Lucene search
Copyright (C) 2023 Greenbone AGOPENVAS:1361412562311220233399HistoryDec 14, 2023 - 12:00 a.m.
Huawei EulerOS: Security Advisory for iscsi-initiator-utils (EulerOS-SA-2023-3399)
2023-12-1400:00:00
Copyright (C) 2023 Greenbone AG
plugins.openvas.org
3
huawei euleros
iscsi-initiator-utils
security advisory
cve-2017-17840
buffer overflows
code execution
vendor fix
package vulnerability
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%
The remote host is missing an update for the Huawei EulerOS
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2023.3399");
script_cve_id("CVE-2017-17840");
script_tag(name:"creation_date", value:"2023-12-14 04:31:45 +0000 (Thu, 14 Dec 2023)");
script_version("2024-02-05T14:36:57+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:57 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"4.6");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2018-01-11 18:52:46 +0000 (Thu, 11 Jan 2018)");
script_name("Huawei EulerOS: Security Advisory for iscsi-initiator-utils (EulerOS-SA-2023-3399)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROSVIRT\-3\.0\.6\.6");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2023-3399");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2023-3399");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'iscsi-initiator-utils' package(s) announced via the EulerOS-SA-2023-3399 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"An issue was discovered in Open-iSCSI through 2.0.875. A local attacker can cause the iscsiuio server to abort or potentially execute code by sending messages with incorrect lengths, which (due to lack of checking) can lead to buffer overflows, and result in aborts (with overflow checking enabled) or code execution. The process_iscsid_broadcast function in iscsiuio/src/unix/iscsid_ipc.c does not validate the payload length before a write operation.(CVE-2017-17840)");
script_tag(name:"affected", value:"'iscsi-initiator-utils' package(s) on Huawei EulerOS Virtualization 3.0.6.6.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROSVIRT-3.0.6.6") {
if(!isnull(res = isrpmvuln(pkg:"iscsi-initiator-utils", rpm:"iscsi-initiator-utils~6.2.0.874~8.h18.eulerosv2r7", rls:"EULEROSVIRT-3.0.6.6"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"iscsi-initiator-utils-iscsiuio", rpm:"iscsi-initiator-utils-iscsiuio~6.2.0.874~8.h18.eulerosv2r7", rls:"EULEROSVIRT-3.0.6.6"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
redhatcve
redhatcve
CVE-2017-17840
2017-12-26 22:19:37
nessus
nessus
RHEL 6 : iscsi-initiator-utils (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 7 : iscsi-initiator-utils (Unpatched Vulnerability)
2024-05-11 00:00:00
EulerOS 2.0 SP3 : iscsi-initiator-utils (EulerOS-SA-2019-2596)
2019-12-18 00:00:00
osv
osv
CVE-2017-17840
2017-12-27 17:08:19
prion
prion
Buffer overflow
2017-12-27 17:08:00
debiancve
debiancve
CVE-2017-17840
2022-10-03 16:23:20
openvas
openvas
veracode
veracode
Arbitrary Code Execution
2018-05-14 08:16:06
nvd
nvd
CVE-2017-17840
2017-12-27 17:08:19
cvelist
cvelist
CVE-2017-17840
2022-10-03 16:23:20
cve
cve
CVE-2017-17840
2022-10-03 16:23:20
ubuntucve
ubuntucve
CVE-2017-17840
2017-12-27 00:00:00
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.0004 Low
EPSS
Percentile
5.1%
Related for OPENVAS:1361412562311220233399