Huawei EulerOS PyYAML package vulnerability (EulerOS-SA-2021-1168) advisor
Reporter | Title | Published | Views | Family All 153 |
---|---|---|---|---|
Fedora | [SECURITY] Fedora 32 Update: PyYAML-5.4.1-1.fc32 | 30 Jan 202101:42 | – | fedora |
Fedora | [SECURITY] Fedora 33 Update: PyYAML-5.4.1-1.fc33 | 23 Jan 202101:32 | – | fedora |
Redos | ROS-2-534 | 8 Sep 202100:00 | – | redos |
Redos | ROS-2-860 | 13 Mar 202400:00 | – | redos |
Redos | ROS-2-1261 | 24 Dec 202100:00 | – | redos |
Redos | ROS-2-1562 | 8 Sep 202100:00 | – | redos |
Redos | ROS-2-894 | 13 Mar 202400:00 | – | redos |
Redos | ROS-2-1209 | 24 Dec 202100:00 | – | redos |
Redos | ROS-2-1482 | 24 Dec 202100:00 | – | redos |
Redos | ROS-2-1449 | 8 Sep 202100:00 | – | redos |
Source | Link |
---|---|
developer | www.developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html |
# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2021.1168");
script_cve_id("CVE-2020-14343");
script_tag(name:"creation_date", value:"2021-02-02 07:45:12 +0000 (Tue, 02 Feb 2021)");
script_version("2024-02-05T14:36:56+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:56 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2021-02-16 16:22:15 +0000 (Tue, 16 Feb 2021)");
script_name("Huawei EulerOS: Security Advisory for PyYAML (EulerOS-SA-2021-1168)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2021 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP8");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2021-1168");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2021-1168");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'PyYAML' package(s) announced via the EulerOS-SA-2021-1168 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. This flaw allows an attacker to execute arbitrary code on the system by abusing the python/object/new constructor.(CVE-2020-14343)");
script_tag(name:"affected", value:"'PyYAML' package(s) on Huawei EulerOS V2.0SP8.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROS-2.0SP8") {
if(!isnull(res = isrpmvuln(pkg:"python2-pyyaml", rpm:"python2-pyyaml~4.2~0.1.b4.h5.eulerosv2r8", rls:"EULEROS-2.0SP8"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"python3-pyyaml", rpm:"python3-pyyaml~4.2~0.1.b4.h5.eulerosv2r8", rls:"EULEROS-2.0SP8"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo