Lucene search

Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2024-1768)

Huawei EulerOS 'ncurses' package(s) update to fix CVE-2023-45918 and CVE-2023-5049

5 of 5AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Reporter	Title	Published	Views	Family All 122
Tenable Nessus	EulerOS 2.0 SP12 : ncurses (EulerOS-SA-2024-1745)	30 May 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP12 : ncurses (EulerOS-SA-2024-1768)	30 May 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : ncurses, ncurses-base, ncurses-c++-libs (ALAS2023-2024-554)	6 Mar 202400:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.10.1 : ncurses (EulerOS-SA-2024-2006)	18 Jul 202400:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.10.0 : ncurses (EulerOS-SA-2024-1988)	18 Jul 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP10 : ncurses (EulerOS-SA-2024-1597)	9 May 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP11 : ncurses (EulerOS-SA-2024-1792)	3 Jun 202400:00	–	nessus
Tenable Nessus	Linux Distros Unpatched Vulnerability : CVE-2023-50495	5 Mar 202500:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.11.0 : ncurses (EulerOS-SA-2024-1630)	15 May 202400:00	–	nessus
Tenable Nessus	EulerOS Virtualization 2.9.0 : ncurses (EulerOS-SA-2024-1474)	21 Mar 202400:00	–	nessus

Source	Link
developer	www.developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.1.2.2024.1768");
  script_cve_id("CVE-2023-45918", "CVE-2023-50495");
  script_tag(name:"creation_date", value:"2024-05-30 15:11:32 +0000 (Thu, 30 May 2024)");
  script_version("2024-05-31T05:05:30+0000");
  script_tag(name:"last_modification", value:"2024-05-31 05:05:30 +0000 (Fri, 31 May 2024)");
  script_tag(name:"cvss_base", value:"7.8");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-12-18 18:30:24 +0000 (Mon, 18 Dec 2023)");

  script_name("Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2024-1768)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("Huawei EulerOS Local Security Checks");
  script_dependencies("gb_huawei_euleros_consolidation.nasl");
  script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP12\-X86_64");

  script_xref(name:"Advisory-ID", value:"EulerOS-SA-2024-1768");
  script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2024-1768");

  script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'ncurses' package(s) announced via the EulerOS-SA-2024-1768 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"ncurses 6.4-20230610 has a NULL pointer dereference in tgetstr in tinfo/lib_termcap.c.(CVE-2023-45918)

NCurse v6.4-20230418 was discovered to contain a segmentation fault via the component _nc_wrap_entry().(CVE-2023-50495)");

  script_tag(name:"affected", value:"'ncurses' package(s) on Huawei EulerOS V2.0SP12(x86_64).");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "EULEROS-2.0SP12-x86_64") {

  if(!isnull(res = isrpmvuln(pkg:"ncurses", rpm:"ncurses~6.3~5.h7.eulerosv2r12", rls:"EULEROS-2.0SP12-x86_64"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"ncurses-base", rpm:"ncurses-base~6.3~5.h7.eulerosv2r12", rls:"EULEROS-2.0SP12-x86_64"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"ncurses-libs", rpm:"ncurses-libs~6.3~5.h7.eulerosv2r12", rls:"EULEROS-2.0SP12-x86_64"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

30 May 2024 00:00Current

6.7Medium risk

Vulners AI Score6.7

CVSS36.5

EPSS0.0005

SSVC