Lucene search
This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2018-1235.NASLHistorySep 18, 2018 - 12:00 a.m.
EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1235)
2018-09-1800:00:00
This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.1
Confidence
High
EPSS
0.001
Percentile
28.1%
According to the version of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :
- In the Linux kernel through 4.14.13, drivers/block/loop.c mishandles lo_release serialization, which allows attackers to cause a denial of service (__lock_acquire use-after-free) or possibly have unspecified other impact.(CVE-2018-5344)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(117544);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/08/07");
script_cve_id("CVE-2018-5344");
script_name(english:"EulerOS Virtualization 2.5.0 : kernel (EulerOS-SA-2018-1235)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the kernel packages installed, the
EulerOS Virtualization installation on the remote host is affected by
the following vulnerability :
- In the Linux kernel through 4.14.13,
drivers/block/loop.c mishandles lo_release
serialization, which allows attackers to cause a denial
of service (__lock_acquire use-after-free) or possibly
have unspecified other impact.(CVE-2018-5344)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2018-1235
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d044b15f");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-5344");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"patch_publication_date", value:"2018/07/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/18");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.5.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.5.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.5.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["kernel-3.10.0-327.61.59.66_27",
"kernel-devel-3.10.0-327.61.59.66_27",
"kernel-headers-3.10.0-327.61.59.66_27",
"kernel-tools-3.10.0-327.61.59.66_27",
"kernel-tools-libs-3.10.0-327.61.59.66_27",
"kernel-tools-libs-devel-3.10.0-327.61.59.66_27"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| huawei | euleros | kernel-headers | p-cpe:/a:huawei:euleros:kernel-headers |
| huawei | euleros | kernel-tools-libs-devel | p-cpe:/a:huawei:euleros:kernel-tools-libs-devel |
| huawei | euleros | uvp | cpe:/o:huawei:euleros:uvp:2.5.0 |
| huawei | euleros | kernel-tools-libs | p-cpe:/a:huawei:euleros:kernel-tools-libs |
| huawei | euleros | kernel-tools | p-cpe:/a:huawei:euleros:kernel-tools |
| huawei | euleros | kernel-devel | p-cpe:/a:huawei:euleros:kernel-devel |
| huawei | euleros | kernel | p-cpe:/a:huawei:euleros:kernel |
Related
cvelist
cvelist
CVE-2018-5344
2018-01-12 09:00:00
photon
photon
nessus
nessus
Photon OS 2.0: Linux PHSA-2018-2.0-0016
2019-02-07 00:00:00
Virtuozzo 7 : readykernel-patch (VZA-2018-007)
2018-02-05 00:00:00
Photon OS 1.0: Linux PHSA-2018-1.0-0107 (deprecated)
2018-08-17 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2018-1235)
2020-01-23 00:00:00
Fedora Update for kernel FEDORA-2018-262eb7c289
2018-01-24 00:00:00
Fedora Update for kernel FEDORA-2018-8dc60a4feb
2018-01-24 00:00:00
cve
cve
CVE-2018-5344
2018-01-12 09:29:00
virtuozzo
virtuozzo
ubuntucve
ubuntucve
CVE-2018-5344
2018-01-12 00:00:00
osv
osv
CVE-2018-5344
2018-01-12 09:29:00
prion
prion
Design/Logic Flaw
2018-01-12 09:29:00
debiancve
debiancve
CVE-2018-5344
2018-01-12 09:29:00
veracode
veracode
Denial Of Service (DoS)
2019-05-16 03:18:37
nvd
nvd
CVE-2018-5344
2018-01-12 09:29:00
redhatcve
redhatcve
CVE-2018-5344
2020-01-07 09:30:33
fedora
fedora
[SECURITY] Fedora 27 Update: kernel-4.14.14-300.fc27
2018-01-23 21:53:40
[SECURITY] Fedora 26 Update: kernel-4.14.14-200.fc26
2018-01-23 21:22:44
[SECURITY] Fedora 27 Update: kernel-4.15.17-300.fc27
2018-04-18 01:31:51
amazon
amazon
Important: kernel
2018-02-20 21:20:00
Important: kernel
2018-02-20 21:23:00
ubuntu
ubuntu
Linux kernel (Azure) vulnerabilities
2018-04-24 00:00:00
Linux kernel (Raspberry Pi 2) vulnerabilities
2018-04-04 00:00:00
Linux kernel vulnerabilities
2018-04-03 00:00:00
ibm
ibm
Security Bulletin: IBM QRadar Network Security is affected by Linux kernel vulnerabilities
2019-06-27 08:40:01
Security Bulletin: Multiple vulnerabilities affect Intelยฎ Manycore Platform Software Stack (Intelยฎ MPSS) for Linux and Windows
2019-02-25 20:40:02
Security Bulletin: Vulnerabilities in the Linux Kernel affect PowerKVM
2019-05-17 16:05:02
redhat
redhat
centos
centos
bpftool, kernel, perf, python security update
2018-11-15 18:40:28
oraclelinux
oraclelinux
kernel security, bug fix, and enhancement update
2018-11-05 00:00:00
androidsecurity
androidsecurity
Pixel / Nexus Security BulletinโMay 2018
2018-05-07 00:00:00
cloudfoundry
cloudfoundry
USN-3619-2: Linux kernel (Xenial HWE) vulnerabilities | Cloud Foundry
2018-05-02 00:00:00
lenovo
lenovo
AMI MegaRAC SP-X BMC Vulnerabilities - Lenovo Support US
2020-04-13 19:22:04
CVSS2
4.6
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.1
Confidence
High
EPSS
0.001
Percentile
28.1%
Related for EULEROS_SA-2018-1235.NASL