Lucene search
Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2024-1757)
🗓️ 30 May 2024 00:00:00Reported by Copyright (C) 2024 Greenbone AGType 
openvas🔗 plugins.openvas.org👁 13 Views
Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2024-1757) - Flaw in chfn and chsh utilitie
Show more
| Reporter | Title | Published | Views | Family All 67 |
|---|---|---|---|---|
 | Denial Of Service (DoS) | 16 Feb 202223:14 | – | veracode |
 | Privilege escalation | 21 Feb 202219:15 | – | prion |
 | util-linux has unspecified vulnerabilities | 16 Feb 202200:00 | – | cnvd |
 | EulerOS Virtualization 3.0.6.0 : util-linux (EulerOS-SA-2022-2593) | 10 Oct 202200:00 | – | nessus |
| Amazon Linux 2 : util-linux (ALAS-2022-1901) | 7 Dec 202200:00 | – | nessus |
| Photon OS 4.0: Util PHSA-2022-4.0-0182 | 23 Jul 202400:00 | – | nessus |
| Slackware Linux 15.0 / current util-linux Vulnerability (SSA:2022-046-02) | 16 Feb 202200:00 | – | nessus |
| EulerOS 2.0 SP9 : util-linux (EulerOS-SA-2022-1879) | 15 Jun 202200:00 | – | nessus |
| EulerOS Virtualization 2.9.1 : util-linux (EulerOS-SA-2022-2192) | 29 Jul 202200:00 | – | nessus |
| Photon OS 5.0: Util PHSA-2024-5.0-0424 | 2 Apr 202500:00 | – | nessus |
10
| Source | Link |
|---|---|
| developer | www.developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html |
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2024.1757");
script_cve_id("CVE-2022-0563");
script_tag(name:"creation_date", value:"2024-05-30 15:11:32 +0000 (Thu, 30 May 2024)");
script_version("2024-05-31T05:05:30+0000");
script_tag(name:"last_modification", value:"2024-05-31 05:05:30 +0000 (Fri, 31 May 2024)");
script_tag(name:"cvss_base", value:"1.9");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:P/I:N/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2022-03-07 17:22:25 +0000 (Mon, 07 Mar 2022)");
script_name("Huawei EulerOS: Security Advisory for util-linux (EulerOS-SA-2024-1757)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP12");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2024-1757");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2024-1757");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'util-linux' package(s) announced via the EulerOS-SA-2024-1757 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an 'INPUTRC' environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4.(CVE-2022-0563)");
script_tag(name:"affected", value:"'util-linux' package(s) on Huawei EulerOS V2.0SP12.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROS-2.0SP12") {
if(!isnull(res = isrpmvuln(pkg:"libblkid", rpm:"libblkid~2.37.2~13.h18.eulerosv2r12", rls:"EULEROS-2.0SP12"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libfdisk", rpm:"libfdisk~2.37.2~13.h18.eulerosv2r12", rls:"EULEROS-2.0SP12"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libmount", rpm:"libmount~2.37.2~13.h18.eulerosv2r12", rls:"EULEROS-2.0SP12"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libsmartcols", rpm:"libsmartcols~2.37.2~13.h18.eulerosv2r12", rls:"EULEROS-2.0SP12"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"libuuid", rpm:"libuuid~2.37.2~13.h18.eulerosv2r12", rls:"EULEROS-2.0SP12"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"util-linux", rpm:"util-linux~2.37.2~13.h18.eulerosv2r12", rls:"EULEROS-2.0SP12"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"util-linux-user", rpm:"util-linux-user~2.37.2~13.h18.eulerosv2r12", rls:"EULEROS-2.0SP12"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo30 May 2024 00:00Current
6.7Medium risk
Vulners AI Score6.7
CVSS21.9
CVSS35.5
EPSS0.00027