Lucene search
Copyright (C) 2024 Greenbone AGOPENVAS:1361412562311220241018HistoryJan 05, 2024 - 12:00 a.m.
Huawei EulerOS: Security Advisory for mdadm (EulerOS-SA-2024-1018)
2024-01-0500:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
huawei
euleros
mdadm
cve-2023-28938
cve-2023-28736
denial of service
escalation of privilege
update
vulnerability
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.2%
The remote host is missing an update for the Huawei EulerOS
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2024.1018");
script_cve_id("CVE-2023-28736", "CVE-2023-28938");
script_tag(name:"creation_date", value:"2024-01-05 04:21:19 +0000 (Fri, 05 Jan 2024)");
script_version("2024-02-05T14:36:57+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:57 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"6.5");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:M/C:C/I:C/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-08-21 16:51:39 +0000 (Mon, 21 Aug 2023)");
script_name("Huawei EulerOS: Security Advisory for mdadm (EulerOS-SA-2024-1018)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROSVIRT\-2\.9\.0");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2024-1018");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2024-1018");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'mdadm' package(s) announced via the EulerOS-SA-2024-1018 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Uncontrolled resource consumption in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a priviledged user to potentially enable denial of service via local access.(CVE-2023-28938)
Buffer overflow in some Intel(R) SSD Tools software before version mdadm-4.2-rc2 may allow a privileged user to potentially enable escalation of privilege via local access.(CVE-2023-28736)");
script_tag(name:"affected", value:"'mdadm' package(s) on Huawei EulerOS Virtualization release 2.9.0.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROSVIRT-2.9.0") {
if(!isnull(res = isrpmvuln(pkg:"mdadm", rpm:"mdadm~4.1~rc2.0.9.h3.r3.eulerosv2r9", rls:"EULEROSVIRT-2.9.0"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
nessus
nessus
RHEL 7 : mdadm (Unpatched Vulnerability)
2024-05-11 00:00:00
SUSE SLES12 Security Update : mdadm (SUSE-SU-2023:3691-1)
2023-09-21 00:00:00
EulerOS 2.0 SP9 : mdadm (EulerOS-SA-2023-3345)
2024-01-16 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for mdadm (EulerOS-SA-2024-1659)
2024-05-16 00:00:00
Huawei EulerOS: Security Advisory for mdadm (EulerOS-SA-2023-3313)
2023-12-12 00:00:00
openSUSE: Security Advisory for mdadm (SUSE-SU-2023:3953-1)
2024-03-04 00:00:00
amazon
amazon
Medium: mdadm
2023-09-27 22:48:00
intel
intel
Intelยฎ SSD Tools Software Advisory
2023-08-08 00:00:00
veracode
veracode
Denial Of Service (DoS)
2023-09-08 08:05:40
Buffer Overflows
2023-09-08 06:42:07
nvd
nvd
CVE-2023-28938
2023-08-11 03:15:27
CVE-2023-28736
2023-08-11 03:15:25
cvelist
cvelist
CVE-2023-28938
2023-08-11 02:36:51
CVE-2023-28736
2023-08-11 02:36:51
cve
cve
CVE-2023-28938
2023-08-11 03:15:27
CVE-2023-28736
2023-08-11 03:15:25
prion
prion
Code injection
2023-08-11 03:15:00
Buffer overflow
2023-08-11 03:15:00
osv
osv
CVE-2023-28938
2023-08-11 03:15:27
CVE-2023-28736
2023-08-11 03:15:25
redhatcve
redhatcve
CVE-2023-28938
2023-08-16 19:18:59
CVE-2023-28736
2023-08-16 19:18:50
cbl_mariner
cbl_mariner
CVE-2023-28938 affecting package mdadm for versions less than 4.2-1
2024-03-19 17:21:46
CVE-2023-28736 affecting package mdadm for versions less than 4.2-1
2024-03-19 17:21:46
ubuntucve
ubuntucve
CVE-2023-28938
2023-08-11 00:00:00
CVE-2023-28736
2023-08-11 00:00:00
debiancve
debiancve
CVE-2023-28938
2023-08-11 03:15:27
CVE-2023-28736
2023-08-11 03:15:25
alpinelinux
alpinelinux
CVE-2023-28938
2023-08-11 03:15:27
CVE-2023-28736
2023-08-11 03:15:25
6.7 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
6.6 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
9.2%
Related for OPENVAS:1361412562311220241018