Lucene search
Copyright (C) 2020 Greenbone AGOPENVAS:1361412562311220161018HistoryJan 23, 2020 - 12:00 a.m.
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2016-1018)
2020-01-2300:00:00
Copyright (C) 2020 Greenbone AG
plugins.openvas.org
11
7.1 High
AI Score
Confidence
High
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.4%
The remote host is missing an update for the Huawei EulerOS
# SPDX-FileCopyrightText: 2020 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2016.1018");
script_cve_id("CVE-2015-2925", "CVE-2015-7613");
script_tag(name:"creation_date", value:"2020-01-23 10:38:16 +0000 (Thu, 23 Jan 2020)");
script_version("2024-02-05T14:36:55+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:55 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"6.9");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_name("Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2016-1018)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2020 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP1");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2016-1018");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2016-1018");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'kernel' package(s) announced via the EulerOS-SA-2016-1018 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"A flaw was found in the way the Linux kernel's file system implementation handled rename operations in which the source was inside and the destination was outside of a bind mount. A privileged user inside a container could use this flaw to escape the bind mount and, potentially, escalate their privileges on the system.(CVE-2015-2925)
A race condition flaw was found in the way the Linux kernel's IPC subsystem initialized certain fields in an IPC object structure that were later used for permission checking before inserting the object into a globally visible list. A local, unprivileged user could potentially use this flaw to elevate their privileges on the system.(CVE-2015-7613)");
script_tag(name:"affected", value:"'kernel' package(s) on Huawei EulerOS V2.0SP1.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROS-2.0SP1") {
if(!isnull(res = isrpmvuln(pkg:"kernel", rpm:"kernel~3.10.0~229.24.2.55", rls:"EULEROS-2.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~3.10.0~229.24.2.55", rls:"EULEROS-2.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~3.10.0~229.24.2.55", rls:"EULEROS-2.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-debuginfo-common-x86_64", rpm:"kernel-debuginfo-common-x86_64~3.10.0~229.24.2.55", rls:"EULEROS-2.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~3.10.0~229.24.2.55", rls:"EULEROS-2.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-headers", rpm:"kernel-headers~3.10.0~229.24.2.55", rls:"EULEROS-2.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-tools", rpm:"kernel-tools~3.10.0~229.24.2.55", rls:"EULEROS-2.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"kernel-tools-libs", rpm:"kernel-tools-libs~3.10.0~229.24.2.55", rls:"EULEROS-2.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"perf", rpm:"perf~3.10.0~229.24.2.55", rls:"EULEROS-2.0SP1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python-perf", rpm:"python-perf~3.10.0~229.24.2.55", rls:"EULEROS-2.0SP1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
Fedora 23 : kernel-4.2.3-300.fc23 (2015-43145298f4)
2016-03-04 00:00:00
EulerOS 2.0 SP1 : kernel (EulerOS-SA-2016-1018)
2017-05-01 00:00:00
Fedora 21 : kernel-4.1.10-100.fc21 (2015-d7e074ba30)
2016-03-04 00:00:00
fedora
fedora
[SECURITY] Fedora 23 Update: kernel-4.2.3-300.fc23
2015-10-09 06:18:58
[SECURITY] Fedora 21 Update: kernel-4.1.10-100.fc21
2015-11-01 22:25:14
[SECURITY] Fedora 22 Update: kernel-4.1.10-200.fc22
2015-10-09 10:30:07
openvas
openvas
Debian: Security Advisory (DLA-325-1)
2023-03-08 00:00:00
Debian: Security Advisory (DSA-3372-1)
2015-10-12 00:00:00
Ubuntu: Security Advisory (USN-2796-1)
2015-11-06 00:00:00
debian
debian
[SECURITY] [DLA 325-1] linux-2.6 security update
2015-10-12 17:20:28
[SECURITY] [DSA 3372-1] linux security update
2015-10-13 09:55:29
[SECURITY] [DSA 3372-1] linux security update
2015-10-13 09:55:29
osv
osv
linux-2.6 - security update
2015-10-12 00:00:00
linux - security update
2015-10-13 00:00:00
linux - security update
2015-09-21 00:00:00
redhat
redhat
(RHSA-2015:2587) Important: kernel security, bug fix, and enhancement update
2015-12-09 08:43:06
(RHSA-2015:2636) Important: kernel security and bug fix update
2015-12-15 00:00:00
ubuntu
ubuntu
Linux kernel (OMAP4) vulnerabilities
2015-11-05 00:00:00
Linux kernel vulnerabilities
2015-11-05 00:00:00
Linux kernel (Trusty HWE) vulnerability
2015-10-05 00:00:00
amazon
amazon
Medium: kernel
2015-10-27 13:40:00
centos
centos
kernel, perf, python security update
2015-12-16 00:07:51
kernel, perf, python security update
2015-11-30 19:36:22
f5
f5
K90230486 : Linux kernel vulnerability CVE-2015-7613
2015-12-03 00:00:00
SOL90230486 - Linux kernel vulnerability CVE-2015-7613
2015-12-03 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2015-12-15 00:00:00
Unbreakable Enterprise kernel security update
2015-11-27 00:00:00
Unbreakable Enterprise kernel security update
2016-01-08 00:00:00
debiancve
debiancve
CVE-2015-7613
2015-10-19 10:59:00
CVE-2015-2925
2015-11-16 11:59:00
prion
prion
Race condition
2015-10-19 10:59:00
Design/Logic Flaw
2015-11-16 11:59:00
Design/Logic Flaw
2016-01-06 19:59:00
ubuntucve
ubuntucve
cve
cve
suse
suse
Security update for Linux Kernel Live Patch 5 (important)
2015-11-24 19:10:26
Security update for Linux Kernel Live Patch 6 (important)
2015-11-24 19:13:10
Security update for Linux Kernel Live Patch 3 (important)
2015-11-24 19:15:29
veracode
veracode
Improper Access Control
2019-05-02 05:20:50
cloudfoundry
cloudfoundry
USN-2798-1 Linux kernel vulnerability | Cloud Foundry
2015-11-12 00:00:00
securityvulns
securityvulns
[SECURITY] [DSA 3364-1] linux security update
2015-10-05 00:00:00
Linux kernel multiple security vulnerabilities
2015-09-21 00:00:00
ibm
ibm
Security Bulletin: Vulnerabilities in the Linux kernel affect PowerKVM
2018-06-18 01:33:24
androidsecurity
androidsecurity
Nexus Security BulletinβJanuary 2016
2016-01-04 00:00:00
lenovo
lenovo
AMI MegaRAC SP-X BMC Vulnerabilities - Lenovo Support US
2020-04-13 19:22:04
7.1 High
AI Score
Confidence
High
6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
9.4%
Related for OPENVAS:1361412562311220161018