EulerOS 2.0 SP5 : rpm (EulerOS-SA-2019-1011)

2019-01-0800:00:00

www.tenable.com

4.6 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:P/I:P/A:P

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.1%

JSON

According to the version of the rpm packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

It was found that rpm uses temporary files with predictable names when installing an RPM. An attacker with ability to write in a directory where files will be installed could create symbolic links to an arbitrary location and modify content, and possibly permissions to arbitrary files, which could be used for denial of service or possibly privilege escalation.(CVE-2017-7501)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(120999);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/27");

  script_cve_id("CVE-2017-7501");

  script_name(english:"EulerOS 2.0 SP5 : rpm (EulerOS-SA-2019-1011)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the version of the rpm packages installed, the EulerOS
installation on the remote host is affected by the following
vulnerability :

  - It was found that rpm uses temporary files with
    predictable names when installing an RPM. An attacker
    with ability to write in a directory where files will
    be installed could create symbolic links to an
    arbitrary location and modify content, and possibly
    permissions to arbitrary files, which could be used for
    denial of service or possibly privilege
    escalation.(CVE-2017-7501)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1011
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?06bcd800");
  script_set_attribute(attribute:"solution", value:
"Update the affected rpm package.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-7501");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/12/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/01/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rpm-build");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rpm-build-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rpm-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rpm-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rpm-python");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:rpm-sign");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["rpm-4.11.3-32.h6.eulerosv2r7",
        "rpm-build-4.11.3-32.h6.eulerosv2r7",
        "rpm-build-libs-4.11.3-32.h6.eulerosv2r7",
        "rpm-devel-4.11.3-32.h6.eulerosv2r7",
        "rpm-libs-4.11.3-32.h6.eulerosv2r7",
        "rpm-python-4.11.3-32.h6.eulerosv2r7",
        "rpm-sign-4.11.3-32.h6.eulerosv2r7"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rpm");
}

VendorProductVersionCPE
huaweieulerosrpm-pythonp-cpe:/a:huawei:euleros:rpm-python
huaweieulerosrpm-build-libsp-cpe:/a:huawei:euleros:rpm-build-libs
huaweieulerosrpm-develp-cpe:/a:huawei:euleros:rpm-devel
huaweieulerosrpmp-cpe:/a:huawei:euleros:rpm
huaweieulerosrpm-signp-cpe:/a:huawei:euleros:rpm-sign
huaweieulerosrpm-buildp-cpe:/a:huawei:euleros:rpm-build
huaweieulerosrpm-libsp-cpe:/a:huawei:euleros:rpm-libs
huaweieuleros2.0cpe:/o:huawei:euleros:2.0

Vendor	Product	Version	CPE
huawei	euleros	rpm-python	p-cpe:/a:huawei:euleros:rpm-python
huawei	euleros	rpm-build-libs	p-cpe:/a:huawei:euleros:rpm-build-libs
huawei	euleros	rpm-devel	p-cpe:/a:huawei:euleros:rpm-devel
huawei	euleros	rpm	p-cpe:/a:huawei:euleros:rpm
huawei	euleros	rpm-sign	p-cpe:/a:huawei:euleros:rpm-sign
huawei	euleros	rpm-build	p-cpe:/a:huawei:euleros:rpm-build
huawei	euleros	rpm-libs	p-cpe:/a:huawei:euleros:rpm-libs
huawei	euleros	2.0	cpe:/o:huawei:euleros:2.0