Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2019-1221.NASLHistoryApr 09, 2019 - 12:00 a.m.
EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1221)
2019-04-0900:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
24
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
7.1
Confidence
High
EPSS
0
Percentile
10.1%
According to the version of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :
- A new software page cache side channel attack scenario was discovered in operating systems that implement the very common โpage cacheโ caching mechanism. A malicious user/process could use โin memoryโ page-cache knowledge to infer access timings to shared memory and gain knowledge which can be used to reduce effectiveness of cryptographic strength by monitoring algorithmic behavior, infer access patterns of memory to determine code paths taken, and exfiltrate data to a blinded attacker through page-granularity access times as a side-channel.i1/4^CVE-2019-5489i1/4%0
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(123907);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/04");
script_cve_id("CVE-2019-5489");
script_name(english:"EulerOS Virtualization 2.5.3 : kernel (EulerOS-SA-2019-1221)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the kernel packages installed, the
EulerOS Virtualization installation on the remote host is affected by
the following vulnerability :
- A new software page cache side channel attack scenario
was discovered in operating systems that implement the
very common 'page cache' caching mechanism. A malicious
user/process could use 'in memory' page-cache knowledge
to infer access timings to shared memory and gain
knowledge which can be used to reduce effectiveness of
cryptographic strength by monitoring algorithmic
behavior, infer access patterns of memory to determine
code paths taken, and exfiltrate data to a blinded
attacker through page-granularity access times as a
side-channel.i1/4^CVE-2019-5489i1/4%0
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1221
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?81f3f548");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-5489");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2019/04/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.5.3");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.5.3") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.5.3");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["kernel-3.10.0-514.44.5.10_126",
"kernel-devel-3.10.0-514.44.5.10_126",
"kernel-headers-3.10.0-514.44.5.10_126",
"kernel-tools-3.10.0-514.44.5.10_126",
"kernel-tools-libs-3.10.0-514.44.5.10_126",
"kernel-tools-libs-devel-3.10.0-514.44.5.10_126"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
Related
ubuntucve
ubuntucve
CVE-2019-5489
2019-01-07 00:00:00
cvelist
cvelist
CVE-2019-5489
2019-01-07 18:00:00
nvd
nvd
CVE-2019-5489
2019-01-07 17:29:00
veracode
veracode
Information Disclosure
2019-08-08 00:07:22
githubexploit
githubexploit
prion
prion
Design/Logic Flaw
2019-01-07 17:29:00
debiancve
debiancve
CVE-2019-5489
2019-01-07 18:00:00
nessus
nessus
RHEL 5 : kernel (RHSA-2019:2808)
2024-04-27 00:00:00
RHEL 6 : kernel (RHSA-2019:4056)
2019-12-03 00:00:00
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4528)
2019-02-04 00:00:00
f5
f5
K30404955 : Linux kernel vulnerability CVE-2019-5489
2020-09-25 00:00:00
redhatcve
redhatcve
CVE-2019-5489
2020-04-09 13:09:06
cve
cve
CVE-2019-5489
2019-01-07 18:00:00
huawei
huawei
Security Advisory - Page-Cache Side-Channel Vulnerability
2020-01-15 00:00:00
osv
osv
CVE-2019-5489
2019-01-07 17:29:00
linux - security update
2019-06-17 00:00:00
linux-4.9 - security update
2019-06-17 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1221)
2020-01-23 00:00:00
CentOS Update for kernel CESA-2019:2473 centos6
2019-08-17 00:00:00
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1303)
2020-01-23 00:00:00
redhat
redhat
(RHSA-2019:2808) Important: kernel security update
2019-09-17 10:41:58
(RHSA-2019:4056) Important: kernel security update
2019-12-03 07:55:12
(RHSA-2019:4255) Important: kernel security update
2019-12-17 09:02:46
virtuozzo
virtuozzo
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2019-01-31 00:00:00
kernel security and bug fix update
2019-08-14 00:00:00
Unbreakable Enterprise kernel security update
2019-02-12 00:00:00
centos
centos
kernel, perf, python security update
2019-08-16 21:55:43
bpftool, kernel, perf, python security update
2019-09-10 16:26:50
amazon
amazon
Important: kernel
2019-05-29 19:35:00
Important: kernel
2019-05-29 18:59:00
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2019-1.0-0238
2019-06-13 00:00:00
Critical Photon OS Security Update - PHSA-2019-0021
2019-06-20 00:00:00
Critical Photon OS Security Update - PHSA-2019-3.0-0021
2019-06-20 00:00:00
debian
debian
[SECURITY] [DLA 1823-1] linux security update
2019-06-17 23:42:52
[SECURITY] [DLA 1824-1] linux-4.9 security update
2019-06-18 10:23:55
[SECURITY] [DSA 4465-1] linux security update
2019-06-17 18:00:31
suse
suse
Security update for the Linux Kernel (important)
2019-05-31 00:00:00
Security update for the Linux Kernel (important)
2019-06-18 00:00:00
Security update for the Linux Kernel (important)
2019-06-18 00:00:00
ibm
ibm
androidsecurity
androidsecurity
Pixel Update BulletinโSeptember 2020
2020-09-08 00:00:00
lenovo
lenovo
AMI MegaRAC SP-X BMC Vulnerabilities - Lenovo Support US
2020-04-13 19:22:04
oracle
oracle
Oracle Critical Patch Update Advisory - July 2020
2020-07-14 00:00:00
CVSS2
2.1
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
7.1
Confidence
High
EPSS
0
Percentile
10.1%
Related for EULEROS_SA-2019-1221.NASL