Search...

Re: Nokia N95-8 browser denial of service

2009-02-05T00:00:00

ID SECURITYVULNS:DOC:21307
Type securityvulns
Reporter Securityvulns
Modified 2009-02-05T00:00:00

Description

Hi,

Also crashes Firefox 3.06 (latest), Stack overflow. (to not be confused with stack buffer overflow)

Thu Feb 5 18:46:13.828 2009 (GMT+1): (15d8.17ec): Stack overflow - code c00000fd (first chance) eax=077e4b80 ebx=00000000 ecx=077e4b60 edx=00000000 esi=00000000 edi=077e4b60 eip=604fcc8f esp=00032fa0 ebp=0003304c iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206

Crash seems not to be recorded by the FF crash handled.

Regards, Thierry -- http://secdev.zoller.lu Thierry Zoller

JSON Vulners Source

Initial Source

{"id": "SECURITYVULNS:DOC:21307", "bulletinFamily": "software", "title": "Re: Nokia N95-8 browser denial of service", "description": "\r\nHi,\r\n\r\nAlso crashes Firefox 3.06 (latest), Stack overflow. (to not be confused\r\nwith stack buffer overflow)\r\n\r\nThu Feb 5 18:46:13.828 2009 (GMT+1): (15d8.17ec): Stack overflow - code c00000fd (first chance)\r\neax=077e4b80 ebx=00000000 ecx=077e4b60 edx=00000000 esi=00000000 edi=077e4b60\r\neip=604fcc8f esp=00032fa0 ebp=0003304c iopl=0 nv up ei pl nz na pe nc\r\ncs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206\r\n\r\nCrash seems not to be recorded by the FF crash handled.\r\n\r\nRegards,\r\nThierry\r\n-- \r\nhttp://secdev.zoller.lu\r\nThierry Zoller", "published": "2009-02-05T00:00:00", "modified": "2009-02-05T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21307", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:29", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "259272918057f73bd0fab1faa15a8932"}, {"key": "href", "hash": "4ffba99b090020715fe6cfe1af7806fe"}, {"key": "modified", "hash": "bace5b2470abbb2a1d18d36df4a6f755"}, {"key": "published", "hash": "bace5b2470abbb2a1d18d36df4a6f755"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "f79b6b2c75dcd71b7d32dbcf4798b235"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "9ec8a9501f1ec087f0f5ec4d94b0e278ef5f10a4417e969f0db97a4a1010a62d", "viewCount": 17, "enchantments": {"score": {"value": 3.7, "vector": "NONE", "modified": "2018-08-31T11:10:29"}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310852529", "OPENVAS:1361412562310852527"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1485-1", "OPENSUSE-SU-2019:1481-1", "OPENSUSE-SU-2019:1479-1"]}, {"type": "ubuntu", "idList": ["USN-3996-1"]}, {"type": "myhack58", "idList": ["MYHACK58:62201994293"]}, {"type": "zdt", "idList": ["1337DAY-ID-32799", "1337DAY-ID-32775", "1337DAY-ID-32772", "1337DAY-ID-32771", "1337DAY-ID-32767", "1337DAY-ID-32754", "1337DAY-ID-32753", "1337DAY-ID-32757", "1337DAY-ID-32725", "1337DAY-ID-32724"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:152997"]}, {"type": "kitploit", "idList": ["KITPLOIT:3928947731225997712"]}], "modified": "2018-08-31T11:10:29"}, "vulnersScore": 3.7}, "objectVersion": "1.3", "affectedSoftware": []}

{"cve": [{"lastseen": "2019-12-12T12:58:17", "bulletinFamily": "NVD", "description": "Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.", "modified": "2019-12-11T21:14:00", "id": "CVE-2013-5743", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5743", "published": "2019-12-11T19:15:00", "title": "CVE-2013-5743", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-12-12T12:58:15", "bulletinFamily": "NVD", "description": "includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of \".\" (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php.", "modified": "2019-12-11T21:14:00", "id": "CVE-2013-4303", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4303", "published": "2019-12-11T19:15:00", "title": "CVE-2013-4303", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-12-12T12:58:17", "bulletinFamily": "NVD", "description": "Multiple cross-site scripting (XSS) vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Product name or (2) Price description fields via a request to wp-admin/admin.php. NOTE: This issue may only cross privilege boundaries if used in combination with CVE-2013-5977.", "modified": "2019-12-11T21:14:00", "id": "CVE-2013-5978", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5978", "published": "2019-12-11T19:15:00", "title": "CVE-2013-5978", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-12-12T12:58:19", "bulletinFamily": "NVD", "description": "node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370)", "modified": "2019-12-11T16:05:00", "id": "CVE-2013-7371", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7371", "published": "2019-12-11T15:15:00", "title": "CVE-2013-7371", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-12-12T12:58:19", "bulletinFamily": "NVD", "description": "node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware", "modified": "2019-12-11T15:15:00", "id": "CVE-2013-7370", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7370", "published": "2019-12-11T14:15:00", "title": "CVE-2013-7370", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-12-11T14:57:12", "bulletinFamily": "NVD", "description": "mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.", "modified": "2019-12-10T02:13:00", "id": "CVE-2014-0242", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0242", "published": "2019-12-09T20:15:00", "title": "CVE-2014-0242", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2019-12-13T22:30:01", "bulletinFamily": "scanner", "description": "According to the versions of the gpgme package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - GnuPG Made Easy (GPGME) is a library designed to make\n access to GnuPG easier for applications. It provides a\n high-level crypto API for encryption, decryption,\n signing, signature verification and key management.\n\n - Security fix(es):\n\n - Multiple heap-based buffer overflows in the\n status_handler function in (1) engine-gpgsm.c and (2)\n engine-uiserver.c in GPGME before 1.5.1 allow remote\n attackers to cause a denial of service (crash) and\n possibly execute arbitrary code via vectors related to\n ", "modified": "2019-12-02T00:00:00", "id": "EULEROS_SA-2019-2406.NASL", "href": "https://www.tenable.com/plugins/nessus/131898", "published": "2019-12-10T00:00:00", "title": "EulerOS 2.0 SP2 : gpgme (EulerOS-SA-2019-2406)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131898);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\n \"CVE-2014-3564\"\n );\n script_bugtraq_id(\n 68990\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : gpgme (EulerOS-SA-2019-2406)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the gpgme package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - GnuPG Made Easy (GPGME) is a library designed to make\n access to GnuPG easier for applications. It provides a\n high-level crypto API for encryption, decryption,\n signing, signature verification and key management.\n\n - Security fix(es):\n\n - Multiple heap-based buffer overflows in the\n status_handler function in (1) engine-gpgsm.c and (2)\n engine-uiserver.c in GPGME before 1.5.1 allow remote\n attackers to cause a denial of service (crash) and\n possibly execute arbitrary code via vectors related to\n 'different line lengths in a specific\n order.'(CVE-2014-3564)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2406\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b11f06b5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected gpgme packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:gpgme\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"gpgme-1.3.2-5.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gpgme\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T22:29:51", "bulletinFamily": "scanner", "description": "According to the versions of the libpng packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Integer overflow in the png_set_unknown_chunks function\n in libpng/pngset.c in libpng before 1.5.14beta08 allows\n context-dependent attackers to cause a denial of\n service (segmentation fault and crash) via a crafted\n image, which triggers a heap-based buffer\n overflow.(CVE-2013-7353)\n\n - Multiple integer overflows in libpng before 1.5.14rc03\n allow remote attackers to cause a denial of service\n (crash) via a crafted image to the (1) png_set_sPLT or\n (2) png_set_text_2 function, which triggers a\n heap-based buffer overflow.(CVE-2013-7354)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "EULEROS_SA-2019-2383.NASL", "href": "https://www.tenable.com/plugins/nessus/131875", "published": "2019-12-10T00:00:00", "title": "EulerOS 2.0 SP2 : libpng (EulerOS-SA-2019-2383)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131875);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\n \"CVE-2013-7353\",\n \"CVE-2013-7354\"\n );\n script_bugtraq_id(\n 67344,\n 67345\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : libpng (EulerOS-SA-2019-2383)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libpng packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Integer overflow in the png_set_unknown_chunks function\n in libpng/pngset.c in libpng before 1.5.14beta08 allows\n context-dependent attackers to cause a denial of\n service (segmentation fault and crash) via a crafted\n image, which triggers a heap-based buffer\n overflow.(CVE-2013-7353)\n\n - Multiple integer overflows in libpng before 1.5.14rc03\n allow remote attackers to cause a denial of service\n (crash) via a crafted image to the (1) png_set_sPLT or\n (2) png_set_text_2 function, which triggers a\n heap-based buffer overflow.(CVE-2013-7354)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2383\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6c58d8aa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libpng packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"libpng-1.5.13-7.h7\",\n \"libpng-devel-1.5.13-7.h7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-13T22:30:03", "bulletinFamily": "scanner", "description": "According to the versions of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - The default configuration for cURL and libcurl before\n 7.42.1 sends custom HTTP headers to both the proxy and\n destination server, which might allow remote proxy\n servers to obtain sensitive information by reading the\n header contents.(CVE-2015-3153)\n\n - curl before version 7.51.0 uses outdated IDNA 2003\n standard to handle International Domain Names and this\n may lead users to potentially and unknowingly issue\n network transfer requests to the wrong\n host.(CVE-2016-8625)\n\n - Heap buffer overflow in the TFTP protocol handler in\n cURL 7.19.4 to 7.65.3.(CVE-2019-5482)\n\n - Curl versions 7.14.1 through 7.61.1 are vulnerable to a\n heap-based buffer over-read in the tool_msgs.c:voutf()\n function that may result in information exposure and\n denial of service.(CVE-2018-16842)\n\n - The ConnectionExists function in lib/url.c in libcurl\n before 7.47.0 does not properly re-use\n NTLM-authenticated proxy connections, which might allow\n remote attackers to authenticate as other users via a\n request, a similar issue to\n CVE-2014-0015.(CVE-2016-0755)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "EULEROS_SA-2019-2410.NASL", "href": "https://www.tenable.com/plugins/nessus/131902", "published": "2019-12-10T00:00:00", "title": "EulerOS 2.0 SP2 : curl (EulerOS-SA-2019-2410)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131902);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\n \"CVE-2015-3153\",\n \"CVE-2016-0755\",\n \"CVE-2016-8625\",\n \"CVE-2018-16842\",\n \"CVE-2019-5482\"\n );\n script_bugtraq_id(\n 74408\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : curl (EulerOS-SA-2019-2410)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - The default configuration for cURL and libcurl before\n 7.42.1 sends custom HTTP headers to both the proxy and\n destination server, which might allow remote proxy\n servers to obtain sensitive information by reading the\n header contents.(CVE-2015-3153)\n\n - curl before version 7.51.0 uses outdated IDNA 2003\n standard to handle International Domain Names and this\n may lead users to potentially and unknowingly issue\n network transfer requests to the wrong\n host.(CVE-2016-8625)\n\n - Heap buffer overflow in the TFTP protocol handler in\n cURL 7.19.4 to 7.65.3.(CVE-2019-5482)\n\n - Curl versions 7.14.1 through 7.61.1 are vulnerable to a\n heap-based buffer over-read in the tool_msgs.c:voutf()\n function that may result in information exposure and\n denial of service.(CVE-2018-16842)\n\n - The ConnectionExists function in lib/url.c in libcurl\n before 7.47.0 does not properly re-use\n NTLM-authenticated proxy connections, which might allow\n remote attackers to authenticate as other users via a\n request, a similar issue to\n CVE-2014-0015.(CVE-2016-0755)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2410\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6c4001b3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-35.h30\",\n \"libcurl-7.29.0-35.h30\",\n \"libcurl-devel-7.29.0-35.h30\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T22:30:06", "bulletinFamily": "scanner", "description": "According to the versions of the perl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - The Dumper method in Data::Dumper before 2.154, as used\n in Perl 5.20.1 and earlier, allows context-dependent\n attackers to cause a denial of service (stack\n consumption and crash) via an Array-Reference with many\n nested Array-References, which triggers a large number\n of recursive calls to the DD_dump\n function.(CVE-2014-4330)\n\n - Integer underflow in regcomp.c in Perl before 5.20, as\n used in Apple OS X before 10.10.5 and other products,\n allows context-dependent attackers to execute arbitrary\n code or cause a denial of service (application crash)\n via a long digit string associated with an invalid\n backreference within a regular\n expression.(CVE-2013-7422)\n\n - (1) cpan/Archive-Tar/bin/ptar, (2)\n cpan/Archive-Tar/bin/ptardiff, (3)\n cpan/Archive-Tar/bin/ptargrep, (4)\n cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6)\n cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess,\n (8) cpan/Encode/bin/piconv, (9)\n cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump,\n (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12)\n cpan/IO-Compress/bin/zipdetails, (13)\n cpan/JSON-PP/bin/json_pp, (14)\n cpan/Test-Harness/bin/prove, (15)\n dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16)\n dist/Module-CoreList/corelist, (17)\n ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19)\n utils/h2ph.PL, (20) utils/h2xs.PL, (21)\n utils/libnetcfg.PL, (22) utils/perlbug.PL, (23)\n utils/perldoc.PL, (24) utils/perlivp.PL, and (25)\n utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24\n before 5.24.1-RC2 do not properly remove . (period)\n characters from the end of the includes directory\n array, which might allow local users to gain privileges\n via a Trojan horse module under the current working\n directory.(CVE-2016-1238)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "EULEROS_SA-2019-2419.NASL", "href": "https://www.tenable.com/plugins/nessus/131911", "published": "2019-12-10T00:00:00", "title": "EulerOS 2.0 SP2 : perl (EulerOS-SA-2019-2419)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131911);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\n \"CVE-2013-7422\",\n \"CVE-2014-4330\",\n \"CVE-2016-1238\"\n );\n script_bugtraq_id(\n 70142,\n 75704\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : perl (EulerOS-SA-2019-2419)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the perl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - The Dumper method in Data::Dumper before 2.154, as used\n in Perl 5.20.1 and earlier, allows context-dependent\n attackers to cause a denial of service (stack\n consumption and crash) via an Array-Reference with many\n nested Array-References, which triggers a large number\n of recursive calls to the DD_dump\n function.(CVE-2014-4330)\n\n - Integer underflow in regcomp.c in Perl before 5.20, as\n used in Apple OS X before 10.10.5 and other products,\n allows context-dependent attackers to execute arbitrary\n code or cause a denial of service (application crash)\n via a long digit string associated with an invalid\n backreference within a regular\n expression.(CVE-2013-7422)\n\n - (1) cpan/Archive-Tar/bin/ptar, (2)\n cpan/Archive-Tar/bin/ptardiff, (3)\n cpan/Archive-Tar/bin/ptargrep, (4)\n cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6)\n cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess,\n (8) cpan/Encode/bin/piconv, (9)\n cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump,\n (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12)\n cpan/IO-Compress/bin/zipdetails, (13)\n cpan/JSON-PP/bin/json_pp, (14)\n cpan/Test-Harness/bin/prove, (15)\n dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16)\n dist/Module-CoreList/corelist, (17)\n ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19)\n utils/h2ph.PL, (20) utils/h2xs.PL, (21)\n utils/libnetcfg.PL, (22) utils/perlbug.PL, (23)\n utils/perldoc.PL, (24) utils/perlivp.PL, and (25)\n utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24\n before 5.24.1-RC2 do not properly remove . (period)\n characters from the end of the includes directory\n array, which might allow local users to gain privileges\n via a Trojan horse module under the current working\n directory.(CVE-2016-1238)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2419\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?49511b71\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected perl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"perl-5.16.3-285.h7\",\n \"perl-core-5.16.3-285.h7\",\n \"perl-devel-5.16.3-285.h7\",\n \"perl-libs-5.16.3-285.h7\",\n \"perl-macros-5.16.3-285.h7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T22:29:37", "bulletinFamily": "scanner", "description": "According to the version of the graphviz packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - Format string vulnerability in the yyerror function in\n lib/cgraph/scan.l in Graphviz allows remote attackers\n to have unspecified impact via format string specifiers\n in unknown vectors, which are not properly handled in\n an error string.(CVE-2014-9157)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "EULEROS_SA-2019-2355.NASL", "href": "https://www.tenable.com/plugins/nessus/131847", "published": "2019-12-10T00:00:00", "title": "EulerOS 2.0 SP2 : graphviz (EulerOS-SA-2019-2355)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131847);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\n \"CVE-2014-9157\"\n );\n script_bugtraq_id(\n 71283\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : graphviz (EulerOS-SA-2019-2355)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the graphviz packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - Format string vulnerability in the yyerror function in\n lib/cgraph/scan.l in Graphviz allows remote attackers\n to have unspecified impact via format string specifiers\n in unknown vectors, which are not properly handled in\n an error string.(CVE-2014-9157)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2355\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fc2fec25\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected graphviz package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:graphviz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:graphviz-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"graphviz-2.30.1-19.h3\",\n \"graphviz-tcl-2.30.1-19.h3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"graphviz\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T22:29:50", "bulletinFamily": "scanner", "description": "According to the versions of the qt packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - QXmlSimpleReader in Qt before 5.2 allows\n context-dependent attackers to cause a denial of\n service (memory consumption) via an XML Entity\n Expansion (XEE) attack.(CVE-2013-4549)\n\n - An issue was discovered in Qt before 5.11.3. There is\n QTgaFile Uncontrolled Resource\n Consumption.(CVE-2018-19871)\n\n - QXmlStream in Qt 5.x before 5.11.3 has a double-free or\n corruption during parsing of a specially crafted\n illegal XML document.(CVE-2018-15518)\n\n - An issue was discovered in Qt 5.11. A malformed PPM\n image causes a division by zero and a crash in\n qppmhandler.cpp.(CVE-2018-19872)\n\n - Multiple buffer overflows in gui/image/qbmphandler.cpp\n in the QtBase module in Qt before 4.8.7 and 5.x before\n 5.4.2 allow remote attackers to cause a denial of\n service (segmentation fault and crash) and possibly\n execute arbitrary code via a crafted BMP\n image.(CVE-2015-1858)\n\n - Multiple buffer overflows in\n plugins/imageformats/ico/qicohandler.cpp in the QtBase\n module in Qt before 4.8.7 and 5.x before 5.4.2 allow\n remote attackers to cause a denial of service\n (segmentation fault and crash) and possibly execute\n arbitrary code via a crafted ICO image.(CVE-2015-1859)\n\n - Multiple buffer overflows in gui/image/qgifhandler.cpp\n in the QtBase module in Qt before 4.8.7 and 5.x before\n 5.4.2 allow remote attackers to cause a denial of\n service (segmentation fault) and possibly execute\n arbitrary code via a crafted GIF image.(CVE-2015-1860)\n\n - The BMP decoder in QtGui in QT before 5.5 does not\n properly calculate the masks used to extract the color\n components, which allows remote attackers to cause a\n denial of service (divide-by-zero and crash) via a\n crafted BMP file.(CVE-2015-0295)\n\n - The GIF decoder in QtGui in Qt before 5.3 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference) via invalid width and height values in a\n GIF image.(CVE-2014-0190)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "EULEROS_SA-2019-2381.NASL", "href": "https://www.tenable.com/plugins/nessus/131873", "published": "2019-12-10T00:00:00", "title": "EulerOS 2.0 SP2 : qt (EulerOS-SA-2019-2381)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131873);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\n \"CVE-2013-4549\",\n \"CVE-2014-0190\",\n \"CVE-2015-0295\",\n \"CVE-2015-1858\",\n \"CVE-2015-1859\",\n \"CVE-2015-1860\",\n \"CVE-2018-15518\",\n \"CVE-2018-19871\",\n \"CVE-2018-19872\"\n );\n script_bugtraq_id(\n 64418,\n 67087,\n 73029,\n 74302,\n 74307,\n 74309,\n 74310\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : qt (EulerOS-SA-2019-2381)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the qt packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - QXmlSimpleReader in Qt before 5.2 allows\n context-dependent attackers to cause a denial of\n service (memory consumption) via an XML Entity\n Expansion (XEE) attack.(CVE-2013-4549)\n\n - An issue was discovered in Qt before 5.11.3. There is\n QTgaFile Uncontrolled Resource\n Consumption.(CVE-2018-19871)\n\n - QXmlStream in Qt 5.x before 5.11.3 has a double-free or\n corruption during parsing of a specially crafted\n illegal XML document.(CVE-2018-15518)\n\n - An issue was discovered in Qt 5.11. A malformed PPM\n image causes a division by zero and a crash in\n qppmhandler.cpp.(CVE-2018-19872)\n\n - Multiple buffer overflows in gui/image/qbmphandler.cpp\n in the QtBase module in Qt before 4.8.7 and 5.x before\n 5.4.2 allow remote attackers to cause a denial of\n service (segmentation fault and crash) and possibly\n execute arbitrary code via a crafted BMP\n image.(CVE-2015-1858)\n\n - Multiple buffer overflows in\n plugins/imageformats/ico/qicohandler.cpp in the QtBase\n module in Qt before 4.8.7 and 5.x before 5.4.2 allow\n remote attackers to cause a denial of service\n (segmentation fault and crash) and possibly execute\n arbitrary code via a crafted ICO image.(CVE-2015-1859)\n\n - Multiple buffer overflows in gui/image/qgifhandler.cpp\n in the QtBase module in Qt before 4.8.7 and 5.x before\n 5.4.2 allow remote attackers to cause a denial of\n service (segmentation fault) and possibly execute\n arbitrary code via a crafted GIF image.(CVE-2015-1860)\n\n - The BMP decoder in QtGui in QT before 5.5 does not\n properly calculate the masks used to extract the color\n components, which allows remote attackers to cause a\n denial of service (divide-by-zero and crash) via a\n crafted BMP file.(CVE-2015-0295)\n\n - The GIF decoder in QtGui in Qt before 5.3 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference) via invalid width and height values in a\n GIF image.(CVE-2014-0190)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2381\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?951c4700\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected qt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15518\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"qt-4.8.5-12.h6\",\n \"qt-devel-4.8.5-12.h6\",\n \"qt-mysql-4.8.5-12.h6\",\n \"qt-odbc-4.8.5-12.h6\",\n \"qt-postgresql-4.8.5-12.h6\",\n \"qt-x11-4.8.5-12.h6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T22:29:53", "bulletinFamily": "scanner", "description": "According to the versions of the icu packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - Stack-based buffer overflow in the Locale class in\n common/locid.cpp in International Components for\n Unicode (ICU) through 57.1 for C/C++ allows remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a\n long locale string.(CVE-2016-7415)\n\n - Integer overflow in international date handling in\n International Components for Unicode (ICU) for C/C++\n before 60.1, as used in V8 in Google Chrome prior to\n 63.0.3239.84 and other products, allowed a remote\n attacker to perform an out of bounds memory read via a\n crafted HTML page.(CVE-2017-15422)\n\n - The Regular Expressions package in International\n Components for Unicode (ICU) 52 before SVN revision\n 292944, as used in Google Chrome before 40.0.2214.91,\n allows remote attackers to cause a denial of service\n (memory corruption) or possibly have unspecified other\n impact via vectors related to a look-behind\n expression.(CVE-2014-7923)\n\n - The Regular Expressions package in International\n Components for Unicode (ICU) 52 before SVN revision\n 292944, as used in Google Chrome before 40.0.2214.91,\n allows remote attackers to cause a denial of service\n (memory corruption) or possibly have unspecified other\n impact via vectors related to a zero-length\n quantifier.(CVE-2014-7926)\n\n - The collator implementation in i18n/ucol.cpp in\n International Components for Unicode (ICU) 52 through\n SVN revision 293126, as used in Google Chrome before\n 40.0.2214.91, does not initialize memory for a data\n structure, which allows remote attackers to cause a\n denial of service or possibly have unspecified other\n impact via a crafted character sequence.(CVE-2014-7940)\n\n - The Regular Expressions package in International\n Components for Unicode (ICU) for C/C++ before\n 2014-12-03, as used in Google Chrome before\n 40.0.2214.91, calculates certain values without\n ensuring that they can be represented in a 24-bit\n field, which allows remote attackers to cause a denial\n of service (memory corruption) or possibly have\n unspecified other impact via a crafted string, a\n related issue to CVE-2014-7923.(CVE-2014-9654)\n\n - Unspecified vulnerability in Oracle Java SE 6u101,\n 7u85, and 8u60, and Java SE Embedded 8u51, allows\n remote attackers to affect confidentiality, integrity,\n and availability via unknown vectors related to\n 2D.(CVE-2015-4844)\n\n - The uloc_acceptLanguageFromHTTP function in\n common/uloc.cpp in International Components for Unicode\n (ICU) through 57.1 for C/C++ does not ensure that there\n is a ", "modified": "2019-12-02T00:00:00", "id": "EULEROS_SA-2019-2390.NASL", "href": "https://www.tenable.com/plugins/nessus/131882", "published": "2019-12-10T00:00:00", "title": "EulerOS 2.0 SP2 : icu (EulerOS-SA-2019-2390)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131882);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\n \"CVE-2014-7923\",\n \"CVE-2014-7926\",\n \"CVE-2014-7940\",\n \"CVE-2014-9654\",\n \"CVE-2015-4844\",\n \"CVE-2016-6293\",\n \"CVE-2016-7415\",\n \"CVE-2017-15422\",\n \"CVE-2017-7867\",\n \"CVE-2017-7868\"\n );\n script_bugtraq_id(\n 72288,\n 72980\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : icu (EulerOS-SA-2019-2390)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the icu packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - Stack-based buffer overflow in the Locale class in\n common/locid.cpp in International Components for\n Unicode (ICU) through 57.1 for C/C++ allows remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a\n long locale string.(CVE-2016-7415)\n\n - Integer overflow in international date handling in\n International Components for Unicode (ICU) for C/C++\n before 60.1, as used in V8 in Google Chrome prior to\n 63.0.3239.84 and other products, allowed a remote\n attacker to perform an out of bounds memory read via a\n crafted HTML page.(CVE-2017-15422)\n\n - The Regular Expressions package in International\n Components for Unicode (ICU) 52 before SVN revision\n 292944, as used in Google Chrome before 40.0.2214.91,\n allows remote attackers to cause a denial of service\n (memory corruption) or possibly have unspecified other\n impact via vectors related to a look-behind\n expression.(CVE-2014-7923)\n\n - The Regular Expressions package in International\n Components for Unicode (ICU) 52 before SVN revision\n 292944, as used in Google Chrome before 40.0.2214.91,\n allows remote attackers to cause a denial of service\n (memory corruption) or possibly have unspecified other\n impact via vectors related to a zero-length\n quantifier.(CVE-2014-7926)\n\n - The collator implementation in i18n/ucol.cpp in\n International Components for Unicode (ICU) 52 through\n SVN revision 293126, as used in Google Chrome before\n 40.0.2214.91, does not initialize memory for a data\n structure, which allows remote attackers to cause a\n denial of service or possibly have unspecified other\n impact via a crafted character sequence.(CVE-2014-7940)\n\n - The Regular Expressions package in International\n Components for Unicode (ICU) for C/C++ before\n 2014-12-03, as used in Google Chrome before\n 40.0.2214.91, calculates certain values without\n ensuring that they can be represented in a 24-bit\n field, which allows remote attackers to cause a denial\n of service (memory corruption) or possibly have\n unspecified other impact via a crafted string, a\n related issue to CVE-2014-7923.(CVE-2014-9654)\n\n - Unspecified vulnerability in Oracle Java SE 6u101,\n 7u85, and 8u60, and Java SE Embedded 8u51, allows\n remote attackers to affect confidentiality, integrity,\n and availability via unknown vectors related to\n 2D.(CVE-2015-4844)\n\n - The uloc_acceptLanguageFromHTTP function in\n common/uloc.cpp in International Components for Unicode\n (ICU) through 57.1 for C/C++ does not ensure that there\n is a '\\0' character at the end of a certain temporary\n array, which allows remote attackers to cause a denial\n of service (out-of-bounds read) or possibly have\n unspecified other impact via a call with a long\n httpAcceptLanguage argument.(CVE-2016-6293)\n\n - International Components for Unicode (ICU) for C/C++\n before 2017-02-13 has an out-of-bounds write caused by\n a heap-based buffer overflow related to the\n utf8TextAccess function in common/utext.cpp and the\n utext_setNativeIndex* function.(CVE-2017-7867)\n\n - International Components for Unicode (ICU) for C/C++\n before 2017-02-13 has an out-of-bounds write caused by\n a heap-based buffer overflow related to the\n utf8TextAccess function in common/utext.cpp and the\n utext_moveIndex32* function.(CVE-2017-7868)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2390\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76e7c95c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected icu packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libicu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libicu-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"libicu-50.1.2-15.h4\",\n \"libicu-devel-50.1.2-15.h4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icu\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T22:29:43", "bulletinFamily": "scanner", "description": "According to the version of the cifs-utils package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - Stack-based buffer overflow in cifskey.c or cifscreds.c\n in cifs-utils before 6.4, as used in pam_cifscreds,\n allows remote attackers to have unspecified impact via\n unknown vectors.(CVE-2014-2830)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "EULEROS_SA-2019-2366.NASL", "href": "https://www.tenable.com/plugins/nessus/131858", "published": "2019-12-10T00:00:00", "title": "EulerOS 2.0 SP2 : cifs-utils (EulerOS-SA-2019-2366)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131858);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\n \"CVE-2014-2830\"\n );\n script_bugtraq_id(\n 66743\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : cifs-utils (EulerOS-SA-2019-2366)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the cifs-utils package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - Stack-based buffer overflow in cifskey.c or cifscreds.c\n in cifs-utils before 6.4, as used in pam_cifscreds,\n allows remote attackers to have unspecified impact via\n unknown vectors.(CVE-2014-2830)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2366\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?69557fa1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cifs-utils package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cifs-utils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"cifs-utils-6.2-7.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cifs-utils\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T22:29:38", "bulletinFamily": "scanner", "description": "According to the versions of the libXfont package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The LZW decompressor in (1) the BufCompressedFill\n function in fontfile/decompress.c in X.Org libXfont\n before 1.4.4 and (2) compress/compress.c in 4.3BSD, as\n used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD\n 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1,\n FreeType 2.1.9, and other products, does not properly\n handle code words that are absent from the\n decompression table when encountered, which allows\n context-dependent attackers to trigger an infinite loop\n or a heap-based buffer overflow, and possibly execute\n arbitrary code, via a crafted compressed stream, a\n related issue to CVE-2006-1168 and\n CVE-2011-2896.(CVE-2011-2895)\n\n - In the pcfGetProperties function in bitmap/pcfread.c in\n libXfont through 1.5.2 and 2.x before 2.0.2, a missing\n boundary check (for PCF files) could be used by local\n attackers authenticated to an Xserver for a buffer\n over-read, for information disclosure or a crash of the\n X server.(CVE-2017-13722)\n\n - In the PatternMatch function in fontfile/fontdir.c in\n libXfont through 1.5.2 and 2.x before 2.0.2, an\n attacker with access to an X connection can cause a\n buffer over-read during pattern matching of fonts,\n leading to information disclosure or a crash (denial of\n service). This occurs because ", "modified": "2019-12-02T00:00:00", "id": "EULEROS_SA-2019-2357.NASL", "href": "https://www.tenable.com/plugins/nessus/131849", "published": "2019-12-10T00:00:00", "title": "EulerOS 2.0 SP2 : libXfont (EulerOS-SA-2019-2357)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131849);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\n \"CVE-2011-2895\",\n \"CVE-2017-13720\",\n \"CVE-2017-13722\",\n \"CVE-2017-16611\"\n );\n script_bugtraq_id(\n 49124\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : libXfont (EulerOS-SA-2019-2357)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libXfont package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - The LZW decompressor in (1) the BufCompressedFill\n function in fontfile/decompress.c in X.Org libXfont\n before 1.4.4 and (2) compress/compress.c in 4.3BSD, as\n used in zopen.c in OpenBSD before 3.8, FreeBSD, NetBSD\n 4.0.x and 5.0.x before 5.0.3 and 5.1.x before 5.1.1,\n FreeType 2.1.9, and other products, does not properly\n handle code words that are absent from the\n decompression table when encountered, which allows\n context-dependent attackers to trigger an infinite loop\n or a heap-based buffer overflow, and possibly execute\n arbitrary code, via a crafted compressed stream, a\n related issue to CVE-2006-1168 and\n CVE-2011-2896.(CVE-2011-2895)\n\n - In the pcfGetProperties function in bitmap/pcfread.c in\n libXfont through 1.5.2 and 2.x before 2.0.2, a missing\n boundary check (for PCF files) could be used by local\n attackers authenticated to an Xserver for a buffer\n over-read, for information disclosure or a crash of the\n X server.(CVE-2017-13722)\n\n - In the PatternMatch function in fontfile/fontdir.c in\n libXfont through 1.5.2 and 2.x before 2.0.2, an\n attacker with access to an X connection can cause a\n buffer over-read during pattern matching of fonts,\n leading to information disclosure or a crash (denial of\n service). This occurs because '\\0' characters are\n incorrectly skipped in situations involving ?\n characters.(CVE-2017-13720)\n\n - In libXfont before 1.5.4 and libXfont2 before 2.0.3, a\n local attacker can open (but not read) files on the\n system as root, triggering tape rewinds, watchdogs, or\n similar mechanisms that can be triggered by opening\n files.(CVE-2017-16611)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2357\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4bd72a1c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libXfont packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libXfont\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"libXfont-1.5.1-2.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libXfont\");\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T22:29:58", "bulletinFamily": "scanner", "description": "According to the version of the jakarta-commons-httpclient package\ninstalled, the EulerOS installation on the remote host is affected by\nthe following vulnerability :\n\n - http/conn/ssl/SSLConnectionSocketFactory.java in Apache\n HttpComponents HttpClient before 4.3.6 ignores the\n http.socket.timeout configuration setting during an SSL\n handshake, which allows remote attackers to cause a\n denial of service (HTTPS call hang) via unspecified\n vectors.(CVE-2015-5262)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "EULEROS_SA-2019-2397.NASL", "href": "https://www.tenable.com/plugins/nessus/131889", "published": "2019-12-10T00:00:00", "title": "EulerOS 2.0 SP2 : jakarta-commons-httpclient (EulerOS-SA-2019-2397)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131889);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\n \"CVE-2015-5262\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : jakarta-commons-httpclient (EulerOS-SA-2019-2397)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the jakarta-commons-httpclient package\ninstalled, the EulerOS installation on the remote host is affected by\nthe following vulnerability :\n\n - http/conn/ssl/SSLConnectionSocketFactory.java in Apache\n HttpComponents HttpClient before 4.3.6 ignores the\n http.socket.timeout configuration setting during an SSL\n handshake, which allows remote attackers to cause a\n denial of service (HTTPS call hang) via unspecified\n vectors.(CVE-2015-5262)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2397\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?424ab293\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jakarta-commons-httpclient package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:jakarta-commons-httpclient\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"jakarta-commons-httpclient-3.1-16.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jakarta-commons-httpclient\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}]}