Lucene search
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2019-1236.NASLHistoryApr 04, 2019 - 12:00 a.m.
EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1236)
2019-04-0400:00:00
This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
118
7.1 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.6 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
58.4%
According to the version of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :
- The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/xattr.c:ext4_xattr_inode_hash() function. An attacker could trick a legitimate user or a privileged attacker could exploit this to cause a NULL pointer dereference with a crafted ext4 image.i1/4^CVE-2018-1094i1/4%0
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(123704);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/06");
script_cve_id("CVE-2018-1094");
script_name(english:"EulerOS Virtualization 2.5.4 : kernel (EulerOS-SA-2019-1236)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the kernel packages installed, the
EulerOS Virtualization installation on the remote host is affected by
the following vulnerability :
- The Linux kernel is vulnerable to a NULL pointer
dereference in the ext4/xattr.c:ext4_xattr_inode_hash()
function. An attacker could trick a legitimate user or
a privileged attacker could exploit this to cause a
NULL pointer dereference with a crafted ext4
image.i1/4^CVE-2018-1094i1/4%0
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1236
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8982ab7a");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1094");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2019/04/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/04/04");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.5.4");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.5.4") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.5.4");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["kernel-3.10.0-862.14.1.1_60",
"kernel-devel-3.10.0-862.14.1.1_60",
"kernel-headers-3.10.0-862.14.1.1_60",
"kernel-tools-3.10.0-862.14.1.1_60",
"kernel-tools-libs-3.10.0-862.14.1.1_60",
"kernel-tools-libs-devel-3.10.0-862.14.1.1_60"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| huawei | euleros | uvp | cpe:/o:huawei:euleros:uvp:2.5.4 |
| huawei | euleros | kernel | p-cpe:/a:huawei:euleros:kernel |
| huawei | euleros | kernel-devel | p-cpe:/a:huawei:euleros:kernel-devel |
| huawei | euleros | kernel-headers | p-cpe:/a:huawei:euleros:kernel-headers |
| huawei | euleros | kernel-tools | p-cpe:/a:huawei:euleros:kernel-tools |
| huawei | euleros | kernel-tools-libs | p-cpe:/a:huawei:euleros:kernel-tools-libs |
| huawei | euleros | kernel-tools-libs-devel | p-cpe:/a:huawei:euleros:kernel-tools-libs-devel |
Related
redhatcve
redhatcve
CVE-2018-1094
2018-03-27 01:18:51
nvd
nvd
CVE-2018-1094
2018-04-02 03:29:00
ubuntucve
ubuntucve
CVE-2018-1094
2018-04-01 00:00:00
cve
cve
CVE-2018-1094
2018-04-02 03:29:00
openvas
openvas
Huawei EulerOS: Security Advisory for kernel (EulerOS-SA-2019-1236)
2020-01-23 00:00:00
Ubuntu: Security Advisory (USN-3695-2)
2018-07-03 00:00:00
Ubuntu: Security Advisory (USN-3695-1)
2018-07-03 00:00:00
prion
prion
Null pointer dereference
2018-04-02 03:29:00
veracode
veracode
Denial Of Service (DoS)
2019-05-16 03:18:35
cvelist
cvelist
CVE-2018-1094
2018-04-02 03:00:00
debiancve
debiancve
CVE-2018-1094
2018-04-02 03:29:00
nessus
nessus
Photon OS 2.0: Linux PHSA-2018-2.0-0041
2019-02-07 00:00:00
Oracle Linux 6 : Unbreakable Enterprise kernel (ELSA-2019-4533)
2019-02-08 00:00:00
Oracle Linux 6 / 7 : Unbreakable Enterprise kernel (ELSA-2019-4510)
2019-01-16 00:00:00
oraclelinux
oraclelinux
Unbreakable Enterprise kernel security update
2019-01-15 00:00:00
Unbreakable Enterprise kernel security update
2019-02-07 00:00:00
Unbreakable Enterprise kernel security update
2019-02-06 00:00:00
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2018-2.0-0041
2018-05-03 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2018-1.0-0132
2018-05-03 00:00:00
Important Photon OS Security Update - PHSA-2018-0041
2018-05-03 00:00:00
ubuntu
ubuntu
Linux kernel (HWE) vulnerabilities
2018-07-02 00:00:00
Linux kernel vulnerabilities
2018-07-02 00:00:00
Linux kernel (HWE) regression
2018-07-21 00:00:00
mageia
mageia
Updated kernel packages fix security vulnerabilities
2018-05-18 18:27:18
Updated kernel-linus packages fix security vulnerabilities
2018-05-31 23:34:08
Updated kernel-tmb packages fix security vulnerabilities
2018-05-31 23:34:08
suse
suse
Security update for the Linux Kernel (important)
2018-06-21 18:19:06
Security update for the Linux Kernel (important)
2018-07-28 15:17:43
ibm
ibm
redhat
redhat
centos
centos
bpftool, kernel, perf, python security update
2018-11-15 18:40:28
7.1 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:N/I:N/A:C
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
5.6 Medium
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
58.4%
Related for EULEROS_SA-2019-1236.NASL