ID SECURITYVULNS:DOC:5321 Type securityvulns Reporter Securityvulns Modified 2003-10-30T00:00:00
Description
TelCondex SimpleWebserver Buffer Overflow
The TelCondex SimpleWebserver 2.12.30210 Build 3285 is vulnerable to a
remote executable buffer overflow, due to missing length check on the
referer-variable of the HTTP-header.
It is possible to overwrite the stack, and therefore to execute
arbitrary code on the system.
The vuln can be tested with netcat or telnet:
netcat webserver 80
GET /index.htm HTTP/1.0\r\n
Referer: 700 x [A]\r\n\r\n
The Webserver crashes at >= 700 bytes. A buffer of 704 bytes will overwrite
the return address on the stack.
The vendor was informed about the vuln on Mon. 27.10.03, and respondet
on Tue. 28.10.03 with a fixed version!
--
NEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien...
Fotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService
Jetzt kostenlos anmelden unter http://www.gmx.net
+++ GMX - die erste Adresse für Mail, Message, More! +++
{"id": "SECURITYVULNS:DOC:5321", "bulletinFamily": "software", "title": "TelCondex SimpleWebserver Buffer Overflow", "description": "TelCondex SimpleWebserver Buffer Overflow\r\n=========================================\r\n\r\nThe TelCondex SimpleWebserver 2.12.30210 Build 3285 is vulnerable to a \r\nremote executable buffer overflow, due to missing length check on the \r\nreferer-variable of the HTTP-header.\r\n\r\nIt is possible to overwrite the stack, and therefore to execute \r\narbitrary code on the system. \r\n\r\nThe vuln can be tested with netcat or telnet:\r\n\r\nnetcat webserver 80\r\n\r\nGET /index.htm HTTP/1.0\r\n\r\nReferer: 700 x [A]\r\n\r\n\r\n\r\nThe Webserver crashes at >= 700 bytes. A buffer of 704 bytes will overwrite \r\nthe return address on the stack.\r\n\r\nThe vendor was informed about the vuln on Mon. 27.10.03, and respondet\r\non Tue. 28.10.03 with a fixed version!\r\n\r\nThe new (fixed) version (2.13) is available at:\r\n\r\nhttp://www.yourinfosystem.de/download/TcSimpleWebServer2000Setup.exe\r\n\r\n\r\nRegards,\r\n\r\nOliver Karow\r\n\r\nemail: oliver.karow_AT_gmx.de\r\nweb: www.oliverkarow.de\r\n\r\n-- \r\nNEU FÜR ALLE - GMX MediaCenter - für Fotos, Musik, Dateien...\r\nFotoalbum, File Sharing, MMS, Multimedia-Gruß, GMX FotoService\r\n\r\nJetzt kostenlos anmelden unter http://www.gmx.net\r\n\r\n+++ GMX - die erste Adresse für Mail, Message, More! +++\r\n", "published": "2003-10-30T00:00:00", "modified": "2003-10-30T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:5321", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:08", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "9633056e93dd06870f0f228a28e4d3db"}, {"key": "href", "hash": "b98404c6fb43ddd252d25c4f5a78d70f"}, {"key": "modified", "hash": "93c9e05649c97da4022bfa1363d5fca2"}, {"key": "published", "hash": "93c9e05649c97da4022bfa1363d5fca2"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "543d59d8b4b06127bc6f1ce73807543b"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "1b88fe30f780ee88d8547a7bc28bc16d96dc1c2af16f2ffbe7f43934e31b2d77", "viewCount": 6, "enchantments": {"score": {"value": 6.4, "vector": "NONE", "modified": "2018-08-31T11:10:08"}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310852529", "OPENVAS:1361412562310852527"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1485-1", "OPENSUSE-SU-2019:1481-1", "OPENSUSE-SU-2019:1479-1"]}, {"type": "ubuntu", "idList": ["USN-3996-1"]}, {"type": "myhack58", "idList": ["MYHACK58:62201994293"]}, {"type": "cve", "idList": ["CVE-2019-8346"]}, {"type": "zdt", "idList": ["1337DAY-ID-32799", "1337DAY-ID-32775", "1337DAY-ID-32772", "1337DAY-ID-32771", "1337DAY-ID-32767", "1337DAY-ID-32754", "1337DAY-ID-32753", "1337DAY-ID-32757", "1337DAY-ID-32725", "1337DAY-ID-32724"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:152997"]}, {"type": "kitploit", "idList": ["KITPLOIT:3928947731225997712"]}], "modified": "2018-08-31T11:10:08"}, "vulnersScore": 6.4}, "objectVersion": "1.3", "affectedSoftware": []}
{"cve": [{"lastseen": "2019-12-12T12:58:17", "bulletinFamily": "NVD", "description": "Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.", "modified": "2019-12-11T21:14:00", "id": "CVE-2013-5743", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5743", "published": "2019-12-11T19:15:00", "title": "CVE-2013-5743", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-12-12T12:58:15", "bulletinFamily": "NVD", "description": "includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of \".\" (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php.", "modified": "2019-12-11T21:14:00", "id": "CVE-2013-4303", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4303", "published": "2019-12-11T19:15:00", "title": "CVE-2013-4303", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-12-12T12:58:17", "bulletinFamily": "NVD", "description": "Multiple cross-site scripting (XSS) vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Product name or (2) Price description fields via a request to wp-admin/admin.php. NOTE: This issue may only cross privilege boundaries if used in combination with CVE-2013-5977.", "modified": "2019-12-11T21:14:00", "id": "CVE-2013-5978", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5978", "published": "2019-12-11T19:15:00", "title": "CVE-2013-5978", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-12-12T12:58:19", "bulletinFamily": "NVD", "description": "node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370)", "modified": "2019-12-11T16:05:00", "id": "CVE-2013-7371", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7371", "published": "2019-12-11T15:15:00", "title": "CVE-2013-7371", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-12-12T12:58:19", "bulletinFamily": "NVD", "description": "node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware", "modified": "2019-12-11T15:15:00", "id": "CVE-2013-7370", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7370", "published": "2019-12-11T14:15:00", "title": "CVE-2013-7370", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-12-11T14:57:12", "bulletinFamily": "NVD", "description": "mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.", "modified": "2019-12-10T02:13:00", "id": "CVE-2014-0242", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0242", "published": "2019-12-09T20:15:00", "title": "CVE-2014-0242", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2019-12-13T06:30:17", "bulletinFamily": "scanner", "description": "According to the version of the graphviz packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - Format string vulnerability in the yyerror function in\n lib/cgraph/scan.l in Graphviz allows remote attackers\n to have unspecified impact via format string specifiers\n in unknown vectors, which are not properly handled in\n an error string.(CVE-2014-9157)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "published": "2019-12-10T00:00:00", "id": "EULEROS_SA-2019-2355.NASL", "href": "https://www.tenable.com/plugins/nessus/131847", "title": "EulerOS 2.0 SP2 : graphviz (EulerOS-SA-2019-2355)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131847);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/12/10\");\n\n script_cve_id(\n \"CVE-2014-9157\"\n );\n script_bugtraq_id(\n 71283\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : graphviz (EulerOS-SA-2019-2355)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the graphviz packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - Format string vulnerability in the yyerror function in\n lib/cgraph/scan.l in Graphviz allows remote attackers\n to have unspecified impact via format string specifiers\n in unknown vectors, which are not properly handled in\n an error string.(CVE-2014-9157)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2355\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fc2fec25\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected graphviz package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:graphviz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:graphviz-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"graphviz-2.30.1-19.h3\",\n \"graphviz-tcl-2.30.1-19.h3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"graphviz\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T06:30:30", "bulletinFamily": "scanner", "description": "According to the versions of the libpng packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Integer overflow in the png_set_unknown_chunks function\n in libpng/pngset.c in libpng before 1.5.14beta08 allows\n context-dependent attackers to cause a denial of\n service (segmentation fault and crash) via a crafted\n image, which triggers a heap-based buffer\n overflow.(CVE-2013-7353)\n\n - Multiple integer overflows in libpng before 1.5.14rc03\n allow remote attackers to cause a denial of service\n (crash) via a crafted image to the (1) png_set_sPLT or\n (2) png_set_text_2 function, which triggers a\n heap-based buffer overflow.(CVE-2013-7354)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "published": "2019-12-10T00:00:00", "id": "EULEROS_SA-2019-2383.NASL", "href": "https://www.tenable.com/plugins/nessus/131875", "title": "EulerOS 2.0 SP2 : libpng (EulerOS-SA-2019-2383)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131875);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/12/10\");\n\n script_cve_id(\n \"CVE-2013-7353\",\n \"CVE-2013-7354\"\n );\n script_bugtraq_id(\n 67344,\n 67345\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : libpng (EulerOS-SA-2019-2383)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libpng packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Integer overflow in the png_set_unknown_chunks function\n in libpng/pngset.c in libpng before 1.5.14beta08 allows\n context-dependent attackers to cause a denial of\n service (segmentation fault and crash) via a crafted\n image, which triggers a heap-based buffer\n overflow.(CVE-2013-7353)\n\n - Multiple integer overflows in libpng before 1.5.14rc03\n allow remote attackers to cause a denial of service\n (crash) via a crafted image to the (1) png_set_sPLT or\n (2) png_set_text_2 function, which triggers a\n heap-based buffer overflow.(CVE-2013-7354)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2383\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6c58d8aa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libpng packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"libpng-1.5.13-7.h7\",\n \"libpng-devel-1.5.13-7.h7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-13T06:30:29", "bulletinFamily": "scanner", "description": "According to the versions of the qt packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - QXmlSimpleReader in Qt before 5.2 allows\n context-dependent attackers to cause a denial of\n service (memory consumption) via an XML Entity\n Expansion (XEE) attack.(CVE-2013-4549)\n\n - An issue was discovered in Qt before 5.11.3. There is\n QTgaFile Uncontrolled Resource\n Consumption.(CVE-2018-19871)\n\n - QXmlStream in Qt 5.x before 5.11.3 has a double-free or\n corruption during parsing of a specially crafted\n illegal XML document.(CVE-2018-15518)\n\n - An issue was discovered in Qt 5.11. A malformed PPM\n image causes a division by zero and a crash in\n qppmhandler.cpp.(CVE-2018-19872)\n\n - Multiple buffer overflows in gui/image/qbmphandler.cpp\n in the QtBase module in Qt before 4.8.7 and 5.x before\n 5.4.2 allow remote attackers to cause a denial of\n service (segmentation fault and crash) and possibly\n execute arbitrary code via a crafted BMP\n image.(CVE-2015-1858)\n\n - Multiple buffer overflows in\n plugins/imageformats/ico/qicohandler.cpp in the QtBase\n module in Qt before 4.8.7 and 5.x before 5.4.2 allow\n remote attackers to cause a denial of service\n (segmentation fault and crash) and possibly execute\n arbitrary code via a crafted ICO image.(CVE-2015-1859)\n\n - Multiple buffer overflows in gui/image/qgifhandler.cpp\n in the QtBase module in Qt before 4.8.7 and 5.x before\n 5.4.2 allow remote attackers to cause a denial of\n service (segmentation fault) and possibly execute\n arbitrary code via a crafted GIF image.(CVE-2015-1860)\n\n - The BMP decoder in QtGui in QT before 5.5 does not\n properly calculate the masks used to extract the color\n components, which allows remote attackers to cause a\n denial of service (divide-by-zero and crash) via a\n crafted BMP file.(CVE-2015-0295)\n\n - The GIF decoder in QtGui in Qt before 5.3 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference) via invalid width and height values in a\n GIF image.(CVE-2014-0190)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "published": "2019-12-10T00:00:00", "id": "EULEROS_SA-2019-2381.NASL", "href": "https://www.tenable.com/plugins/nessus/131873", "title": "EulerOS 2.0 SP2 : qt (EulerOS-SA-2019-2381)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131873);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/12/10\");\n\n script_cve_id(\n \"CVE-2013-4549\",\n \"CVE-2014-0190\",\n \"CVE-2015-0295\",\n \"CVE-2015-1858\",\n \"CVE-2015-1859\",\n \"CVE-2015-1860\",\n \"CVE-2018-15518\",\n \"CVE-2018-19871\",\n \"CVE-2018-19872\"\n );\n script_bugtraq_id(\n 64418,\n 67087,\n 73029,\n 74302,\n 74307,\n 74309,\n 74310\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : qt (EulerOS-SA-2019-2381)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the qt packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - QXmlSimpleReader in Qt before 5.2 allows\n context-dependent attackers to cause a denial of\n service (memory consumption) via an XML Entity\n Expansion (XEE) attack.(CVE-2013-4549)\n\n - An issue was discovered in Qt before 5.11.3. There is\n QTgaFile Uncontrolled Resource\n Consumption.(CVE-2018-19871)\n\n - QXmlStream in Qt 5.x before 5.11.3 has a double-free or\n corruption during parsing of a specially crafted\n illegal XML document.(CVE-2018-15518)\n\n - An issue was discovered in Qt 5.11. A malformed PPM\n image causes a division by zero and a crash in\n qppmhandler.cpp.(CVE-2018-19872)\n\n - Multiple buffer overflows in gui/image/qbmphandler.cpp\n in the QtBase module in Qt before 4.8.7 and 5.x before\n 5.4.2 allow remote attackers to cause a denial of\n service (segmentation fault and crash) and possibly\n execute arbitrary code via a crafted BMP\n image.(CVE-2015-1858)\n\n - Multiple buffer overflows in\n plugins/imageformats/ico/qicohandler.cpp in the QtBase\n module in Qt before 4.8.7 and 5.x before 5.4.2 allow\n remote attackers to cause a denial of service\n (segmentation fault and crash) and possibly execute\n arbitrary code via a crafted ICO image.(CVE-2015-1859)\n\n - Multiple buffer overflows in gui/image/qgifhandler.cpp\n in the QtBase module in Qt before 4.8.7 and 5.x before\n 5.4.2 allow remote attackers to cause a denial of\n service (segmentation fault) and possibly execute\n arbitrary code via a crafted GIF image.(CVE-2015-1860)\n\n - The BMP decoder in QtGui in QT before 5.5 does not\n properly calculate the masks used to extract the color\n components, which allows remote attackers to cause a\n denial of service (divide-by-zero and crash) via a\n crafted BMP file.(CVE-2015-0295)\n\n - The GIF decoder in QtGui in Qt before 5.3 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference) via invalid width and height values in a\n GIF image.(CVE-2014-0190)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2381\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?951c4700\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected qt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"qt-4.8.5-12.h6\",\n \"qt-devel-4.8.5-12.h6\",\n \"qt-mysql-4.8.5-12.h6\",\n \"qt-odbc-4.8.5-12.h6\",\n \"qt-postgresql-4.8.5-12.h6\",\n \"qt-x11-4.8.5-12.h6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T06:30:32", "bulletinFamily": "scanner", "description": "According to the versions of the icu packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - Stack-based buffer overflow in the Locale class in\n common/locid.cpp in International Components for\n Unicode (ICU) through 57.1 for C/C++ allows remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a\n long locale string.(CVE-2016-7415)\n\n - Integer overflow in international date handling in\n International Components for Unicode (ICU) for C/C++\n before 60.1, as used in V8 in Google Chrome prior to\n 63.0.3239.84 and other products, allowed a remote\n attacker to perform an out of bounds memory read via a\n crafted HTML page.(CVE-2017-15422)\n\n - The Regular Expressions package in International\n Components for Unicode (ICU) 52 before SVN revision\n 292944, as used in Google Chrome before 40.0.2214.91,\n allows remote attackers to cause a denial of service\n (memory corruption) or possibly have unspecified other\n impact via vectors related to a look-behind\n expression.(CVE-2014-7923)\n\n - The Regular Expressions package in International\n Components for Unicode (ICU) 52 before SVN revision\n 292944, as used in Google Chrome before 40.0.2214.91,\n allows remote attackers to cause a denial of service\n (memory corruption) or possibly have unspecified other\n impact via vectors related to a zero-length\n quantifier.(CVE-2014-7926)\n\n - The collator implementation in i18n/ucol.cpp in\n International Components for Unicode (ICU) 52 through\n SVN revision 293126, as used in Google Chrome before\n 40.0.2214.91, does not initialize memory for a data\n structure, which allows remote attackers to cause a\n denial of service or possibly have unspecified other\n impact via a crafted character sequence.(CVE-2014-7940)\n\n - The Regular Expressions package in International\n Components for Unicode (ICU) for C/C++ before\n 2014-12-03, as used in Google Chrome before\n 40.0.2214.91, calculates certain values without\n ensuring that they can be represented in a 24-bit\n field, which allows remote attackers to cause a denial\n of service (memory corruption) or possibly have\n unspecified other impact via a crafted string, a\n related issue to CVE-2014-7923.(CVE-2014-9654)\n\n - Unspecified vulnerability in Oracle Java SE 6u101,\n 7u85, and 8u60, and Java SE Embedded 8u51, allows\n remote attackers to affect confidentiality, integrity,\n and availability via unknown vectors related to\n 2D.(CVE-2015-4844)\n\n - The uloc_acceptLanguageFromHTTP function in\n common/uloc.cpp in International Components for Unicode\n (ICU) through 57.1 for C/C++ does not ensure that there\n is a ", "modified": "2019-12-02T00:00:00", "published": "2019-12-10T00:00:00", "id": "EULEROS_SA-2019-2390.NASL", "href": "https://www.tenable.com/plugins/nessus/131882", "title": "EulerOS 2.0 SP2 : icu (EulerOS-SA-2019-2390)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131882);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/12/10\");\n\n script_cve_id(\n \"CVE-2014-7923\",\n \"CVE-2014-7926\",\n \"CVE-2014-7940\",\n \"CVE-2014-9654\",\n \"CVE-2015-4844\",\n \"CVE-2016-6293\",\n \"CVE-2016-7415\",\n \"CVE-2017-15422\",\n \"CVE-2017-7867\",\n \"CVE-2017-7868\"\n );\n script_bugtraq_id(\n 72288,\n 72980\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : icu (EulerOS-SA-2019-2390)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the icu packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - Stack-based buffer overflow in the Locale class in\n common/locid.cpp in International Components for\n Unicode (ICU) through 57.1 for C/C++ allows remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a\n long locale string.(CVE-2016-7415)\n\n - Integer overflow in international date handling in\n International Components for Unicode (ICU) for C/C++\n before 60.1, as used in V8 in Google Chrome prior to\n 63.0.3239.84 and other products, allowed a remote\n attacker to perform an out of bounds memory read via a\n crafted HTML page.(CVE-2017-15422)\n\n - The Regular Expressions package in International\n Components for Unicode (ICU) 52 before SVN revision\n 292944, as used in Google Chrome before 40.0.2214.91,\n allows remote attackers to cause a denial of service\n (memory corruption) or possibly have unspecified other\n impact via vectors related to a look-behind\n expression.(CVE-2014-7923)\n\n - The Regular Expressions package in International\n Components for Unicode (ICU) 52 before SVN revision\n 292944, as used in Google Chrome before 40.0.2214.91,\n allows remote attackers to cause a denial of service\n (memory corruption) or possibly have unspecified other\n impact via vectors related to a zero-length\n quantifier.(CVE-2014-7926)\n\n - The collator implementation in i18n/ucol.cpp in\n International Components for Unicode (ICU) 52 through\n SVN revision 293126, as used in Google Chrome before\n 40.0.2214.91, does not initialize memory for a data\n structure, which allows remote attackers to cause a\n denial of service or possibly have unspecified other\n impact via a crafted character sequence.(CVE-2014-7940)\n\n - The Regular Expressions package in International\n Components for Unicode (ICU) for C/C++ before\n 2014-12-03, as used in Google Chrome before\n 40.0.2214.91, calculates certain values without\n ensuring that they can be represented in a 24-bit\n field, which allows remote attackers to cause a denial\n of service (memory corruption) or possibly have\n unspecified other impact via a crafted string, a\n related issue to CVE-2014-7923.(CVE-2014-9654)\n\n - Unspecified vulnerability in Oracle Java SE 6u101,\n 7u85, and 8u60, and Java SE Embedded 8u51, allows\n remote attackers to affect confidentiality, integrity,\n and availability via unknown vectors related to\n 2D.(CVE-2015-4844)\n\n - The uloc_acceptLanguageFromHTTP function in\n common/uloc.cpp in International Components for Unicode\n (ICU) through 57.1 for C/C++ does not ensure that there\n is a '\\0' character at the end of a certain temporary\n array, which allows remote attackers to cause a denial\n of service (out-of-bounds read) or possibly have\n unspecified other impact via a call with a long\n httpAcceptLanguage argument.(CVE-2016-6293)\n\n - International Components for Unicode (ICU) for C/C++\n before 2017-02-13 has an out-of-bounds write caused by\n a heap-based buffer overflow related to the\n utf8TextAccess function in common/utext.cpp and the\n utext_setNativeIndex* function.(CVE-2017-7867)\n\n - International Components for Unicode (ICU) for C/C++\n before 2017-02-13 has an out-of-bounds write caused by\n a heap-based buffer overflow related to the\n utf8TextAccess function in common/utext.cpp and the\n utext_moveIndex32* function.(CVE-2017-7868)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2390\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76e7c95c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected icu packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libicu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libicu-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"libicu-50.1.2-15.h4\",\n \"libicu-devel-50.1.2-15.h4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icu\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T06:30:39", "bulletinFamily": "scanner", "description": "According to the versions of the perl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - The Dumper method in Data::Dumper before 2.154, as used\n in Perl 5.20.1 and earlier, allows context-dependent\n attackers to cause a denial of service (stack\n consumption and crash) via an Array-Reference with many\n nested Array-References, which triggers a large number\n of recursive calls to the DD_dump\n function.(CVE-2014-4330)\n\n - Integer underflow in regcomp.c in Perl before 5.20, as\n used in Apple OS X before 10.10.5 and other products,\n allows context-dependent attackers to execute arbitrary\n code or cause a denial of service (application crash)\n via a long digit string associated with an invalid\n backreference within a regular\n expression.(CVE-2013-7422)\n\n - (1) cpan/Archive-Tar/bin/ptar, (2)\n cpan/Archive-Tar/bin/ptardiff, (3)\n cpan/Archive-Tar/bin/ptargrep, (4)\n cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6)\n cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess,\n (8) cpan/Encode/bin/piconv, (9)\n cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump,\n (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12)\n cpan/IO-Compress/bin/zipdetails, (13)\n cpan/JSON-PP/bin/json_pp, (14)\n cpan/Test-Harness/bin/prove, (15)\n dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16)\n dist/Module-CoreList/corelist, (17)\n ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19)\n utils/h2ph.PL, (20) utils/h2xs.PL, (21)\n utils/libnetcfg.PL, (22) utils/perlbug.PL, (23)\n utils/perldoc.PL, (24) utils/perlivp.PL, and (25)\n utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24\n before 5.24.1-RC2 do not properly remove . (period)\n characters from the end of the includes directory\n array, which might allow local users to gain privileges\n via a Trojan horse module under the current working\n directory.(CVE-2016-1238)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "published": "2019-12-10T00:00:00", "id": "EULEROS_SA-2019-2419.NASL", "href": "https://www.tenable.com/plugins/nessus/131911", "title": "EulerOS 2.0 SP2 : perl (EulerOS-SA-2019-2419)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131911);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/12/10\");\n\n script_cve_id(\n \"CVE-2013-7422\",\n \"CVE-2014-4330\",\n \"CVE-2016-1238\"\n );\n script_bugtraq_id(\n 70142,\n 75704\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : perl (EulerOS-SA-2019-2419)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the perl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - The Dumper method in Data::Dumper before 2.154, as used\n in Perl 5.20.1 and earlier, allows context-dependent\n attackers to cause a denial of service (stack\n consumption and crash) via an Array-Reference with many\n nested Array-References, which triggers a large number\n of recursive calls to the DD_dump\n function.(CVE-2014-4330)\n\n - Integer underflow in regcomp.c in Perl before 5.20, as\n used in Apple OS X before 10.10.5 and other products,\n allows context-dependent attackers to execute arbitrary\n code or cause a denial of service (application crash)\n via a long digit string associated with an invalid\n backreference within a regular\n expression.(CVE-2013-7422)\n\n - (1) cpan/Archive-Tar/bin/ptar, (2)\n cpan/Archive-Tar/bin/ptardiff, (3)\n cpan/Archive-Tar/bin/ptargrep, (4)\n cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6)\n cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess,\n (8) cpan/Encode/bin/piconv, (9)\n cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump,\n (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12)\n cpan/IO-Compress/bin/zipdetails, (13)\n cpan/JSON-PP/bin/json_pp, (14)\n cpan/Test-Harness/bin/prove, (15)\n dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16)\n dist/Module-CoreList/corelist, (17)\n ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19)\n utils/h2ph.PL, (20) utils/h2xs.PL, (21)\n utils/libnetcfg.PL, (22) utils/perlbug.PL, (23)\n utils/perldoc.PL, (24) utils/perlivp.PL, and (25)\n utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24\n before 5.24.1-RC2 do not properly remove . (period)\n characters from the end of the includes directory\n array, which might allow local users to gain privileges\n via a Trojan horse module under the current working\n directory.(CVE-2016-1238)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2419\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?49511b71\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected perl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"perl-5.16.3-285.h7\",\n \"perl-core-5.16.3-285.h7\",\n \"perl-devel-5.16.3-285.h7\",\n \"perl-libs-5.16.3-285.h7\",\n \"perl-macros-5.16.3-285.h7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T06:30:38", "bulletinFamily": "scanner", "description": "According to the versions of the gpgme package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - GnuPG Made Easy (GPGME) is a library designed to make\n access to GnuPG easier for applications. It provides a\n high-level crypto API for encryption, decryption,\n signing, signature verification and key management.\n\n - Security fix(es):\n\n - Multiple heap-based buffer overflows in the\n status_handler function in (1) engine-gpgsm.c and (2)\n engine-uiserver.c in GPGME before 1.5.1 allow remote\n attackers to cause a denial of service (crash) and\n possibly execute arbitrary code via vectors related to\n ", "modified": "2019-12-02T00:00:00", "published": "2019-12-10T00:00:00", "id": "EULEROS_SA-2019-2406.NASL", "href": "https://www.tenable.com/plugins/nessus/131898", "title": "EulerOS 2.0 SP2 : gpgme (EulerOS-SA-2019-2406)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131898);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/12/10\");\n\n script_cve_id(\n \"CVE-2014-3564\"\n );\n script_bugtraq_id(\n 68990\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : gpgme (EulerOS-SA-2019-2406)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the gpgme package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - GnuPG Made Easy (GPGME) is a library designed to make\n access to GnuPG easier for applications. It provides a\n high-level crypto API for encryption, decryption,\n signing, signature verification and key management.\n\n - Security fix(es):\n\n - Multiple heap-based buffer overflows in the\n status_handler function in (1) engine-gpgsm.c and (2)\n engine-uiserver.c in GPGME before 1.5.1 allow remote\n attackers to cause a denial of service (crash) and\n possibly execute arbitrary code via vectors related to\n 'different line lengths in a specific\n order.'(CVE-2014-3564)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2406\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b11f06b5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected gpgme packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:gpgme\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"gpgme-1.3.2-5.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gpgme\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T06:30:38", "bulletinFamily": "scanner", "description": "According to the versions of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - The default configuration for cURL and libcurl before\n 7.42.1 sends custom HTTP headers to both the proxy and\n destination server, which might allow remote proxy\n servers to obtain sensitive information by reading the\n header contents.(CVE-2015-3153)\n\n - curl before version 7.51.0 uses outdated IDNA 2003\n standard to handle International Domain Names and this\n may lead users to potentially and unknowingly issue\n network transfer requests to the wrong\n host.(CVE-2016-8625)\n\n - Heap buffer overflow in the TFTP protocol handler in\n cURL 7.19.4 to 7.65.3.(CVE-2019-5482)\n\n - Curl versions 7.14.1 through 7.61.1 are vulnerable to a\n heap-based buffer over-read in the tool_msgs.c:voutf()\n function that may result in information exposure and\n denial of service.(CVE-2018-16842)\n\n - The ConnectionExists function in lib/url.c in libcurl\n before 7.47.0 does not properly re-use\n NTLM-authenticated proxy connections, which might allow\n remote attackers to authenticate as other users via a\n request, a similar issue to\n CVE-2014-0015.(CVE-2016-0755)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "published": "2019-12-10T00:00:00", "id": "EULEROS_SA-2019-2410.NASL", "href": "https://www.tenable.com/plugins/nessus/131902", "title": "EulerOS 2.0 SP2 : curl (EulerOS-SA-2019-2410)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131902);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/12/10\");\n\n script_cve_id(\n \"CVE-2015-3153\",\n \"CVE-2016-0755\",\n \"CVE-2016-8625\",\n \"CVE-2018-16842\",\n \"CVE-2019-5482\"\n );\n script_bugtraq_id(\n 74408\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : curl (EulerOS-SA-2019-2410)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - The default configuration for cURL and libcurl before\n 7.42.1 sends custom HTTP headers to both the proxy and\n destination server, which might allow remote proxy\n servers to obtain sensitive information by reading the\n header contents.(CVE-2015-3153)\n\n - curl before version 7.51.0 uses outdated IDNA 2003\n standard to handle International Domain Names and this\n may lead users to potentially and unknowingly issue\n network transfer requests to the wrong\n host.(CVE-2016-8625)\n\n - Heap buffer overflow in the TFTP protocol handler in\n cURL 7.19.4 to 7.65.3.(CVE-2019-5482)\n\n - Curl versions 7.14.1 through 7.61.1 are vulnerable to a\n heap-based buffer over-read in the tool_msgs.c:voutf()\n function that may result in information exposure and\n denial of service.(CVE-2018-16842)\n\n - The ConnectionExists function in lib/url.c in libcurl\n before 7.47.0 does not properly re-use\n NTLM-authenticated proxy connections, which might allow\n remote attackers to authenticate as other users via a\n request, a similar issue to\n CVE-2014-0015.(CVE-2016-0755)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2410\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6c4001b3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-35.h30\",\n \"libcurl-7.29.0-35.h30\",\n \"libcurl-devel-7.29.0-35.h30\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T06:30:37", "bulletinFamily": "scanner", "description": "According to the versions of the ppp package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - Buffer overflow in the rc_mksid function in\n plugins/radius/util.c in Paul", "modified": "2019-12-02T00:00:00", "published": "2019-12-10T00:00:00", "id": "EULEROS_SA-2019-2399.NASL", "href": "https://www.tenable.com/plugins/nessus/131891", "title": "EulerOS 2.0 SP2 : ppp (EulerOS-SA-2019-2399)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131891);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/12/10\");\n\n script_cve_id(\n \"CVE-2014-3158\",\n \"CVE-2015-3310\"\n );\n script_bugtraq_id(\n 69399,\n 74163\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : ppp (EulerOS-SA-2019-2399)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ppp package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - Buffer overflow in the rc_mksid function in\n plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6\n and earlier, when the PID for pppd is greater than\n 65535, allows remote attackers to cause a denial of\n service (crash) via a start accounting message to the\n RADIUS server.(CVE-2015-3310)\n\n - Integer overflow in the getword function in options.c\n in pppd in Paul's PPP Package (ppp) before 2.4.7 allows\n attackers to 'access privileged options' via a long\n word in an options file, which triggers a heap-based\n buffer overflow that '[corrupts] security-relevant\n variables.'(CVE-2014-3158)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2399\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?74551c9a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ppp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ppp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"ppp-2.4.5-33.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ppp\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T06:30:35", "bulletinFamily": "scanner", "description": "According to the versions of the gnupg2 package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - GnuPG 2.2.4 and 2.2.5 does not enforce a configuration\n in which key certification requires an offline master\n Certify key, which results in apparently valid\n certifications that occurred only with access to a\n signing subkey.(CVE-2018-9234)\n\n - The do_uncompress function in g10/compress.c in GnuPG\n 1.x before 1.4.17 and 2.x before 2.0.24 allows\n context-dependent attackers to cause a denial of\n service (infinite loop) via malformed compressed\n packets, as demonstrated by an a3 01 5b ff byte\n sequence.(CVE-2014-4617)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "published": "2019-12-10T00:00:00", "id": "EULEROS_SA-2019-2393.NASL", "href": "https://www.tenable.com/plugins/nessus/131885", "title": "EulerOS 2.0 SP2 : gnupg2 (EulerOS-SA-2019-2393)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131885);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/12/10\");\n\n script_cve_id(\n \"CVE-2014-4617\",\n \"CVE-2018-9234\"\n );\n script_bugtraq_id(\n 68156\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : gnupg2 (EulerOS-SA-2019-2393)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the gnupg2 package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - GnuPG 2.2.4 and 2.2.5 does not enforce a configuration\n in which key certification requires an offline master\n Certify key, which results in apparently valid\n certifications that occurred only with access to a\n signing subkey.(CVE-2018-9234)\n\n - The do_uncompress function in g10/compress.c in GnuPG\n 1.x before 1.4.17 and 2.x before 2.0.24 allows\n context-dependent attackers to cause a denial of\n service (infinite loop) via malformed compressed\n packets, as demonstrated by an a3 01 5b ff byte\n sequence.(CVE-2014-4617)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2393\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?57eeb87f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected gnupg2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:ND/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:gnupg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"gnupg2-2.0.22-5.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-13T06:30:36", "bulletinFamily": "scanner", "description": "According to the version of the jakarta-commons-httpclient package\ninstalled, the EulerOS installation on the remote host is affected by\nthe following vulnerability :\n\n - http/conn/ssl/SSLConnectionSocketFactory.java in Apache\n HttpComponents HttpClient before 4.3.6 ignores the\n http.socket.timeout configuration setting during an SSL\n handshake, which allows remote attackers to cause a\n denial of service (HTTPS call hang) via unspecified\n vectors.(CVE-2015-5262)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "published": "2019-12-10T00:00:00", "id": "EULEROS_SA-2019-2397.NASL", "href": "https://www.tenable.com/plugins/nessus/131889", "title": "EulerOS 2.0 SP2 : jakarta-commons-httpclient (EulerOS-SA-2019-2397)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131889);\n script_version(\"1.1\");\n script_cvs_date(\"Date: 2019/12/10\");\n\n script_cve_id(\n \"CVE-2015-5262\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : jakarta-commons-httpclient (EulerOS-SA-2019-2397)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the jakarta-commons-httpclient package\ninstalled, the EulerOS installation on the remote host is affected by\nthe following vulnerability :\n\n - http/conn/ssl/SSLConnectionSocketFactory.java in Apache\n HttpComponents HttpClient before 4.3.6 ignores the\n http.socket.timeout configuration setting during an SSL\n handshake, which allows remote attackers to cause a\n denial of service (HTTPS call hang) via unspecified\n vectors.(CVE-2015-5262)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2397\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?424ab293\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jakarta-commons-httpclient package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:jakarta-commons-httpclient\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"jakarta-commons-httpclient-3.1-16.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jakarta-commons-httpclient\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}]}