnerabilities/206317>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H) \n \n** CVEID: **[CVE-2021-33574](<https://vulners.com/cve/CVE-2021-33574>) \n** DESCRIPTION: **GNU C Library (aka glibc) is vulnerable to a denial of service, caused by a use-after-free flaw in the mq_notify function. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/202550](<https://exchange.xforce.ibmcloud.com/vulnerabilities/202550>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-27645](<https://vulners.com/cve/CVE-2021-27645>) \n** DESCRIPTION: **GNU glibc is vulnerable to a denial of service, caused by double-free in the nameserver caching daemon (nscd). By sending a specially-crafted request, a local attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/197417](<https://exchange.xforce.ibmcloud.com/vulnerabilities/197417>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2018-25032](<https://vulners.com/cve/CVE-2018-25032>) \n** DESCRIPTION: **Zlib is vulnerable to a denial of service, caused by a memory corruption in the deflate operation. By using many distant matches, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222615](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222615>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-23177](<https://vulners.com/cve/CVE-2021-23177>) \n** DESCRIPTION: **libarchive could allow a local attacker to gain elevated privileges on the system, caused by an improper link resolution flaw. By using a specially-crafted archive file, an attacker could exploit this vulnerability to change the ACL of a file on the system and gain elevated privileges. \nCVSS Base score: 6.6 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222216](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222216>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:L) \n \n** CVEID: **[CVE-2021-31566](<https://vulners.com/cve/CVE-2021-31566>) \n** DESCRIPTION: **libarchive could allow a local attacker to gain elevated privileges on the system, caused by an improper link resolution flaw. By using a specially-crafted archive file, an attacker could exploit this vulnerability to change modes, times, access control lists, and flags of a file on the system to gain elevated privileges. \nCVSS Base score: 4.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/222218](<https://exchange.xforce.ibmcloud.com/vulnerabilities/222218>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L) \n \n** CVEID: **[CVE-2022-25878](<https://vulners.com/cve/CVE-2022-25878>) \n** DESCRIPTION: **Node.js protobufjs module could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution flaw. By adding or modifying properties of Object.prototype using a __proto__ or constructor payload, an attacker could exploit this vulnerability to execute arbitrary code or cause a denial of service condition on the system. \nCVSS Base score: 8.2 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/227327](<https://exchange.xforce.ibmcloud.com/vulnerabilities/227327>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L) \n \n** CVEID: **[CVE-2020-12762](<https://vulners.com/cve/CVE-2020-12762>) \n** DESCRIPTION: **json-c could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow and out-of-bounds write. By persuading a victim to run a specially crafted file, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/182094](<https://exchange.xforce.ibmcloud.com/vulnerabilities/182094>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-4122](<https://vulners.com/cve/CVE-2021-4122>) \n** DESCRIPTION: **Cryptsetup could allow a physical attacker to obtain sensitive information, caused by a flaw in the LUKS2 online reencryption is an optional extension. By modifying on-disk metadata to simulate decryption in progress with crashed (unfinished) reencryption step, an attacker could exploit this vulnerability to decrypt part of the LUKS device to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/217238](<https://exchange.xforce.ibmcloud.com/vulnerabilities/217238>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N) \n \n** CVEID: **[CVE-2021-40528](<https://vulners.com/cve/CVE-2021-40528>) \n** DESCRIPTION: **GnuPG Libgcrypt could allow a remote attacker to bypass security restrictions, caused by a flaw in the ElGamal implementation. By sending a specially-crafted request, an attacker could exploit this vulnerability to perform a cross-configuration attack against OpenPGP. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208744](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208744>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-33560](<https://vulners.com/cve/CVE-2021-33560>) \n** DESCRIPTION: **GnuPG Libgcrypt could allow a remote attacker to obtain sensitive information, caused by improper handling of ElGamal encryption. By using side-channel attack techniques against mpi_powm, and the window size, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203266](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203266>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-37616](<https://vulners.com/cve/CVE-2022-37616>) \n** DESCRIPTION: **xmldom could allow a remote attacker to execute arbitrary code on the system, caused by a prototype pollution in the dom.js script. By sending a specially-crafted request, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 9.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/238439](<https://exchange.xforce.ibmcloud.com/vulnerabilities/238439>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2021-28153](<https://vulners.com/cve/CVE-2021-28153>) \n** DESCRIPTION: **GNOME GLib could allow a remote attacker to bypass security restrictions, caused by a flaw when g_file_replace() function is used with G_FILE_CREATE_REPLACE_DESTINATION to replace a path that is a dangling symlink. By persuading a victim to open a specially-crafted ZIP archive, an attacker could exploit this vulnerability to overwrite arbitrary files on the sytem. \nCVSS Base score: 5.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/198147](<https://exchange.xforce.ibmcloud.com/vulnerabilities/198147>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-3800](<https://vulners.com/cve/CVE-2021-3800>) \n** DESCRIPTION: **GNOME GLib could allow a local attacker to obtain sensitive information, caused by a random charset alias issue. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain content from files owned by privileged users, and use this information to launch further attacks against the affected system. \nCVSS Base score: 4.7 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/213409](<https://exchange.xforce.ibmcloud.com/vulnerabilities/213409>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-3572](<https://vulners.com/cve/CVE-2021-3572>) \n** DESCRIPTION: **pip package for python could allow a remote authenticated attacker to bypass security restrictions, caused by the improper handling of Unicode separators in git references. By creating a specially crafted tag, an attacker could exploit this vulnerability to install a different revision on a repository. \nCVSS Base score: 4.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208954](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208954>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:N/I:H/A:N) \n \n** CVEID: **[CVE-2021-42771](<https://vulners.com/cve/CVE-2021-42771>) \n** DESCRIPTION: **Python-Babel Babel could allow a local authenticated attacker to traverse directories on the system, caused by a flaw in the Babel.Locale function. An attacker could load a specially-crafted .dat file containing \"dot dot\" sequences (/../) to execute arbitrary code on the system. \nCVSS Base score: 7.8 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/211766](<https://exchange.xforce.ibmcloud.com/vulnerabilities/211766>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2019-20838](<https://vulners.com/cve/CVE-2019-20838>) \n** DESCRIPTION: **PCRE is vulnerable to a denial of service, caused by a buffer over-read in JIT. By sending a specially-crafted request, a remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/185645](<https://exchange.xforce.ibmcloud.com/vulnerabilities/185645>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2020-14155](<https://vulners.com/cve/CVE-2020-14155>) \n** DESCRIPTION: **PCRE could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in libpcre. By sending a request with a large number, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause the application to crash. \nCVSS Base score: 7.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/183499](<https://exchange.xforce.ibmcloud.com/vulnerabilities/183499>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L) \n \n** CVEID: **[CVE-2020-28493](<https://vulners.com/cve/CVE-2020-28493>) \n** DESCRIPTION: **Pallets jinja2 is vulnerable to a denial of service, caused by a regular expression denial of service (ReDoS) flaw in the email regex. By sending a specially-crafted input, a remote attacker could exploit this vulnerability to cause a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/195894](<https://exchange.xforce.ibmcloud.com/vulnerabilities/195894>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3200](<https://vulners.com/cve/CVE-2021-3200>) \n** DESCRIPTION: **Libsolv is vulnerable to a denial of service, caused by a buffer overflow in the testcase_read function. By persuading a victim to open a specially file, a remote attacker could overflow a buffer and cause the application to crash. \nCVSS Base score: 3.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203837](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203837>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2021-25214](<https://vulners.com/cve/CVE-2021-25214>) \n** DESCRIPTION: **ISC BIND is vulnerable to a denial of service, caused by a broken inbound incremental zone update (IXFR). By sending a specially crafted IXFR, an attacker could exploit this vulnerability to trigger a failed assertion check and terminate the named process. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200961](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200961>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-25219](<https://vulners.com/cve/CVE-2021-25219>) \n** DESCRIPTION: **ISC BIND is vulnerable to a denial of service, caused by a flaw in response processing. By abusing a lame cache, an attacker could exploit this vulnerability to cause a named resolver to spend most of its CPU time on managing and checking the lame cache and severely degrade resolver performance. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/212375](<https://exchange.xforce.ibmcloud.com/vulnerabilities/212375>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-36049](<https://vulners.com/cve/CVE-2020-36049>) \n** DESCRIPTION: **Socket.IO socket.io-parser is vulnerable to a denial of service, caused by improper input validation. By sending a specially-crafted packet, a remote attacker could exploit this vulnerability to cause a memory consumption, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/194533](<https://exchange.xforce.ibmcloud.com/vulnerabilities/194533>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-29446](<https://vulners.com/cve/CVE-2021-29446>) \n** DESCRIPTION: **jose-node-cjs-runtime could allow a remote attacker to obtain sensitive information, caused by observable timing discrepancy in AES_CBC_HMAC_SHA2 Algorithm. By performing a padding oracle attack, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200209](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200209>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-29445](<https://vulners.com/cve/CVE-2021-29445>) \n** DESCRIPTION: **jose-node-esm-runtime could allow a remote attacker to obtain sensitive information, caused by observable timing discrepancy in AES_CBC_HMAC_SHA2 Algorithm. By performing a padding oracle attack, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200210](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200210>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2021-29444](<https://vulners.com/cve/CVE-2021-29444>) \n** DESCRIPTION: **jose-browser-runtime could allow a remote attacker to obtain sensitive information, caused by observable timing discrepancy in AES_CBC_HMAC_SHA2 Algorithm. By performing a padding oracle attack, an attacker could exploit this vulnerability to obtain sensitive information. \nCVSS Base score: 5.9 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/200211](<https://exchange.xforce.ibmcloud.com/vulnerabilities/200211>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N) \n \n** CVEID: **[CVE-2022-0778](<https://vulners.com/cve/CVE-2022-0778>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a flaw in the BN_mod_sqrt() function when parsing certificates. By using a specially-crafted certificate with invalid explicit curve parameters, a remote attacker could exploit this vulnerability to cause an infinite loop, and results in a denial of service condition. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/221911](<https://exchange.xforce.ibmcloud.com/vulnerabilities/221911>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-23841](<https://vulners.com/cve/CVE-2021-23841>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by a NULL pointer dereference in the X509_issuer_and_serial_hash() function. By parsing the issuer field, an attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196847](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196847>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-23840](<https://vulners.com/cve/CVE-2021-23840>) \n** DESCRIPTION: **OpenSSL is vulnerable to a denial of service, caused by an integer overflow in CipherUpdate. By sending an overly long argument, an attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score: 7.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/196848](<https://exchange.xforce.ibmcloud.com/vulnerabilities/196848>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) \n \n** CVEID: **[CVE-2021-3712](<https://vulners.com/cve/CVE-2021-3712>) \n** DESCRIPTION: **OpenSSL could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read when processing ASN.1 strings. By sending specially crafted data, an attacker could exploit this vulnerability to read contents of memory on the system or perform a denial of service attack. \nCVSS Base score: 6.5 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/208073](<https://exchange.xforce.ibmcloud.com/vulnerabilities/208073>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L) \n \n** CVEID: **[CVE-2021-3445](<https://vulners.com/cve/CVE-2021-3445>) \n** DESCRIPTION: **libdnf could allow a remote authenticated attacker to execute arbitrary code on the system, caused by a flaw in signature verification functionality. By placing a signature in the main header, an attacker could exploit this vulnerability to execute arbitrary code on the system. \nCVSS Base score: 6.4 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/203146](<https://exchange.xforce.ibmcloud.com/vulnerabilities/203146>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H) \n \n** CVEID: **[CVE-2020-24370](<https://vulners.com/cve/CVE-2020-24370>) \n** DESCRIPTION: **Lua is vulnerable to a denial of service, caused by a negation overflow and segmentation fault in getlocal and setlocal. A remote attacker could exploit this vulnerability to cause a denial of service. \nCVSS Base score: 5.3 \nCVSS Temporal Score: See: [ https://exchange.xforce.ibmcloud.com/vulnerabilities/186868](<https://exchange.xforce.ibmcloud.com/vulnerabilities/186868>) for the current score. \nCVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L) \n \n** CVEID: **[CVE-2020-16135](<https://vulners.com/cve/CVE-2020-16135>) \n** DESCRIPTION: **Libssh is vulnerable to a denial of service, caused by a NULL pointer dereference in tftpserver.c if ssh_buffer_new returns NULL. A remote attacker could exploit this vulnerability to cause the application to crash. \nCVSS Base score:
GLSA-202210-22 : RPM: Multiple Vulnerabilities
