Vulners
Lucene search
MiracleLinux 7 : shim-signed-15.8-1.el7, shim-15.8-3.el7 (AXSA:2024-7742:01)
10
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2024-7742:01.
##
include('compat.inc');
if (description)
{
script_id(292577);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/20");
script_cve_id(
"CVE-2023-40546",
"CVE-2023-40547",
"CVE-2023-40548",
"CVE-2023-40549",
"CVE-2023-40550",
"CVE-2023-40551"
);
script_name(english:"MiracleLinux 7 : shim-signed-15.8-1.el7, shim-15.8-3.el7 (AXSA:2024-7742:01)");
script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2024-7742:01 advisory.
shim: RCE in http boot support may lead to Secure Boot bypass (CVE-2023-40547)
shim: Interger overflow leads to heap buffer overflow in verify_sbat_section on 32-bits systems
(CVE-2023-40548)
shim: Out-of-bounds read printing error messages (CVE-2023-40546)
shim: Out-of-bounds read in verify_buffer_authenticode() malformed PE file (CVE-2023-40549)
shim: Out-of-bound read in verify_buffer_sbat() (CVE-2023-40550)
shim: out of bounds read when parsing MZ binaries (CVE-2023-40551)
CVEs:
CVE-2023-40546
A flaw was found in Shim when an error happened while creating a new ESL variable. If Shim fails to create
the new variable, it tries to print an error message to the user; however, the number of parameters used
by the logging function doesn't match the format string used by it, leading to a crash under certain
circumstances.
CVE-2023-40547
A remote code execution vulnerability was found in Shim. The Shim boot support trusts attacker-controlled
values when parsing an HTTP response. This flaw allows an attacker to craft a specific malicious HTTP
request, leading to a completely controlled out-of-bounds write primitive and complete system compromise.
This flaw is only exploitable during the early boot phase, an attacker needs to perform a Man-in-the-
Middle or compromise the boot server to be able to exploit this vulnerability successfully.
CVE-2023-40548
A buffer overflow was found in Shim in the 32-bit system. The overflow happens due to an addition
operation involving a user-controlled value parsed from the PE binary being used by Shim. This value is
further used for memory allocation operations, leading to a heap-based buffer overflow. This flaw causes
memory corruption and can lead to a crash or data integrity issues during the boot phase.
CVE-2023-40549
An out-of-bounds read flaw was found in Shim due to the lack of proper boundary verification during the
load of a PE binary. This flaw allows an attacker to load a crafted PE binary, triggering the issue and
crashing Shim, resulting in a denial of service.
CVE-2023-40550
An out-of-bounds read flaw was found in Shim when it tried to validate the SBAT information. This issue
may expose sensitive data during the system's boot phase.
CVE-2023-40551
A flaw was found in the MZ binary format in Shim. An out-of-bounds read may occur, leading to a crash or
possible exposure of sensitive data during the system's boot phase.
Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/18926");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:A/AC:H/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-40547");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vendor_severity", value:"High");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/12/11");
script_set_attribute(attribute:"patch_publication_date", value:"2024/05/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/20");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:mokutil");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:shim-ia32");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:shim-unsigned-ia32");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:shim-unsigned-x64");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:shim-x64");
script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:7");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Miracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm2.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^7([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 7.x', 'MIRACLE LINUX ' + os_version);
if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);
var constraints = [
{
'release': '7',
'pkgs': [
{'reference':'mokutil-15.8-1.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'shim-ia32-15.8-1.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'shim-unsigned-ia32-15.8-3.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'shim-unsigned-x64-15.8-3.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'shim-x64-15.8-1.el7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
]
}
];
var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');
var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
# Check that the target release is equal to the affected release
if (!empty_or_null(constraint['release'])){
if (constraint['release'] != os_release) continue;
}
if (!empty_or_null(constraint['sp'])){
if (constraint['sp'] != os_sp) continue;
}
foreach var pkg ( constraint['pkgs'] ) {
reference = NULL;
sp = NULL;
_cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
exists_check = NULL;
cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
## (no known rpm to check OR known rpm_exists)
(!exists_check || rpm_exists(rpm:exists_check)) &&
rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mokutil / shim-ia32 / shim-unsigned-ia32 / shim-unsigned-x64 / etc');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
20 Jan 2026 00:00Current
6.8Medium risk
Vulners AI Score6.8
CVSS 3.18.3
EPSS0.03784
SSVC