Lucene search
Copyright (C) 2020 Greenbone AGOPENVAS:1361412562311220201921HistorySep 04, 2020 - 12:00 a.m.
Huawei EulerOS: Security Advisory for ksh (EulerOS-SA-2020-1921)
2020-09-0400:00:00
Copyright (C) 2020 Greenbone AG
plugins.openvas.org
3
The remote host is missing an update for the Huawei EulerOS
# SPDX-FileCopyrightText: 2020 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2020.1921");
script_cve_id("CVE-2019-14868");
script_tag(name:"creation_date", value:"2020-09-04 16:34:44 +0000 (Fri, 04 Sep 2020)");
script_version("2024-02-05T14:36:56+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:56 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"7.2");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2020-04-03 21:10:31 +0000 (Fri, 03 Apr 2020)");
script_name("Huawei EulerOS: Security Advisory for ksh (EulerOS-SA-2020-1921)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2020 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP5");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2020-1921");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2020-1921");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'ksh' package(s) announced via the EulerOS-SA-2020-1921 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"In ksh version 20120801, a flaw was found in the way it evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables could allow them to exploit this issue remotely.(CVE-2019-14868)");
script_tag(name:"affected", value:"'ksh' package(s) on Huawei EulerOS V2.0SP5.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROS-2.0SP5") {
if(!isnull(res = isrpmvuln(pkg:"ksh", rpm:"ksh~20120801~137.h4.eulerosv2r7", rls:"EULEROS-2.0SP5"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
Scientific Linux Security Update : ksh on SL6.x i386/x86_64 (20200217)
2020-02-18 00:00:00
RHEL 7 : ksh (RHSA-2020:2210)
2020-05-20 00:00:00
EulerOS 2.0 SP9 : ksh (EulerOS-SA-2021-1266)
2021-02-05 00:00:00
osv
osv
ksh - security update
2020-07-21 00:00:00
CVE-2019-14868
2020-04-02 17:15:13
openvas
openvas
Huawei EulerOS: Security Advisory for ksh (EulerOS-SA-2020-1583)
2020-05-26 00:00:00
CentOS: Security Advisory for ksh (CESA-2020:0568)
2020-02-27 00:00:00
Huawei EulerOS: Security Advisory for ksh (EulerOS-SA-2020-2446)
2020-11-05 00:00:00
redhat
redhat
(RHSA-2020:5351) Important: ksh security update
2020-12-07 10:51:15
(RHSA-2020:0515) Important: ksh security update
2020-02-17 08:03:18
(RHSA-2020:0559) Important: ksh security update
2020-02-20 09:48:48
fedora
fedora
[SECURITY] Fedora 30 Update: ksh-2020.0.0-2.fc30
2020-02-16 01:09:45
[SECURITY] Fedora 31 Update: ksh-2020.0.0-2.fc31
2020-02-16 01:30:26
centos
centos
ksh security update
2020-02-18 16:29:10
ksh security update
2020-02-26 17:14:16
redhatcve
redhatcve
CVE-2019-14868
2020-04-01 14:08:51
debian
debian
[SECURITY] [DLA 2284-1] ksh security update
2020-07-20 21:44:57
mageia
mageia
Updated ksh packages fix security vulnerability
2021-03-17 14:01:53
rosalinux
rosalinux
Advisory ROSA-SA-2021-1860
2021-07-02 17:08:19
cve
cve
CVE-2019-14868
2020-04-02 17:15:00
cvelist
cvelist
CVE-2019-14868
2020-04-02 16:48:57
prion
prion
Design/Logic Flaw
2020-04-02 17:15:00
oraclelinux
oraclelinux
ksh security update
2020-02-18 00:00:00
ksh security update
2020-02-25 00:00:00
ksh security update
2020-02-20 00:00:00
veracode
veracode
Arbitrary Code Execution
2020-02-06 00:26:26
freebsd
freebsd
ubuntucve
ubuntucve
CVE-2019-14868
2020-04-02 00:00:00
debiancve
debiancve
CVE-2019-14868
2020-04-02 17:15:00
archlinux
archlinux
[ASA-202002-4] ksh: arbitrary command execution
2020-02-08 00:00:00
7.8 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
56.8%
Related for OPENVAS:1361412562311220201921