EulerOS 2.0 SP5 : http-parser (EulerOS-SA-2019-2158)

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(130867);
  script_version("1.9");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id(
    "CVE-2018-12121",
    "CVE-2018-7159"
  );

  script_name(english:"EulerOS 2.0 SP5 : http-parser (EulerOS-SA-2019-2158)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the http-parser package installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - This is a parser for HTTP messages written in C. It
    parses both requests and responses. The parser is
    designed to be used in performance HTTP applications.It
    does not make any syscalls nor allocations, it does not
    buffer data, it can be interrupted at anytime.
    Depending on your architecture, it only requires about
    40 bytes of data per message stream (in a web server
    that is per connection).Security Fix(es):The HTTP
    parser in all current versions of Node.js ignores
    spaces in the `Content-Length` header, allowing input
    such as `Content-Length: 1 2` to be interpreted as
    having a value of `12`. The HTTP specification does not
    allow for spaces in the `Content-Length` value and the
    Node.js HTTP parser has been brought into line on this
    particular difference. The security risk of this flaw
    to Node.js users is considered to be VERY LOW as it is
    difficult, and may be impossible, to craft an attack
    that makes use of this flaw in a way that could not
    already be achieved by supplying an incorrect value for
    `Content-Length`. Vulnerabilities may exist in
    user-code that make incorrect assumptions about the
    potential accuracy of this value compared to the actual
    length of the data supplied. Node.js users crafting
    lower-level HTTP utilities are advised to re-check the
    length of any input supplied after parsing is
    complete.(CVE-2018-7159)Node.js: All versions prior to
    Node.js 6.15.0, 8.14.0, 10.14.0 and 11.3.0: Denial of
    Service with large HTTP headers: By using a combination
    of many requests with maximum sized headers (almost 80
    KB per connection), and carefully timed completion of
    the headers, it is possible to cause the HTTP server to
    abort from heap allocation failure. Attack potential is
    mitigated by the use of a load balancer or other proxy
    layer.(CVE-2018-12121)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2158
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?018c2430");
  script_set_attribute(attribute:"solution", value:
"Update the affected http-parser packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-7159");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/10/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/12");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:http-parser");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["http-parser-2.7.1-5.h2.eulerosv2r7"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "http-parser");
}