CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
90.9%
According to the versions of the libxml2 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(132161);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/03");
script_cve_id(
"CVE-2015-8035",
"CVE-2017-18258",
"CVE-2017-5969",
"CVE-2017-8872",
"CVE-2017-9048",
"CVE-2017-9049",
"CVE-2018-14404",
"CVE-2018-14567"
);
script_name(english:"EulerOS 2.0 SP3 : libxml2 (EulerOS-SA-2019-2626)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the libxml2 packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- This library allows to manipulate XML files. It
includes support to read, modify and write XML and HTML
files. There is DTDs support this includes parsing and
validation even with complex DtDs, either at parse time
or later once the document has been modified. The
output can be a simple SAX stream or and in-memory DOM
like representations. In this case one can use the
built-in XPath and XPointer implementation to select
sub nodes or ranges. A flexible Input/Output mechanism
is available, with existing HTTP and FTP modules and
combined to an URI library.Security Fix(es):** DISPUTED
** libxml2 2.9.4, when used in recover mode, allows
remote attackers to cause a denial of service (NULL
pointer dereference) via a crafted XML document. NOTE:
The maintainer states 'I would disagree of a CVE with
the Recover parsing option which should only be used
for manual recovery at least for XML
parser.'(CVE-2017-5969)A NULL pointer dereference
vulnerability exists in the
xpath.c:xmlXPathCompOpEval() function of libxml2
through 2.9.8 when parsing an invalid XPath expression
in the XPATH_OP_AND or XPATH_OP_OR case. Applications
processing untrusted XSL format inputs with the use of
the libxml2 library may be vulnerable to a denial of
service attack due to a crash of the
application.(CVE-2018-14404)libxml2 2.9.8, if
--with-lzma is used, allows remote attackers to cause a
denial of service (infinite loop) via a crafted XML
file that triggers LZMA_MEMLIMIT_ERROR, as demonstrated
by xmllint, a different vulnerability than
CVE-2015-8035 and CVE-2018-9251.(CVE-2018-14567)libxml2
20904-GITv2.9.4-16-g0741801 is vulnerable to a
heap-based buffer over-read in the
xmlDictComputeFastKey function in dict.c. This
vulnerability causes programs that use libxml2, such as
PHP, to crash. This vulnerability exists because of an
incomplete fix for libxml2 Bug
759398.(CVE-2017-9049)libxml2
20904-GITv2.9.4-16-g0741801 is vulnerable to a
stack-based buffer overflow. The function
xmlSnprintfElementContent in valid.c is supposed to
recursively dump the element content definition into a
char buffer 'buf' of size 'size'. At the end of the
routine, the function may strcat two more characters
without checking whether the current strlen(buf) + 2 <
size. This vulnerability causes programs that use
libxml2, such as PHP, to crash.(CVE-2017-9048)The
htmlParseTryOrFinish function in HTMLparser.c in
libxml2 2.9.4 allows attackers to cause a denial of
service (buffer over-read) or information
disclosure.(CVE-2017-8872)The xz_decomp function in
xzlib.c in libxml2 2.9.1 does not properly detect
compression errors, which allows context-dependent
attackers to cause a denial of service (process hang)
via crafted XML data.(CVE-2015-8035)The xz_head
function in xzlib.c in libxml2 before 2.9.6 allows
remote attackers to cause a denial of service (memory
consumption) via a crafted LZMA file, because the
decoder functionality does not restrict memory usage to
what is required for a legitimate file.(CVE-2017-18258)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2626
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c6b15be1");
script_set_attribute(attribute:"solution", value:
"Update the affected libxml2 packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-8872");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2019/12/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/18");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libxml2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libxml2-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libxml2-python");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["libxml2-2.9.1-6.3.h17",
"libxml2-devel-2.9.1-6.3.h17",
"libxml2-python-2.9.1-6.3.h17"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libxml2");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8035
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-18258
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-5969
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8872
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9048
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9049
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14404
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-14567
www.nessus.org/u?c6b15be1
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
90.9%