{"id": "SECURITYVULNS:DOC:5858", "bulletinFamily": "software", "title": "SonicWall VPN/Firewall Appliance - DoS, ARP Flood, Network mapping vulnerability", "description": "-----BEGIN PGP SIGNED MESSAGE-----\r\nHash: SHA1\r\n\r\nSonicWall Firewall/VPN Appliance\r\n\r\nwww.sonicwall.com\r\n\r\nProduct History:\r\n\r\nSonicWALL's family of Internet security appliances provide the first\r\nline of defense against Internet security threats. They include an ICSA-\r\ncertified, stateful packet inspection firewall, IPSec VPN for remote\r\naccess, IP address management features, and support for SonicWALL value-\r\nadded security services.\r\n\r\n\r\nVulnerability: DoS, ARP Flood, Network mapping\r\n\r\nDate of discovery: January 26th, 2004\r\n\r\nReported to SonicWall: January 27th, 2004\r\n\r\nConfirmed by SonicWall: February 16th, 2004\r\n\r\nRelease date: March 1st, 2004\r\n\r\nProduct: SonicWall Firewall/VPN Appliance\r\n\r\nTested vulnerable Firmware Revisions:\r\n\r\n6.5.0.4\r\n6.5.0.3\r\n6.4.0.2\r\n6.4.0.1\r\n6.3.1.4\r\n6.3.1.0\r\n6.2.0.0\r\n\r\nTested but Not vulnerable:\r\n\r\nSonic OS 2.0 and above\r\n\r\nFirmware patch: Available. Customers must call SonicWall tech support\r\nfor more details\r\n\r\nTechnical details:\r\n\r\nProblem #1:\r\nWhen the device encounters an ARP request on its External (WAN) interface\r\nthe SonicWall will check its Internal interface (LAN) ARP Cache to see\r\nif knows about the requested IP. Upon finding the requested IP in its\r\nARP Cache the Sonic Wall will respond with an ARP reply on behalf of\r\nthe IP being ARPed.\r\n\r\nProblem #2\r\nIf the Sonic Wall does not find the IP in its ARP Cache\r\nand the IP being ARPed is part of a network that is attached to the LAN\r\ninterface of the Sonic Wall, it will proxy the ARP request from the WAN\r\ninterface through to the LAN interface.\r\n\r\nProblem #3\r\nFor each single ARP request that the Sonic Wall proxies from the WAN\r\ninterface it will make 3 ARP broadcast requests on the LAN side, effectively\r\namplifying each WAN received request at a 3:1 ratio.\r\n\r\nMisc information:\r\n\r\nThe ARP cache of a Sonic Wall running one of the above firmwares has\r\na 20 minute life time.\r\nThis bypasses all rule sets on the firewall.\r\nThere is no logging of Successful ARP requests or replies, so this type\r\nof IP enumeration can go unnoticed.\r\nIf the SonicWall does not have the requested IP in its ARP cache and\r\nthe IP is not alive on the LAN side of the firewall there will be an\r\nentry in the LOG stating that there was an ARP timeout with a source\r\nIP of 0.0.0.0 and a destination IP of the IP requested.\r\n\r\n-----BEGIN PGP SIGNATURE-----\r\nNote: This signature can be verified at https://www.hushtools.com/verify\r\nVersion: Hush 2.3\r\n\r\nwkYEARECAAYFAkBEMtIACgkQsJZ5tw66F035IgCcDOMvtzxvzLxVR0vs0b7Cw5g/2EgA\r\nn3GcT46eVdyhpMgjHwSvpmtlUijp\r\n=1RFE\r\n-----END PGP SIGNATURE-----\r\n\r\n\r\n\r\n\r\nConcerned about your privacy? Follow this link to get\r\nFREE encrypted email: https://www.hushmail.com/?l=2\r\n\r\nFree, ultra-private instant messaging with Hush Messenger\r\nhttps://www.hushmail.com/services.php?subloc=messenger&l=434\r\n\r\nPromote security and make money with the Hushmail Affiliate Program: \r\nhttps://www.hushmail.com/about.php?subloc=affiliate&l=427", "published": "2004-03-04T00:00:00", "modified": "2004-03-04T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:5858", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:09", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "f9fa10ba956cacf91d7878861139efb9"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "3684d11d208c042a7f1e3ef30b11fba5"}, {"key": "href", "hash": "21ccf91e7ee3ce2d6925e40f8787261f"}, {"key": "modified", "hash": "c6c75608cd9ca14efa78e785ca196248"}, {"key": "published", "hash": "c6c75608cd9ca14efa78e785ca196248"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "a49ebb2e1a771348dfa0039e0d589df6"}, {"key": "title", "hash": "420a0683801e854a3e39b0cb8187383f"}, {"key": "type", "hash": "d54751dd75af2ea0147b462b3e001cd0"}], "hash": "f89732acd1bf9bbb1460e6f1b5e75eae7f44d1d66a72620df216894ac0322ce7", "viewCount": 8, "enchantments": {"score": {"value": 3.3, "vector": "NONE", "modified": "2018-08-31T11:10:09"}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310852529", "OPENVAS:1361412562310852527"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2019:1485-1", "OPENSUSE-SU-2019:1481-1", "OPENSUSE-SU-2019:1479-1"]}, {"type": "ubuntu", "idList": ["USN-3996-1"]}, {"type": "myhack58", "idList": ["MYHACK58:62201994293"]}, {"type": "zdt", "idList": ["1337DAY-ID-32799", "1337DAY-ID-32772", "1337DAY-ID-32775", "1337DAY-ID-32771", "1337DAY-ID-32767", "1337DAY-ID-32754", "1337DAY-ID-32753", "1337DAY-ID-32757", "1337DAY-ID-32725", "1337DAY-ID-32724"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:152997"]}, {"type": "kitploit", "idList": ["KITPLOIT:3928947731225997712"]}], "modified": "2018-08-31T11:10:09"}, "vulnersScore": 3.3}, "objectVersion": "1.3", "affectedSoftware": []}

{"cve": [{"lastseen": "2019-12-12T12:58:17", "bulletinFamily": "NVD", "description": "Multiple SQL injection vulnerabilities in Zabbix 1.8.x before 1.8.18rc1, 2.0.x before 2.0.9rc1, and 2.1.x before 2.1.7.", "modified": "2019-12-11T21:14:00", "id": "CVE-2013-5743", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5743", "published": "2019-12-11T19:15:00", "title": "CVE-2013-5743", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-12-12T12:58:15", "bulletinFamily": "NVD", "description": "includes/libs/IEUrlExtension.php in the MediaWiki API in MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 does not properly detect extensions when there are an even number of \".\" (period) characters in a string, which allows remote attackers to conduct cross-site scripting (XSS) attacks via the siprop parameter in a query action to wiki/api.php.", "modified": "2019-12-11T21:14:00", "id": "CVE-2013-4303", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-4303", "published": "2019-12-11T19:15:00", "title": "CVE-2013-4303", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-12-12T12:58:17", "bulletinFamily": "NVD", "description": "Multiple cross-site scripting (XSS) vulnerabilities in products.php in the Cart66 Lite plugin before 1.5.1.15 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) Product name or (2) Price description fields via a request to wp-admin/admin.php. NOTE: This issue may only cross privilege boundaries if used in combination with CVE-2013-5977.", "modified": "2019-12-11T21:14:00", "id": "CVE-2013-5978", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-5978", "published": "2019-12-11T19:15:00", "title": "CVE-2013-5978", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-12-12T12:58:19", "bulletinFamily": "NVD", "description": "node-connects before 2.8.2 has cross site scripting in Sencha Labs Connect middleware (vulnerability due to incomplete fix for CVE-2013-7370)", "modified": "2019-12-11T16:05:00", "id": "CVE-2013-7371", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7371", "published": "2019-12-11T15:15:00", "title": "CVE-2013-7371", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-12-12T12:58:19", "bulletinFamily": "NVD", "description": "node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware", "modified": "2019-12-11T15:15:00", "id": "CVE-2013-7370", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7370", "published": "2019-12-11T14:15:00", "title": "CVE-2013-7370", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2019-12-11T14:57:12", "bulletinFamily": "NVD", "description": "mod_wsgi module before 3.4 for Apache, when used in embedded mode, might allow remote attackers to obtain sensitive information via the Content-Type header which is generated from memory that may have been freed and then overwritten by a separate thread.", "modified": "2019-12-10T02:13:00", "id": "CVE-2014-0242", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-0242", "published": "2019-12-09T20:15:00", "title": "CVE-2014-0242", "type": "cve", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2019-12-13T22:29:50", "bulletinFamily": "scanner", "description": "According to the versions of the qt packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - QXmlSimpleReader in Qt before 5.2 allows\n context-dependent attackers to cause a denial of\n service (memory consumption) via an XML Entity\n Expansion (XEE) attack.(CVE-2013-4549)\n\n - An issue was discovered in Qt before 5.11.3. There is\n QTgaFile Uncontrolled Resource\n Consumption.(CVE-2018-19871)\n\n - QXmlStream in Qt 5.x before 5.11.3 has a double-free or\n corruption during parsing of a specially crafted\n illegal XML document.(CVE-2018-15518)\n\n - An issue was discovered in Qt 5.11. A malformed PPM\n image causes a division by zero and a crash in\n qppmhandler.cpp.(CVE-2018-19872)\n\n - Multiple buffer overflows in gui/image/qbmphandler.cpp\n in the QtBase module in Qt before 4.8.7 and 5.x before\n 5.4.2 allow remote attackers to cause a denial of\n service (segmentation fault and crash) and possibly\n execute arbitrary code via a crafted BMP\n image.(CVE-2015-1858)\n\n - Multiple buffer overflows in\n plugins/imageformats/ico/qicohandler.cpp in the QtBase\n module in Qt before 4.8.7 and 5.x before 5.4.2 allow\n remote attackers to cause a denial of service\n (segmentation fault and crash) and possibly execute\n arbitrary code via a crafted ICO image.(CVE-2015-1859)\n\n - Multiple buffer overflows in gui/image/qgifhandler.cpp\n in the QtBase module in Qt before 4.8.7 and 5.x before\n 5.4.2 allow remote attackers to cause a denial of\n service (segmentation fault) and possibly execute\n arbitrary code via a crafted GIF image.(CVE-2015-1860)\n\n - The BMP decoder in QtGui in QT before 5.5 does not\n properly calculate the masks used to extract the color\n components, which allows remote attackers to cause a\n denial of service (divide-by-zero and crash) via a\n crafted BMP file.(CVE-2015-0295)\n\n - The GIF decoder in QtGui in Qt before 5.3 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference) via invalid width and height values in a\n GIF image.(CVE-2014-0190)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "EULEROS_SA-2019-2381.NASL", "href": "https://www.tenable.com/plugins/nessus/131873", "published": "2019-12-10T00:00:00", "title": "EulerOS 2.0 SP2 : qt (EulerOS-SA-2019-2381)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131873);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\n \"CVE-2013-4549\",\n \"CVE-2014-0190\",\n \"CVE-2015-0295\",\n \"CVE-2015-1858\",\n \"CVE-2015-1859\",\n \"CVE-2015-1860\",\n \"CVE-2018-15518\",\n \"CVE-2018-19871\",\n \"CVE-2018-19872\"\n );\n script_bugtraq_id(\n 64418,\n 67087,\n 73029,\n 74302,\n 74307,\n 74309,\n 74310\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : qt (EulerOS-SA-2019-2381)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the qt packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - QXmlSimpleReader in Qt before 5.2 allows\n context-dependent attackers to cause a denial of\n service (memory consumption) via an XML Entity\n Expansion (XEE) attack.(CVE-2013-4549)\n\n - An issue was discovered in Qt before 5.11.3. There is\n QTgaFile Uncontrolled Resource\n Consumption.(CVE-2018-19871)\n\n - QXmlStream in Qt 5.x before 5.11.3 has a double-free or\n corruption during parsing of a specially crafted\n illegal XML document.(CVE-2018-15518)\n\n - An issue was discovered in Qt 5.11. A malformed PPM\n image causes a division by zero and a crash in\n qppmhandler.cpp.(CVE-2018-19872)\n\n - Multiple buffer overflows in gui/image/qbmphandler.cpp\n in the QtBase module in Qt before 4.8.7 and 5.x before\n 5.4.2 allow remote attackers to cause a denial of\n service (segmentation fault and crash) and possibly\n execute arbitrary code via a crafted BMP\n image.(CVE-2015-1858)\n\n - Multiple buffer overflows in\n plugins/imageformats/ico/qicohandler.cpp in the QtBase\n module in Qt before 4.8.7 and 5.x before 5.4.2 allow\n remote attackers to cause a denial of service\n (segmentation fault and crash) and possibly execute\n arbitrary code via a crafted ICO image.(CVE-2015-1859)\n\n - Multiple buffer overflows in gui/image/qgifhandler.cpp\n in the QtBase module in Qt before 4.8.7 and 5.x before\n 5.4.2 allow remote attackers to cause a denial of\n service (segmentation fault) and possibly execute\n arbitrary code via a crafted GIF image.(CVE-2015-1860)\n\n - The BMP decoder in QtGui in QT before 5.5 does not\n properly calculate the masks used to extract the color\n components, which allows remote attackers to cause a\n denial of service (divide-by-zero and crash) via a\n crafted BMP file.(CVE-2015-0295)\n\n - The GIF decoder in QtGui in Qt before 5.3 allows remote\n attackers to cause a denial of service (NULL pointer\n dereference) via invalid width and height values in a\n GIF image.(CVE-2014-0190)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2381\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?951c4700\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected qt packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-15518\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-mysql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-odbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-postgresql\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:qt-x11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"qt-4.8.5-12.h6\",\n \"qt-devel-4.8.5-12.h6\",\n \"qt-mysql-4.8.5-12.h6\",\n \"qt-odbc-4.8.5-12.h6\",\n \"qt-postgresql-4.8.5-12.h6\",\n \"qt-x11-4.8.5-12.h6\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"qt\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T22:29:53", "bulletinFamily": "scanner", "description": "According to the versions of the icu packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - Stack-based buffer overflow in the Locale class in\n common/locid.cpp in International Components for\n Unicode (ICU) through 57.1 for C/C++ allows remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a\n long locale string.(CVE-2016-7415)\n\n - Integer overflow in international date handling in\n International Components for Unicode (ICU) for C/C++\n before 60.1, as used in V8 in Google Chrome prior to\n 63.0.3239.84 and other products, allowed a remote\n attacker to perform an out of bounds memory read via a\n crafted HTML page.(CVE-2017-15422)\n\n - The Regular Expressions package in International\n Components for Unicode (ICU) 52 before SVN revision\n 292944, as used in Google Chrome before 40.0.2214.91,\n allows remote attackers to cause a denial of service\n (memory corruption) or possibly have unspecified other\n impact via vectors related to a look-behind\n expression.(CVE-2014-7923)\n\n - The Regular Expressions package in International\n Components for Unicode (ICU) 52 before SVN revision\n 292944, as used in Google Chrome before 40.0.2214.91,\n allows remote attackers to cause a denial of service\n (memory corruption) or possibly have unspecified other\n impact via vectors related to a zero-length\n quantifier.(CVE-2014-7926)\n\n - The collator implementation in i18n/ucol.cpp in\n International Components for Unicode (ICU) 52 through\n SVN revision 293126, as used in Google Chrome before\n 40.0.2214.91, does not initialize memory for a data\n structure, which allows remote attackers to cause a\n denial of service or possibly have unspecified other\n impact via a crafted character sequence.(CVE-2014-7940)\n\n - The Regular Expressions package in International\n Components for Unicode (ICU) for C/C++ before\n 2014-12-03, as used in Google Chrome before\n 40.0.2214.91, calculates certain values without\n ensuring that they can be represented in a 24-bit\n field, which allows remote attackers to cause a denial\n of service (memory corruption) or possibly have\n unspecified other impact via a crafted string, a\n related issue to CVE-2014-7923.(CVE-2014-9654)\n\n - Unspecified vulnerability in Oracle Java SE 6u101,\n 7u85, and 8u60, and Java SE Embedded 8u51, allows\n remote attackers to affect confidentiality, integrity,\n and availability via unknown vectors related to\n 2D.(CVE-2015-4844)\n\n - The uloc_acceptLanguageFromHTTP function in\n common/uloc.cpp in International Components for Unicode\n (ICU) through 57.1 for C/C++ does not ensure that there\n is a ", "modified": "2019-12-02T00:00:00", "id": "EULEROS_SA-2019-2390.NASL", "href": "https://www.tenable.com/plugins/nessus/131882", "published": "2019-12-10T00:00:00", "title": "EulerOS 2.0 SP2 : icu (EulerOS-SA-2019-2390)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131882);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\n \"CVE-2014-7923\",\n \"CVE-2014-7926\",\n \"CVE-2014-7940\",\n \"CVE-2014-9654\",\n \"CVE-2015-4844\",\n \"CVE-2016-6293\",\n \"CVE-2016-7415\",\n \"CVE-2017-15422\",\n \"CVE-2017-7867\",\n \"CVE-2017-7868\"\n );\n script_bugtraq_id(\n 72288,\n 72980\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : icu (EulerOS-SA-2019-2390)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the icu packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - Stack-based buffer overflow in the Locale class in\n common/locid.cpp in International Components for\n Unicode (ICU) through 57.1 for C/C++ allows remote\n attackers to cause a denial of service (application\n crash) or possibly have unspecified other impact via a\n long locale string.(CVE-2016-7415)\n\n - Integer overflow in international date handling in\n International Components for Unicode (ICU) for C/C++\n before 60.1, as used in V8 in Google Chrome prior to\n 63.0.3239.84 and other products, allowed a remote\n attacker to perform an out of bounds memory read via a\n crafted HTML page.(CVE-2017-15422)\n\n - The Regular Expressions package in International\n Components for Unicode (ICU) 52 before SVN revision\n 292944, as used in Google Chrome before 40.0.2214.91,\n allows remote attackers to cause a denial of service\n (memory corruption) or possibly have unspecified other\n impact via vectors related to a look-behind\n expression.(CVE-2014-7923)\n\n - The Regular Expressions package in International\n Components for Unicode (ICU) 52 before SVN revision\n 292944, as used in Google Chrome before 40.0.2214.91,\n allows remote attackers to cause a denial of service\n (memory corruption) or possibly have unspecified other\n impact via vectors related to a zero-length\n quantifier.(CVE-2014-7926)\n\n - The collator implementation in i18n/ucol.cpp in\n International Components for Unicode (ICU) 52 through\n SVN revision 293126, as used in Google Chrome before\n 40.0.2214.91, does not initialize memory for a data\n structure, which allows remote attackers to cause a\n denial of service or possibly have unspecified other\n impact via a crafted character sequence.(CVE-2014-7940)\n\n - The Regular Expressions package in International\n Components for Unicode (ICU) for C/C++ before\n 2014-12-03, as used in Google Chrome before\n 40.0.2214.91, calculates certain values without\n ensuring that they can be represented in a 24-bit\n field, which allows remote attackers to cause a denial\n of service (memory corruption) or possibly have\n unspecified other impact via a crafted string, a\n related issue to CVE-2014-7923.(CVE-2014-9654)\n\n - Unspecified vulnerability in Oracle Java SE 6u101,\n 7u85, and 8u60, and Java SE Embedded 8u51, allows\n remote attackers to affect confidentiality, integrity,\n and availability via unknown vectors related to\n 2D.(CVE-2015-4844)\n\n - The uloc_acceptLanguageFromHTTP function in\n common/uloc.cpp in International Components for Unicode\n (ICU) through 57.1 for C/C++ does not ensure that there\n is a '\\0' character at the end of a certain temporary\n array, which allows remote attackers to cause a denial\n of service (out-of-bounds read) or possibly have\n unspecified other impact via a call with a long\n httpAcceptLanguage argument.(CVE-2016-6293)\n\n - International Components for Unicode (ICU) for C/C++\n before 2017-02-13 has an out-of-bounds write caused by\n a heap-based buffer overflow related to the\n utf8TextAccess function in common/utext.cpp and the\n utext_setNativeIndex* function.(CVE-2017-7867)\n\n - International Components for Unicode (ICU) for C/C++\n before 2017-02-13 has an out-of-bounds write caused by\n a heap-based buffer overflow related to the\n utf8TextAccess function in common/utext.cpp and the\n utext_moveIndex32* function.(CVE-2017-7868)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2390\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?76e7c95c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected icu packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libicu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libicu-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"libicu-50.1.2-15.h4\",\n \"libicu-devel-50.1.2-15.h4\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"icu\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2019-12-13T22:29:37", "bulletinFamily": "scanner", "description": "According to the version of the graphviz packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - Format string vulnerability in the yyerror function in\n lib/cgraph/scan.l in Graphviz allows remote attackers\n to have unspecified impact via format string specifiers\n in unknown vectors, which are not properly handled in\n an error string.(CVE-2014-9157)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "EULEROS_SA-2019-2355.NASL", "href": "https://www.tenable.com/plugins/nessus/131847", "published": "2019-12-10T00:00:00", "title": "EulerOS 2.0 SP2 : graphviz (EulerOS-SA-2019-2355)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131847);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\n \"CVE-2014-9157\"\n );\n script_bugtraq_id(\n 71283\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : graphviz (EulerOS-SA-2019-2355)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the graphviz packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerability :\n\n - Format string vulnerability in the yyerror function in\n lib/cgraph/scan.l in Graphviz allows remote attackers\n to have unspecified impact via format string specifiers\n in unknown vectors, which are not properly handled in\n an error string.(CVE-2014-9157)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2355\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fc2fec25\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected graphviz package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:graphviz\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:graphviz-tcl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"graphviz-2.30.1-19.h3\",\n \"graphviz-tcl-2.30.1-19.h3\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"graphviz\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T22:30:01", "bulletinFamily": "scanner", "description": "According to the versions of the gpgme package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - GnuPG Made Easy (GPGME) is a library designed to make\n access to GnuPG easier for applications. It provides a\n high-level crypto API for encryption, decryption,\n signing, signature verification and key management.\n\n - Security fix(es):\n\n - Multiple heap-based buffer overflows in the\n status_handler function in (1) engine-gpgsm.c and (2)\n engine-uiserver.c in GPGME before 1.5.1 allow remote\n attackers to cause a denial of service (crash) and\n possibly execute arbitrary code via vectors related to\n ", "modified": "2019-12-02T00:00:00", "id": "EULEROS_SA-2019-2406.NASL", "href": "https://www.tenable.com/plugins/nessus/131898", "published": "2019-12-10T00:00:00", "title": "EulerOS 2.0 SP2 : gpgme (EulerOS-SA-2019-2406)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131898);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\n \"CVE-2014-3564\"\n );\n script_bugtraq_id(\n 68990\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : gpgme (EulerOS-SA-2019-2406)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the gpgme package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - GnuPG Made Easy (GPGME) is a library designed to make\n access to GnuPG easier for applications. It provides a\n high-level crypto API for encryption, decryption,\n signing, signature verification and key management.\n\n - Security fix(es):\n\n - Multiple heap-based buffer overflows in the\n status_handler function in (1) engine-gpgsm.c and (2)\n engine-uiserver.c in GPGME before 1.5.1 allow remote\n attackers to cause a denial of service (crash) and\n possibly execute arbitrary code via vectors related to\n 'different line lengths in a specific\n order.'(CVE-2014-3564)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2406\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b11f06b5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected gpgme packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:gpgme\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"gpgme-1.3.2-5.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gpgme\");\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T22:30:03", "bulletinFamily": "scanner", "description": "According to the versions of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - The default configuration for cURL and libcurl before\n 7.42.1 sends custom HTTP headers to both the proxy and\n destination server, which might allow remote proxy\n servers to obtain sensitive information by reading the\n header contents.(CVE-2015-3153)\n\n - curl before version 7.51.0 uses outdated IDNA 2003\n standard to handle International Domain Names and this\n may lead users to potentially and unknowingly issue\n network transfer requests to the wrong\n host.(CVE-2016-8625)\n\n - Heap buffer overflow in the TFTP protocol handler in\n cURL 7.19.4 to 7.65.3.(CVE-2019-5482)\n\n - Curl versions 7.14.1 through 7.61.1 are vulnerable to a\n heap-based buffer over-read in the tool_msgs.c:voutf()\n function that may result in information exposure and\n denial of service.(CVE-2018-16842)\n\n - The ConnectionExists function in lib/url.c in libcurl\n before 7.47.0 does not properly re-use\n NTLM-authenticated proxy connections, which might allow\n remote attackers to authenticate as other users via a\n request, a similar issue to\n CVE-2014-0015.(CVE-2016-0755)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "EULEROS_SA-2019-2410.NASL", "href": "https://www.tenable.com/plugins/nessus/131902", "published": "2019-12-10T00:00:00", "title": "EulerOS 2.0 SP2 : curl (EulerOS-SA-2019-2410)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131902);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\n \"CVE-2015-3153\",\n \"CVE-2016-0755\",\n \"CVE-2016-8625\",\n \"CVE-2018-16842\",\n \"CVE-2019-5482\"\n );\n script_bugtraq_id(\n 74408\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : curl (EulerOS-SA-2019-2410)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the curl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - The default configuration for cURL and libcurl before\n 7.42.1 sends custom HTTP headers to both the proxy and\n destination server, which might allow remote proxy\n servers to obtain sensitive information by reading the\n header contents.(CVE-2015-3153)\n\n - curl before version 7.51.0 uses outdated IDNA 2003\n standard to handle International Domain Names and this\n may lead users to potentially and unknowingly issue\n network transfer requests to the wrong\n host.(CVE-2016-8625)\n\n - Heap buffer overflow in the TFTP protocol handler in\n cURL 7.19.4 to 7.65.3.(CVE-2019-5482)\n\n - Curl versions 7.14.1 through 7.61.1 are vulnerable to a\n heap-based buffer over-read in the tool_msgs.c:voutf()\n function that may result in information exposure and\n denial of service.(CVE-2018-16842)\n\n - The ConnectionExists function in lib/url.c in libcurl\n before 7.47.0 does not properly re-use\n NTLM-authenticated proxy connections, which might allow\n remote attackers to authenticate as other users via a\n request, a similar issue to\n CVE-2014-0015.(CVE-2016-0755)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2410\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6c4001b3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected curl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:curl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libcurl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"curl-7.29.0-35.h30\",\n \"libcurl-7.29.0-35.h30\",\n \"libcurl-devel-7.29.0-35.h30\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"curl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T22:30:06", "bulletinFamily": "scanner", "description": "According to the versions of the perl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - The Dumper method in Data::Dumper before 2.154, as used\n in Perl 5.20.1 and earlier, allows context-dependent\n attackers to cause a denial of service (stack\n consumption and crash) via an Array-Reference with many\n nested Array-References, which triggers a large number\n of recursive calls to the DD_dump\n function.(CVE-2014-4330)\n\n - Integer underflow in regcomp.c in Perl before 5.20, as\n used in Apple OS X before 10.10.5 and other products,\n allows context-dependent attackers to execute arbitrary\n code or cause a denial of service (application crash)\n via a long digit string associated with an invalid\n backreference within a regular\n expression.(CVE-2013-7422)\n\n - (1) cpan/Archive-Tar/bin/ptar, (2)\n cpan/Archive-Tar/bin/ptardiff, (3)\n cpan/Archive-Tar/bin/ptargrep, (4)\n cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6)\n cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess,\n (8) cpan/Encode/bin/piconv, (9)\n cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump,\n (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12)\n cpan/IO-Compress/bin/zipdetails, (13)\n cpan/JSON-PP/bin/json_pp, (14)\n cpan/Test-Harness/bin/prove, (15)\n dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16)\n dist/Module-CoreList/corelist, (17)\n ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19)\n utils/h2ph.PL, (20) utils/h2xs.PL, (21)\n utils/libnetcfg.PL, (22) utils/perlbug.PL, (23)\n utils/perldoc.PL, (24) utils/perlivp.PL, and (25)\n utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24\n before 5.24.1-RC2 do not properly remove . (period)\n characters from the end of the includes directory\n array, which might allow local users to gain privileges\n via a Trojan horse module under the current working\n directory.(CVE-2016-1238)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "EULEROS_SA-2019-2419.NASL", "href": "https://www.tenable.com/plugins/nessus/131911", "published": "2019-12-10T00:00:00", "title": "EulerOS 2.0 SP2 : perl (EulerOS-SA-2019-2419)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131911);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\n \"CVE-2013-7422\",\n \"CVE-2014-4330\",\n \"CVE-2016-1238\"\n );\n script_bugtraq_id(\n 70142,\n 75704\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : perl (EulerOS-SA-2019-2419)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the perl packages installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - The Dumper method in Data::Dumper before 2.154, as used\n in Perl 5.20.1 and earlier, allows context-dependent\n attackers to cause a denial of service (stack\n consumption and crash) via an Array-Reference with many\n nested Array-References, which triggers a large number\n of recursive calls to the DD_dump\n function.(CVE-2014-4330)\n\n - Integer underflow in regcomp.c in Perl before 5.20, as\n used in Apple OS X before 10.10.5 and other products,\n allows context-dependent attackers to execute arbitrary\n code or cause a denial of service (application crash)\n via a long digit string associated with an invalid\n backreference within a regular\n expression.(CVE-2013-7422)\n\n - (1) cpan/Archive-Tar/bin/ptar, (2)\n cpan/Archive-Tar/bin/ptardiff, (3)\n cpan/Archive-Tar/bin/ptargrep, (4)\n cpan/CPAN/scripts/cpan, (5) cpan/Digest-SHA/shasum, (6)\n cpan/Encode/bin/enc2xs, (7) cpan/Encode/bin/encguess,\n (8) cpan/Encode/bin/piconv, (9)\n cpan/Encode/bin/ucmlint, (10) cpan/Encode/bin/unidump,\n (11) cpan/ExtUtils-MakeMaker/bin/instmodsh, (12)\n cpan/IO-Compress/bin/zipdetails, (13)\n cpan/JSON-PP/bin/json_pp, (14)\n cpan/Test-Harness/bin/prove, (15)\n dist/ExtUtils-ParseXS/lib/ExtUtils/xsubpp, (16)\n dist/Module-CoreList/corelist, (17)\n ext/Pod-Html/bin/pod2html, (18) utils/c2ph.PL, (19)\n utils/h2ph.PL, (20) utils/h2xs.PL, (21)\n utils/libnetcfg.PL, (22) utils/perlbug.PL, (23)\n utils/perldoc.PL, (24) utils/perlivp.PL, and (25)\n utils/splain.PL in Perl 5.x before 5.22.3-RC2 and 5.24\n before 5.24.1-RC2 do not properly remove . (period)\n characters from the end of the includes directory\n array, which might allow local users to gain privileges\n via a Trojan horse module under the current working\n directory.(CVE-2016-1238)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2419\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?49511b71\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected perl packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-libs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:perl-macros\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"perl-5.16.3-285.h7\",\n \"perl-core-5.16.3-285.h7\",\n \"perl-devel-5.16.3-285.h7\",\n \"perl-libs-5.16.3-285.h7\",\n \"perl-macros-5.16.3-285.h7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"perl\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-12-13T22:29:51", "bulletinFamily": "scanner", "description": "According to the versions of the libpng packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Integer overflow in the png_set_unknown_chunks function\n in libpng/pngset.c in libpng before 1.5.14beta08 allows\n context-dependent attackers to cause a denial of\n service (segmentation fault and crash) via a crafted\n image, which triggers a heap-based buffer\n overflow.(CVE-2013-7353)\n\n - Multiple integer overflows in libpng before 1.5.14rc03\n allow remote attackers to cause a denial of service\n (crash) via a crafted image to the (1) png_set_sPLT or\n (2) png_set_text_2 function, which triggers a\n heap-based buffer overflow.(CVE-2013-7354)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "EULEROS_SA-2019-2383.NASL", "href": "https://www.tenable.com/plugins/nessus/131875", "published": "2019-12-10T00:00:00", "title": "EulerOS 2.0 SP2 : libpng (EulerOS-SA-2019-2383)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131875);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\n \"CVE-2013-7353\",\n \"CVE-2013-7354\"\n );\n script_bugtraq_id(\n 67344,\n 67345\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : libpng (EulerOS-SA-2019-2383)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the libpng packages installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - Integer overflow in the png_set_unknown_chunks function\n in libpng/pngset.c in libpng before 1.5.14beta08 allows\n context-dependent attackers to cause a denial of\n service (segmentation fault and crash) via a crafted\n image, which triggers a heap-based buffer\n overflow.(CVE-2013-7353)\n\n - Multiple integer overflows in libpng before 1.5.14rc03\n allow remote attackers to cause a denial of service\n (crash) via a crafted image to the (1) png_set_sPLT or\n (2) png_set_text_2 function, which triggers a\n heap-based buffer overflow.(CVE-2013-7354)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2383\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6c58d8aa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected libpng packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libpng\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libpng-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"libpng-1.5.13-7.h7\",\n \"libpng-devel-1.5.13-7.h7\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libpng\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-13T22:29:58", "bulletinFamily": "scanner", "description": "According to the version of the jakarta-commons-httpclient package\ninstalled, the EulerOS installation on the remote host is affected by\nthe following vulnerability :\n\n - http/conn/ssl/SSLConnectionSocketFactory.java in Apache\n HttpComponents HttpClient before 4.3.6 ignores the\n http.socket.timeout configuration setting during an SSL\n handshake, which allows remote attackers to cause a\n denial of service (HTTPS call hang) via unspecified\n vectors.(CVE-2015-5262)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "EULEROS_SA-2019-2397.NASL", "href": "https://www.tenable.com/plugins/nessus/131889", "published": "2019-12-10T00:00:00", "title": "EulerOS 2.0 SP2 : jakarta-commons-httpclient (EulerOS-SA-2019-2397)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131889);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\n \"CVE-2015-5262\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : jakarta-commons-httpclient (EulerOS-SA-2019-2397)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the jakarta-commons-httpclient package\ninstalled, the EulerOS installation on the remote host is affected by\nthe following vulnerability :\n\n - http/conn/ssl/SSLConnectionSocketFactory.java in Apache\n HttpComponents HttpClient before 4.3.6 ignores the\n http.socket.timeout configuration setting during an SSL\n handshake, which allows remote attackers to cause a\n denial of service (HTTPS call hang) via unspecified\n vectors.(CVE-2015-5262)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2397\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?424ab293\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jakarta-commons-httpclient package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:jakarta-commons-httpclient\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"jakarta-commons-httpclient-3.1-16.h1\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"jakarta-commons-httpclient\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-13T22:29:57", "bulletinFamily": "scanner", "description": "According to the versions of the gnupg2 package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - GnuPG 2.2.4 and 2.2.5 does not enforce a configuration\n in which key certification requires an offline master\n Certify key, which results in apparently valid\n certifications that occurred only with access to a\n signing subkey.(CVE-2018-9234)\n\n - The do_uncompress function in g10/compress.c in GnuPG\n 1.x before 1.4.17 and 2.x before 2.0.24 allows\n context-dependent attackers to cause a denial of\n service (infinite loop) via malformed compressed\n packets, as demonstrated by an a3 01 5b ff byte\n sequence.(CVE-2014-4617)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "modified": "2019-12-02T00:00:00", "id": "EULEROS_SA-2019-2393.NASL", "href": "https://www.tenable.com/plugins/nessus/131885", "published": "2019-12-10T00:00:00", "title": "EulerOS 2.0 SP2 : gnupg2 (EulerOS-SA-2019-2393)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131885);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\n \"CVE-2014-4617\",\n \"CVE-2018-9234\"\n );\n script_bugtraq_id(\n 68156\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : gnupg2 (EulerOS-SA-2019-2393)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the gnupg2 package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - GnuPG 2.2.4 and 2.2.5 does not enforce a configuration\n in which key certification requires an offline master\n Certify key, which results in apparently valid\n certifications that occurred only with access to a\n signing subkey.(CVE-2018-9234)\n\n - The do_uncompress function in g10/compress.c in GnuPG\n 1.x before 1.4.17 and 2.x before 2.0.24 allows\n context-dependent attackers to cause a denial of\n service (infinite loop) via malformed compressed\n packets, as demonstrated by an a3 01 5b ff byte\n sequence.(CVE-2014-4617)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2393\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?57eeb87f\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected gnupg2 packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-9234\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:gnupg2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"gnupg2-2.0.22-5.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"gnupg2\");\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-13T22:29:59", "bulletinFamily": "scanner", "description": "According to the versions of the ppp package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - Buffer overflow in the rc_mksid function in\n plugins/radius/util.c in Paul", "modified": "2019-12-02T00:00:00", "id": "EULEROS_SA-2019-2399.NASL", "href": "https://www.tenable.com/plugins/nessus/131891", "published": "2019-12-10T00:00:00", "title": "EulerOS 2.0 SP2 : ppp (EulerOS-SA-2019-2399)", "type": "nessus", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131891);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2019/12/13\");\n\n script_cve_id(\n \"CVE-2014-3158\",\n \"CVE-2015-3310\"\n );\n script_bugtraq_id(\n 69399,\n 74163\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : ppp (EulerOS-SA-2019-2399)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the ppp package installed, the EulerOS\ninstallation on the remote host is affected by the following\nvulnerabilities :\n\n - Buffer overflow in the rc_mksid function in\n plugins/radius/util.c in Paul's PPP Package (ppp) 2.4.6\n and earlier, when the PID for pppd is greater than\n 65535, allows remote attackers to cause a denial of\n service (crash) via a start accounting message to the\n RADIUS server.(CVE-2015-3310)\n\n - Integer overflow in the getword function in options.c\n in pppd in Paul's PPP Package (ppp) before 2.4.7 allows\n attackers to 'access privileged options' via a long\n word in an options file, which triggers a heap-based\n buffer overflow that '[corrupts] security-relevant\n variables.'(CVE-2014-3158)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2399\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?74551c9a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected ppp packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:ppp\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\n\nflag = 0;\n\npkgs = [\"ppp-2.4.5-33.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ppp\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}