Huawei EulerOS: Security Advisory for avahi (EulerOS-SA-2024-1438)

2024-03-2100:00:00

plugins.openvas.org

huawei

euleros

avahi

security advisory

vulnerabilities

package

2.11.0

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.1 Medium

AI Score

Confidence

High

1.7 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:S/C:N/I:N/A:P

0.0004 Low

EPSS

Percentile

8.3%

JSON

The remote host is missing an update for the Huawei EulerOS

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.2.2024.1438");
  script_cve_id("CVE-2023-38469", "CVE-2023-38470", "CVE-2023-38471", "CVE-2023-38472", "CVE-2023-38473");
  script_tag(name:"creation_date", value:"2024-03-21 04:24:36 +0000 (Thu, 21 Mar 2024)");
  script_version("2024-03-21T05:06:54+0000");
  script_tag(name:"last_modification", value:"2024-03-21 05:06:54 +0000 (Thu, 21 Mar 2024)");
  script_tag(name:"cvss_base", value:"4.6");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:S/C:N/I:N/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-11-09 17:46:40 +0000 (Thu, 09 Nov 2023)");

  script_name("Huawei EulerOS: Security Advisory for avahi (EulerOS-SA-2024-1438)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("Huawei EulerOS Local Security Checks");
  script_dependencies("gb_huawei_euleros_consolidation.nasl");
  script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROSVIRT\-2\.11\.0");

  script_xref(name:"Advisory-ID", value:"EulerOS-SA-2024-1438");
  script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2024-1438");

  script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'avahi' package(s) announced via the EulerOS-SA-2024-1438 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"A vulnerability, which was classified as problematic, was found in avahi (version unknown). This affects the function avahi_escape_label. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.(CVE-2023-38470)

A vulnerability, which was classified as problematic, has been found in avahi (version now known). Affected by this issue is the function avahi_dns_packet_append_record. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.(CVE-2023-38469)

A vulnerability has been found in avahi (affected version unknown) and classified as problematic. This vulnerability affects the function dbus_set_host_name. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.(CVE-2023-38471)

A vulnerability was found in avahi (affected version not known) and classified as problematic. This issue affects the function avahi_rdata_parse. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.(CVE-2023-38472)

A vulnerability was found in avahi (the affected version unknown). It has been classified as problematic. Affected is the function avahi_alternative_host_name. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.(CVE-2023-38473)");

  script_tag(name:"affected", value:"'avahi' package(s) on Huawei EulerOS Virtualization release 2.11.0.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "EULEROSVIRT-2.11.0") {

  if(!isnull(res = isrpmvuln(pkg:"avahi-libs", rpm:"avahi-libs~0.8~12.h5.eulerosv2r11", rls:"EULEROSVIRT-2.11.0"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);