Huawei EulerOS 'squashfs-tools' package updat
Reporter | Title | Published | Views | Family All 153 |
---|---|---|---|---|
Tenable Nessus | EulerOS 2.0 SP10 : squashfs-tools (EulerOS-SA-2022-1235) | 25 Feb 202200:00 | – | nessus |
Tenable Nessus | EulerOS 2.0 SP8 : squashfs-tools (EulerOS-SA-2021-2814) | 25 Dec 202100:00 | – | nessus |
Tenable Nessus | Photon OS 4.0: Squashfs PHSA-2022-4.0-0166 | 23 Jul 202400:00 | – | nessus |
Tenable Nessus | RHEL 9 : squashfs-tools (RHSA-2024:2396) | 30 Apr 202400:00 | – | nessus |
Tenable Nessus | CentOS 8 : squashfs-tools (CESA-2024:3139) | 22 May 202400:00 | – | nessus |
Tenable Nessus | EulerOS Virtualization 3.0.6.6 : squashfs-tools (EulerOS-SA-2022-1147) | 12 Feb 202200:00 | – | nessus |
Tenable Nessus | GLSA-202305-29 : squashfs-tools: Multiple Vulnerabilities | 30 May 202300:00 | – | nessus |
Tenable Nessus | Oracle Linux 8 : squashfs-tools (ELSA-2024-3139) | 28 May 202400:00 | – | nessus |
Tenable Nessus | Ubuntu 16.04 ESM : Squashfs-Tools vulnerabilities (USN-5078-2) | 15 Sep 202100:00 | – | nessus |
Tenable Nessus | Debian DLA-2789-1 : squashfs-tools - LTS security update | 21 Oct 202100:00 | – | nessus |
Source | Link |
---|---|
developer | www.developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html |
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2022.1039");
script_cve_id("CVE-2021-41072");
script_tag(name:"creation_date", value:"2022-01-28 03:17:04 +0000 (Fri, 28 Jan 2022)");
script_version("2024-02-05T14:36:56+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:56 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"5.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2021-09-24 18:39:50 +0000 (Fri, 24 Sep 2021)");
script_name("Huawei EulerOS: Security Advisory for squashfs-tools (EulerOS-SA-2022-1039)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP9\-X86_64");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2022-1039");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2022-1039");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'squashfs-tools' package(s) announced via the EulerOS-SA-2022-1039 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"squashfs_opendir in unsquash-2.c in Squashfs-Tools 4.5 allows Directory Traversal, a different vulnerability than CVE-2021-40153. A squashfs filesystem that has been crafted to include a symbolic link and then contents under the same filename in a filesystem can cause unsquashfs to first create the symbolic link pointing outside the expected directory, and then the subsequent write operation will cause the unsquashfs process to write through the symbolic link elsewhere in the filesystem.(CVE-2021-41072)");
script_tag(name:"affected", value:"'squashfs-tools' package(s) on Huawei EulerOS V2.0SP9(x86_64).");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROS-2.0SP9-x86_64") {
if(!isnull(res = isrpmvuln(pkg:"squashfs-tools", rpm:"squashfs-tools~4.4~1.h1.r3.eulerosv2r9", rls:"EULEROS-2.0SP9-x86_64"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo