Lucene search
Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2023-2450)
🗓️ 31 Jul 2023 00:00:00Reported by Copyright (C) 2023 Greenbone AGType 
openvas🔗 plugins.openvas.org👁 15 Views
Huawei EulerOS: Security Advisory for glibc packag
Show more
| Reporter | Title | Published | Views | Family All 61 |
|---|---|---|---|---|
 | EulerOS 2.0 SP9 : glibc (EulerOS-SA-2023-1867) | 13 May 202300:00 | – | nessus |
| EulerOS Virtualization 2.11.0 : glibc (EulerOS-SA-2023-2121) | 7 Jun 202300:00 | – | nessus |
| EulerOS Virtualization 2.11.1 : glibc (EulerOS-SA-2023-2069) | 7 Jun 202300:00 | – | nessus |
| EulerOS 2.0 SP10 : glibc (EulerOS-SA-2023-1952) | 18 May 202300:00 | – | nessus |
| EulerOS Virtualization 2.9.0 : glibc (EulerOS-SA-2023-2017) | 2 Jun 202300:00 | – | nessus |
| EulerOS 2.0 SP9 : glibc (EulerOS-SA-2023-1842) | 13 May 202300:00 | – | nessus |
| EulerOS Virtualization 2.9.1 : glibc (EulerOS-SA-2023-1996) | 2 Jun 202300:00 | – | nessus |
| EulerOS 2.0 SP11 : glibc (EulerOS-SA-2023-2290) | 4 Jul 202300:00 | – | nessus |
| Photon OS 4.0: Glibc PHSA-2024-4.0-0551 | 24 Jul 202400:00 | – | nessus |
| EulerOS 2.0 SP10 : glibc (EulerOS-SA-2023-1974) | 18 May 202300:00 | – | nessus |
10
| Source | Link |
|---|---|
| developer | www.developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html |
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2023.2450");
script_cve_id("CVE-2023-0687");
script_tag(name:"creation_date", value:"2023-07-31 04:15:11 +0000 (Mon, 31 Jul 2023)");
script_version("2024-02-05T14:36:57+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:57 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"4.0");
script_tag(name:"cvss_base_vector", value:"AV:A/AC:H/Au:S/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-02-14 18:52:59 +0000 (Tue, 14 Feb 2023)");
script_name("Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2023-2450)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROSVIRT\-2\.10\.1");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2023-2450");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2023-2450");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'glibc' package(s) announced via the EulerOS-SA-2023-2450 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"** DISPUTED ** A vulnerability was found in GNU C Library 2.38. It has been declared as critical. This vulnerability affects the function __monstartup of the file gmon.c of the component Call Graph Monitor. The manipulation leads to buffer overflow. It is recommended to apply a patch to fix this issue. VDB-220246 is the identifier assigned to this vulnerability. NOTE: The real existence of this vulnerability is still doubted at the moment. The inputs that induce this vulnerability are basically addresses of the running application that is built with gmon enabled. It's basically trusted input or input that needs an actual security flaw to be compromised or controlled.(CVE-2023-0687)");
script_tag(name:"affected", value:"'glibc' package(s) on Huawei EulerOS Virtualization release 2.10.1.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROSVIRT-2.10.1") {
if(!isnull(res = isrpmvuln(pkg:"glibc", rpm:"glibc~2.28~63.h71.eulerosv2r10", rls:"EULEROSVIRT-2.10.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"glibc-all-langpacks", rpm:"glibc-all-langpacks~2.28~63.h71.eulerosv2r10", rls:"EULEROSVIRT-2.10.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"glibc-common", rpm:"glibc-common~2.28~63.h71.eulerosv2r10", rls:"EULEROSVIRT-2.10.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"glibc-locale-source", rpm:"glibc-locale-source~2.28~63.h71.eulerosv2r10", rls:"EULEROSVIRT-2.10.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libnsl", rpm:"libnsl~2.28~63.h71.eulerosv2r10", rls:"EULEROSVIRT-2.10.1"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"nscd", rpm:"nscd~2.28~63.h71.eulerosv2r10", rls:"EULEROSVIRT-2.10.1"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo31 Jul 2023 00:00Current
9.6High risk
Vulners AI Score9.6
CVSS24
CVSS34.6 - 9.8
EPSS0.00052
SSVC