Lucene search
Copyright (C) 2024 Greenbone AGOPENVAS:1361412562311220241374HistoryMar 14, 2024 - 12:00 a.m.
Huawei EulerOS: Security Advisory for avahi (EulerOS-SA-2024-1374)
2024-03-1400:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
2
huawei
euleros
avahi
package
vulnerabilities
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.1 Medium
AI Score
Confidence
High
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
8.3%
The remote host is missing an update for the Huawei EulerOS
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2024.1374");
script_cve_id("CVE-2023-38469", "CVE-2023-38470", "CVE-2023-38471", "CVE-2023-38472", "CVE-2023-38473");
script_tag(name:"creation_date", value:"2024-03-14 04:23:39 +0000 (Thu, 14 Mar 2024)");
script_version("2024-03-14T05:06:59+0000");
script_tag(name:"last_modification", value:"2024-03-14 05:06:59 +0000 (Thu, 14 Mar 2024)");
script_tag(name:"cvss_base", value:"4.6");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:S/C:N/I:N/A:C");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-11-09 17:46:40 +0000 (Thu, 09 Nov 2023)");
script_name("Huawei EulerOS: Security Advisory for avahi (EulerOS-SA-2024-1374)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROSVIRT\-2\.10\.0");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2024-1374");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2024-1374");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'avahi' package(s) announced via the EulerOS-SA-2024-1374 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"A vulnerability was found in Avahi, where a reachable assertion exists in avahi_dns_packet_append_record.(CVE-2023-38469)
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_escape_label() function.(CVE-2023-38470)
A vulnerability was found in Avahi. A reachable assertion exists in the dbus_set_host_name function.(CVE-2023-38471)
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_rdata_parse() function.(CVE-2023-38472)
A vulnerability was found in Avahi. A reachable assertion exists in the avahi_alternative_host_name() function.(CVE-2023-38473)");
script_tag(name:"affected", value:"'avahi' package(s) on Huawei EulerOS Virtualization release 2.10.0.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROSVIRT-2.10.0") {
if(!isnull(res = isrpmvuln(pkg:"avahi-libs", rpm:"avahi-libs~0.8~1.h13.eulerosv2r10", rls:"EULEROSVIRT-2.10.0"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
osv
osv
avahi vulnerabilities
2023-11-20 15:29:03
Moderate: avahi security update
2024-04-30 00:00:00
Moderate: avahi security update
2024-01-09 04:07:32
openvas
openvas
Mageia: Security Advisory (MGASA-2024-0016)
2024-01-26 00:00:00
Huawei EulerOS: Security Advisory for avahi (EulerOS-SA-2024-1410)
2024-03-21 00:00:00
Huawei EulerOS: Security Advisory for avahi (EulerOS-SA-2024-1353)
2024-03-14 00:00:00
nessus
nessus
RHEL 9 : avahi (RHSA-2024:2433)
2024-04-30 00:00:00
EulerOS Virtualization 2.11.1 : avahi (EulerOS-SA-2024-1410)
2024-03-21 00:00:00
EulerOS 2.0 SP10 : avahi (EulerOS-SA-2024-1053)
2024-01-16 00:00:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service due to multiple CVEs in Avahi
2023-07-28 14:38:12
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues
2024-05-07 17:07:44
Security Bulletin: Multiple Vulnerabilities in CloudPak for AIOps
2024-01-31 19:31:55
redhat
redhat
(RHSA-2024:2433) Moderate: avahi security update
2024-04-30 06:15:41
(RHSA-2023:7836) Moderate: avahi security update
2023-12-14 08:16:14
(RHSA-2024:0418) Moderate: avahi security update
2024-01-24 14:40:25
mageia
mageia
Updated avahi packages fix security vulnerabilities
2024-01-25 14:21:08
oraclelinux
oraclelinux
avahi security update
2024-05-03 00:00:00
avahi security update
2023-12-15 00:00:00
almalinux
almalinux
Moderate: avahi security update
2024-04-30 00:00:00
Moderate: avahi security update
2023-12-14 00:00:00
ubuntu
ubuntu
Avahi vulnerabilities
2023-11-20 00:00:00
rocky
rocky
avahi security update
2024-01-09 04:07:32
amazon
amazon
ubuntucve
ubuntucve
cvelist
cvelist
Reachable assertion in avahi_dns_packet_append_record
2023-11-02 14:49:26
Reachable assertion in dbus_set_host_name
2023-11-02 14:58:22
Reachable assertion in avahi_escape_label
2023-11-02 14:57:28
alpinelinux
alpinelinux
debiancve
debiancve
redhatcve
redhatcve
prion
prion
Authentication flaw
2023-11-02 15:15:00
Authentication flaw
2023-11-02 15:15:00
Authentication flaw
2023-11-02 15:15:00
cve
cve
cgr
cgr
CVE-2023-38471 vulnerabilities
2024-05-13 09:06:52
CVE-2023-38470 vulnerabilities
2024-05-13 09:06:52
CVE-2023-38469 vulnerabilities
2024-05-13 09:06:52
veracode
veracode
Reachable Assertion
2024-03-17 16:33:01
Reachable Assertion
2024-03-17 16:32:46
Reachable Assertion
2024-03-17 16:32:59
wolfi
wolfi
CVE-2023-38470 vulnerabilities
2024-05-15 09:07:01
CVE-2023-38471 vulnerabilities
2024-05-15 09:07:01
CVE-2023-38469 vulnerabilities
2024-05-15 09:07:01
hp
hp
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00
HP ThinPro 8.0 SP 8 Security Updates
2024-03-01 00:00:00
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
6.1 Medium
AI Score
Confidence
High
1.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:L/AC:L/Au:S/C:N/I:N/A:P
0.0004 Low
EPSS
Percentile
8.3%
Related for OPENVAS:1361412562311220241374