According to the versions of the kernel packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :
The Linux kernel has an undefined behavior when an argument of INT_MIN is passed to the kernel/signal.c:kill_something_info() function. A local attacker may be able to exploit this to cause a denial of service.(CVE-2018-10124)
The xfs_dinode_verify function in fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel can cause a NULL pointer dereference in xfs_ilock_attr_map_shared function. An attacker could trick a legitimate user or a privileged attacker could exploit this by mounting a crafted xfs filesystem image to cause a kernel panic and thus a denial of service.(CVE-2018-10322)
A flaw was found in the Linux kernel’s client-side implementation of the cifs protocol. This flaw allows an attacker controlling the server to kernel panic a client which has the CIFS server mounted.(CVE-2018-1066)
The do_get_mempolicy() function in mm/mempolicy.c in the Linux kernel allows local users to hit a use-after-free bug via crafted system calls and thus cause a denial of service (DoS) or possibly have unspecified other impact. Due to the nature of the flaw, privilege escalation cannot be fully ruled out.(CVE-2018-10675)
A flaw was found in the Linux kernel’s ext4 filesystem.
A local user can cause an out-of-bounds write and a denial of service or unspecified other impact is possible by mounting and operating a crafted ext4 filesystem image.(CVE-2018-10878)
A flaw was found in the Linux kernel’s ext4 filesystem.
A local user can cause a use-after-free in ext4_xattr_set_entry function and a denial of service or unspecified other impact may occur by renaming a file in a crafted ext4 filesystem image.(CVE-2018-10879)
A flaw was found in the Linux kernel’s ext4 filesystem.
A local user can cause an out-of-bound access in ext4_get_group_info function, a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.(CVE-2018-10881)
A flaw was found in the Linux kernel’s ext4 filesystem.
A local user can cause an out-of-bound write in jbd2_journal_dirty_metadata(), a denial of service, and a system crash by mounting and operating on a crafted ext4 filesystem image.(CVE-2018-10883)
The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/mballoc.c:ext4_process_freed_data() function. An attacker could trick a legitimate user or a privileged attacker could exploit this by mounting a crafted ext4 image to cause a kernel panic.(CVE-2018-1092)
The Linux kernel is vulnerable to a NULL pointer dereference in the ext4/xattr.c:ext4_xattr_inode_hash() function. An attacker could trick a legitimate user or a privileged attacker could exploit this to cause a NULL pointer dereference with a crafted ext4 image.(CVE-2018-1094)
A flaw was found in the Linux kernel, before 4.16.6 where the cdrom_ioctl_media_changed function in drivers/cdrom/cdrom.c allows local attackers to use a incorrect bounds check in the CDROM driver CDROM_MEDIA_CHANGED ioctl to read out kernel memory.(CVE-2018-10940)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(124830);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id(
"CVE-2018-10124",
"CVE-2018-10322",
"CVE-2018-1066",
"CVE-2018-10675",
"CVE-2018-10878",
"CVE-2018-10879",
"CVE-2018-10881",
"CVE-2018-10883",
"CVE-2018-1092",
"CVE-2018-1094",
"CVE-2018-10940"
);
script_name(english:"EulerOS Virtualization 3.0.1.0 : kernel (EulerOS-SA-2019-1507)");
script_summary(english:"Checks the rpm output for the updated packages.");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security
updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the kernel packages installed, the
EulerOS Virtualization installation on the remote host is affected by
the following vulnerabilities :
- The Linux kernel has an undefined behavior when an
argument of INT_MIN is passed to the
kernel/signal.c:kill_something_info() function. A local
attacker may be able to exploit this to cause a denial
of service.(CVE-2018-10124)
- The xfs_dinode_verify function in
fs/xfs/libxfs/xfs_inode_buf.c in the Linux kernel can
cause a NULL pointer dereference in
xfs_ilock_attr_map_shared function. An attacker could
trick a legitimate user or a privileged attacker could
exploit this by mounting a crafted xfs filesystem image
to cause a kernel panic and thus a denial of
service.(CVE-2018-10322)
- A flaw was found in the Linux kernel's client-side
implementation of the cifs protocol. This flaw allows
an attacker controlling the server to kernel panic a
client which has the CIFS server
mounted.(CVE-2018-1066)
- The do_get_mempolicy() function in mm/mempolicy.c in
the Linux kernel allows local users to hit a
use-after-free bug via crafted system calls and thus
cause a denial of service (DoS) or possibly have
unspecified other impact. Due to the nature of the
flaw, privilege escalation cannot be fully ruled
out.(CVE-2018-10675)
- A flaw was found in the Linux kernel's ext4 filesystem.
A local user can cause an out-of-bounds write and a
denial of service or unspecified other impact is
possible by mounting and operating a crafted ext4
filesystem image.(CVE-2018-10878)
- A flaw was found in the Linux kernel's ext4 filesystem.
A local user can cause a use-after-free in
ext4_xattr_set_entry function and a denial of service
or unspecified other impact may occur by renaming a
file in a crafted ext4 filesystem
image.(CVE-2018-10879)
- A flaw was found in the Linux kernel's ext4 filesystem.
A local user can cause an out-of-bound access in
ext4_get_group_info function, a denial of service, and
a system crash by mounting and operating on a crafted
ext4 filesystem image.(CVE-2018-10881)
- A flaw was found in the Linux kernel's ext4 filesystem.
A local user can cause an out-of-bound write in
jbd2_journal_dirty_metadata(), a denial of service, and
a system crash by mounting and operating on a crafted
ext4 filesystem image.(CVE-2018-10883)
- The Linux kernel is vulnerable to a NULL pointer
dereference in the
ext4/mballoc.c:ext4_process_freed_data() function. An
attacker could trick a legitimate user or a privileged
attacker could exploit this by mounting a crafted ext4
image to cause a kernel panic.(CVE-2018-1092)
- The Linux kernel is vulnerable to a NULL pointer
dereference in the ext4/xattr.c:ext4_xattr_inode_hash()
function. An attacker could trick a legitimate user or
a privileged attacker could exploit this to cause a
NULL pointer dereference with a crafted ext4
image.(CVE-2018-1094)
- A flaw was found in the Linux kernel, before 4.16.6
where the cdrom_ioctl_media_changed function in
drivers/cdrom/cdrom.c allows local attackers to use a
incorrect bounds check in the CDROM driver
CDROM_MEDIA_CHANGED ioctl to read out kernel
memory.(CVE-2018-10940)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1507
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9a5a6303");
script_set_attribute(attribute:"solution", value:
"Update the affected kernel packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"patch_publication_date", value:"2019/05/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-headers");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:kernel-tools-libs-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perf");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-perf");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["kernel-3.10.0-862.14.1.6_42",
"kernel-devel-3.10.0-862.14.1.6_42",
"kernel-headers-3.10.0-862.14.1.6_42",
"kernel-tools-3.10.0-862.14.1.6_42",
"kernel-tools-libs-3.10.0-862.14.1.6_42",
"kernel-tools-libs-devel-3.10.0-862.14.1.6_42",
"perf-3.10.0-862.14.1.6_42",
"python-perf-3.10.0-862.14.1.6_42"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kernel");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10124
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10322
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1066
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10675
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10878
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10879
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10881
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10883
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1092
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1094
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10940
www.nessus.org/u?9a5a6303