Lucene search
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2023-2493)
🗓️ 31 Jul 2023 00:00:00Reported by Copyright (C) 2023 Greenbone AGType 
openvas🔗 plugins.openvas.org👁 8 Views
Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2023-2493) - Type confusion and X.509 certificate chain verification vulnerabilitie
Show more
| Reporter | Title | Published | Views | Family All 199 |
|---|---|---|---|---|
| Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2023-2468) | 31 Jul 202300:00 | – | openvas |
| SUSE: Security Advisory (SUSE-SU-2023:1747-1) | 5 Apr 202300:00 | – | openvas |
| SUSE: Security Advisory (SUSE-SU-2023:1748-1) | 5 Apr 202300:00 | – | openvas |
| SUSE: Security Advisory (SUSE-SU-2023:1754-1) | 5 Apr 202300:00 | – | openvas |
| SUSE: Security Advisory (SUSE-SU-2023:1738-1) | 4 Apr 202300:00 | – | openvas |
| Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1793) | 3 Jun 202400:00 | – | openvas |
| Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2024-1720) | 30 May 202400:00 | – | openvas |
| Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2023-2022) | 1 Jun 202300:00 | – | openvas |
| Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2023-1850) | 10 May 202300:00 | – | openvas |
| Huawei EulerOS: Security Advisory for openssl (EulerOS-SA-2023-1875) | 10 May 202300:00 | – | openvas |
10
| Source | Link |
|---|---|
| developer | www.developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html |
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2023.2493");
script_cve_id("CVE-2023-0286", "CVE-2023-0464");
script_tag(name:"creation_date", value:"2023-07-31 04:15:11 +0000 (Mon, 31 Jul 2023)");
script_version("2024-02-05T14:36:57+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:57 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"7.8");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-03-29 19:37:35 +0000 (Wed, 29 Mar 2023)");
script_name("Huawei EulerOS: Security Advisory for shim (EulerOS-SA-2023-2493)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROSVIRT\-2\.10\.0");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2023-2493");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2023-2493");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'shim' package(s) announced via the EulerOS-SA-2023-2493 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.(CVE-2023-0286)
A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. Attackers may be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems. Policy processing is disabled by default but can be enabled by passing the `-policy' argument to the command line utilities or by calling the `X509_VERIFY_PARAM_set1_policies()' function.(CVE-2023-0464)");
script_tag(name:"affected", value:"'shim' package(s) on Huawei EulerOS Virtualization release 2.10.0.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROSVIRT-2.10.0") {
if(!isnull(res = isrpmvuln(pkg:"shim", rpm:"shim~15~20.h9.eulerosv2r10", rls:"EULEROSVIRT-2.10.0"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo31 Jul 2023 00:00Current
8.2High risk
Vulners AI Score8.2
CVSS37.5
EPSS0.91013
SSVC