The remote host is missing an update for the Huawei EulerOS
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2022.2593");
script_cve_id("CVE-2022-0563");
script_tag(name:"creation_date", value:"2022-10-12 04:41:33 +0000 (Wed, 12 Oct 2022)");
script_version("2024-02-05T14:36:57+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:57 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"1.9");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:P/I:N/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-03-07 17:22:25 +0000 (Mon, 07 Mar 2022)");
script_name("Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2022-2593)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROSVIRTARM64\-3\.0\.6\.0");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2022-2593");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2022-2593");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'util-linux' package(s) announced via the EulerOS-SA-2022-2593 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an 'INPUTRC' environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.(CVE-2022-0563)");
script_tag(name:"affected", value:"'util-linux' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.6.0.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROSVIRTARM64-3.0.6.0") {
if(!isnull(res = isrpmvuln(pkg:"libblkid", rpm:"libblkid~2.32.1~1.h15.eulerosv2r8", rls:"EULEROSVIRTARM64-3.0.6.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libblkid-devel", rpm:"libblkid-devel~2.32.1~1.h15.eulerosv2r8", rls:"EULEROSVIRTARM64-3.0.6.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfdisk", rpm:"libfdisk~2.32.1~1.h15.eulerosv2r8", rls:"EULEROSVIRTARM64-3.0.6.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfdisk-devel", rpm:"libfdisk-devel~2.32.1~1.h15.eulerosv2r8", rls:"EULEROSVIRTARM64-3.0.6.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libmount", rpm:"libmount~2.32.1~1.h15.eulerosv2r8", rls:"EULEROSVIRTARM64-3.0.6.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsmartcols", rpm:"libsmartcols~2.32.1~1.h15.eulerosv2r8", rls:"EULEROSVIRTARM64-3.0.6.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsmartcols-devel", rpm:"libsmartcols-devel~2.32.1~1.h15.eulerosv2r8", rls:"EULEROSVIRTARM64-3.0.6.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libuuid", rpm:"libuuid~2.32.1~1.h15.eulerosv2r8", rls:"EULEROSVIRTARM64-3.0.6.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libuuid-devel", rpm:"libuuid-devel~2.32.1~1.h15.eulerosv2r8", rls:"EULEROSVIRTARM64-3.0.6.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"util-linux", rpm:"util-linux~2.32.1~1.h15.eulerosv2r8", rls:"EULEROSVIRTARM64-3.0.6.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"util-linux-user", rpm:"util-linux-user~2.32.1~1.h15.eulerosv2r8", rls:"EULEROSVIRTARM64-3.0.6.0"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"uuidd", rpm:"uuidd~2.32.1~1.h15.eulerosv2r8", rls:"EULEROSVIRTARM64-3.0.6.0"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);