7.1 High
AI Score
Confidence
High
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.4%
The remote host is missing an update for the Huawei EulerOS
# SPDX-FileCopyrightText: 2020 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2016.1018");
script_cve_id("CVE-2015-2925", "CVE-2015-7613");
script_tag(name:"creation_date", value:"2020-01-23 10:38:16 +0000 (Thu, 23 Jan 2020)");
script_version("2024-02-05T14:36:55+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:55 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"6.9");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_name("Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2016-1018)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2020 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP1");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2016-1018");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2016-1018");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'kernel' package(s) announced via the EulerOS-SA-2016-1018 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system.(CVE-2015-2925)
A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to elevate their privileges on the system.(CVE-2015-7613)");
script_tag(name:"affected", value:"'kernel' package(s) on Huawei EulerOS V2.0SP1.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROS-2.0SP1") {
if(!isnull(res = isrpmvuln(pkg:"kernel", rpm:"kernel~3.10.0~229.24.2.55", rls:"EULEROS-2.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~3.10.0~229.24.2.55", rls:"EULEROS-2.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~3.10.0~229.24.2.55", rls:"EULEROS-2.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-debuginfo-common-x86_64", rpm:"kernel-debuginfo-common-x86_64~3.10.0~229.24.2.55", rls:"EULEROS-2.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~3.10.0~229.24.2.55", rls:"EULEROS-2.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-headers", rpm:"kernel-headers~3.10.0~229.24.2.55", rls:"EULEROS-2.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-tools", rpm:"kernel-tools~3.10.0~229.24.2.55", rls:"EULEROS-2.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-tools-libs", rpm:"kernel-tools-libs~3.10.0~229.24.2.55", rls:"EULEROS-2.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perf", rpm:"perf~3.10.0~229.24.2.55", rls:"EULEROS-2.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-perf", rpm:"python-perf~3.10.0~229.24.2.55", rls:"EULEROS-2.0SP1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);