Vulners
Lucene search
MiracleLinux 7 : shim-15-8.el7 (AXSA:2020-250:01)
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2020-250:01.
##
include('compat.inc');
if (description)
{
script_id(294080);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/21");
script_cve_id(
"CVE-2020-10713",
"CVE-2020-14308",
"CVE-2020-14309",
"CVE-2020-14310",
"CVE-2020-14311",
"CVE-2020-15705",
"CVE-2020-15706",
"CVE-2020-15707"
);
script_xref(name:"IAVA", value:"2020-A-0349");
script_xref(name:"CEA-ID", value:"CEA-2020-0061");
script_name(english:"MiracleLinux 7 : shim-15-8.el7 (AXSA:2020-250:01)");
script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2020-250:01 advisory.
* grub2: Crafted grub.cfg file can lead to arbitrary code execution during boot process (CVE-2020-10713)
* grub2: grub_malloc does not validate allocation size allowing for arithmetic overflow and subsequent
heap-based buffer overflow (CVE-2020-14308)
* grub2: Integer overflow in grub_squash_read_symlink may lead to heap-based buffer overflow
(CVE-2020-14309)
* grub2: Integer overflow read_section_as_string may lead to heap-based buffer overflow (CVE-2020-14310)
* grub2: Integer overflow in grub_ext2_read_link leads to heap-based buffer overflow (CVE-2020-14311)
* grub2: Fail kernel validation without shim protocol (CVE-2020-15705)
* grub2: Use-after-free redefining a function whilst the same function is already executing
(CVE-2020-15706)
* grub2: Integer overflow in initrd size handling (CVE-2020-15707)
CVE-2020-10713
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when
announcing a new security problem. When the candidate has been publicized, the details for this candidate
will be provided.
CVE-2020-14308
In grub2 versions before 2.06 the grub memory allocator doesn't check for possible arithmetic overflows on
the requested allocation size. This leads the function to return invalid memory allocations which can be
further used to cause possible integrity, confidentiality and availability impacts during the boot
process.
CVE-2020-14309
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when
announcing a new security problem. When the candidate has been publicized, the details for this candidate
will be provided.
CVE-2020-14310
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when
announcing a new security problem. When the candidate has been publicized, the details for this candidate
will be provided.
CVE-2020-14311
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when
announcing a new security problem. When the candidate has been publicized, the details for this candidate
will be provided.
CVE-2020-15705
GRUB2 fails to validate kernel signature when booted directly without shim, allowing secure boot to be
bypassed. This only affects systems where the kernel signing certificate has been imported directly into
the secure boot database and the GRUB image is booted directly without the use of shim. This issue affects
GRUB2 version 2.04 and prior versions.
CVE-2020-15706
GRUB2 contains a race condition in grub_script_function_create() leading to a use-after-free vulnerability
which can be triggered by redefining a function whilst the same function is already executing, leading to
arbitrary code execution and secure boot restriction bypass. This issue affects GRUB2 version 2.04 and
prior versions.
CVE-2020-15707
Integer overflows were discovered in the functions grub_cmd_initrd and grub_initrd_init in the efilinux
component of GRUB2, as shipped in Debian, Red Hat, and Ubuntu (the functionality is not included in GRUB2
upstream), leading to a heap-based buffer overflow. These could be triggered by an extremely large number
of arguments to the initrd command on 32-bit architectures, or a crafted filesystem with very large files
on any architecture. An attacker could use this to execute arbitrary code and bypass UEFI Secure Boot
restrictions. This issue affects GRUB2 version 2.04 and prior versions.
Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/11431");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-14309");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-10713");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vendor_severity", value:"Moderate");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/07/29");
script_set_attribute(attribute:"patch_publication_date", value:"2020/08/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/20");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:mokutil");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:shim-ia32");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:shim-unsigned-ia32");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:shim-unsigned-x64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:shim-x64");
script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:7");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Miracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm2.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^7([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 7.x', 'MIRACLE LINUX ' + os_version);
if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);
var constraints = [
{
'release': '7',
'pkgs': [
{'reference':'mokutil-15-8.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'shim-ia32-15-8.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'shim-unsigned-ia32-15-8.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'shim-unsigned-x64-15-8.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'shim-x64-15-8.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
]
}
];
var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');
var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
# Check that the target release is equal to the affected release
if (!empty_or_null(constraint['release'])){
if (constraint['release'] != os_release) continue;
}
if (!empty_or_null(constraint['sp'])){
if (constraint['sp'] != os_sp) continue;
}
foreach var pkg ( constraint['pkgs'] ) {
reference = NULL;
sp = NULL;
_cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
exists_check = NULL;
cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
## (no known rpm to check OR known rpm_exists)
(!exists_check || rpm_exists(rpm:exists_check)) &&
rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mokutil / shim-ia32 / shim-unsigned-ia32 / shim-unsigned-x64 / etc');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
21 Jan 2026 00:00Current
8.3High risk
Vulners AI Score8.3
CVSS 24.6
CVSS 3.16.4 - 8.2
EPSS0.00369