CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
91.8%
According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
psi/zfile.c in Artifex Ghostscript before 9.21rc1 permits the status command even if -dSAFER is used, which might allow remote attackers to determine the existence and size of arbitrary files, a similar issue to CVE-2016-7977.(CVE-2018-11645)
The PS Interpreter in Ghostscript 9.18 and 9.20 allows remote attackers to execute arbitrary code via crafted userparams.(CVE-2016-7976)
A flaw was found in, ghostscript versions prior to 9.28, in the .pdf_hook_DSC_Creator procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER
restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.(CVE-2019-14811)
A flaw was found in the .setuserparams2 procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER
restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.(CVE-2019-14812)
A flaw was found in the setsystemparams procedure where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER
restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.(CVE-2019-14813)
A flaw was found in the .pdfexectoken and other procedures where it did not properly secure its privileged calls, enabling scripts to bypass -dSAFER
restrictions. A specially crafted PostScript file could disable security protection and then have access to the file system, or execute arbitrary commands.(CVE-2019-14817)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(130860);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/12");
script_cve_id(
"CVE-2016-7976",
"CVE-2018-11645",
"CVE-2019-14811",
"CVE-2019-14812",
"CVE-2019-14813",
"CVE-2019-14817"
);
script_xref(name:"IAVB", value:"2019-B-0081-S");
script_name(english:"EulerOS 2.0 SP5 : ghostscript (EulerOS-SA-2019-2151)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the ghostscript packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- psi/zfile.c in Artifex Ghostscript before 9.21rc1
permits the status command even if -dSAFER is used,
which might allow remote attackers to determine the
existence and size of arbitrary files, a similar issue
to CVE-2016-7977.(CVE-2018-11645)
- The PS Interpreter in Ghostscript 9.18 and 9.20 allows
remote attackers to execute arbitrary code via crafted
userparams.(CVE-2016-7976)
- A flaw was found in, ghostscript versions prior to
9.28, in the .pdf_hook_DSC_Creator procedure where it
did not properly secure its privileged calls, enabling
scripts to bypass `-dSAFER` restrictions. A specially
crafted PostScript file could disable security
protection and then have access to the file system, or
execute arbitrary commands.(CVE-2019-14811)
- A flaw was found in the .setuserparams2 procedure where
it did not properly secure its privileged calls,
enabling scripts to bypass `-dSAFER` restrictions. A
specially crafted PostScript file could disable
security protection and then have access to the file
system, or execute arbitrary commands.(CVE-2019-14812)
- A flaw was found in the setsystemparams procedure where
it did not properly secure its privileged calls,
enabling scripts to bypass `-dSAFER` restrictions. A
specially crafted PostScript file could disable
security protection and then have access to the file
system, or execute arbitrary commands.(CVE-2019-14813)
- A flaw was found in the .pdfexectoken and other
procedures where it did not properly secure its
privileged calls, enabling scripts to bypass `-dSAFER`
restrictions. A specially crafted PostScript file could
disable security protection and then have access to the
file system, or execute arbitrary
commands.(CVE-2019-14817)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2151
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?9efc15d0");
script_set_attribute(attribute:"solution", value:
"Update the affected ghostscript packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14813");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2019/10/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/12");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ghostscript");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ghostscript-cups");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["ghostscript-9.07-31.6.h8.eulerosv2r7",
"ghostscript-cups-9.07-31.6.h8.eulerosv2r7"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ghostscript");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7976
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-11645
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14811
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14812
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14813
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-14817
www.nessus.org/u?9efc15d0
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
91.8%