CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
91.3%
According to the versions of the compat-openssl10 package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(132815);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/18");
script_cve_id("CVE-2019-1547", "CVE-2019-1552", "CVE-2019-1563");
script_name(english:"EulerOS Virtualization for ARM 64 3.0.5.0 : compat-openssl10 (EulerOS-SA-2020-1061)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization for ARM 64 host is missing multiple security
updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the compat-openssl10 package installed,
the EulerOS Virtualization for ARM 64 installation on the remote host
is affected by the following vulnerabilities :
- The OpenSSL toolkit provides support for secure
communications between machines. This version of
OpenSSL package contains only the libraries and is
provided for compatibility with previous releases and
software that does not support compilation with
OpenSSL-1.1. Security Fix(es):OpenSSL has internal
defaults for a directory tree where it can find a
configuration file as well as certificates used for
verification in TLS. This directory is most commonly
referred to as OPENSSLDIR, and is configurable with the
--prefix / --openssldir configuration options. For
OpenSSL versions 1.1.0 and 1.1.1, the mingw
configuration targets assume that resulting programs
and libraries are installed in a Unix-like environment
and the default prefix for program installation as well
as for OPENSSLDIR should be '/usr/local'. However,
mingw programs are Windows programs, and as such, find
themselves looking at sub-directories of
'C:/usr/local', which may be world writable, which
enables untrusted users to modify OpenSSL's default
configuration, insert CA certificates, modify (or even
replace) existing engine modules, etc. For OpenSSL
1.0.2, '/usr/local/ssl' is used as default for
OPENSSLDIR on all Unix and Windows targets, including
Visual C builds. However, some build instructions for
the diverse Windows targets on 1.0.2 encourage you to
specify your own --prefix. OpenSSL versions 1.1.1,
1.1.0 and 1.0.2 are affected by this issue. Due to the
limited scope of affected deployments this has been
assessed as low severity and therefore we are not
creating new releases at this time. Fixed in OpenSSL
1.1.1d (Affected 1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l
(Affected 1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t
(Affected 1.0.2-1.0.2s).Not found.(CVE-2019-1552)In
situations where an attacker receives automated
notification of the success or failure of a decryption
attempt an attacker, after sending a very large number
of messages to be decrypted, can recover a CMS/PKCS7
transported encryption key or decrypt any RSA encrypted
message that was encrypted with the public RSA key,
using a Bleichenbacher padding oracle attack.
Applications are not affected if they use a certificate
together with the private RSA key to the CMS_decrypt or
PKCS7_decrypt functions to select the correct recipient
info to decrypt. Fixed in OpenSSL 1.1.1d (Affected
1.1.1-1.1.1c). Fixed in OpenSSL 1.1.0l (Affected
1.1.0-1.1.0k). Fixed in OpenSSL 1.0.2t (Affected
1.0.2-1.0.2s).(CVE-2019-1563)Normally in OpenSSL EC
groups always have a co-factor present and this is used
in side channel resistant code paths. However, in some
cases, it is possible to construct a group using
explicit parameters (instead of using a named curve).
In those cases it is possible that such a group does
not have the cofactor present. This can occur even
where all the parameters match a known named curve. If
such a curve is used then OpenSSL falls back to
non-side channel resistant code paths which may result
in full key recovery during an ECDSA signature
operation. In order to be vulnerable an attacker would
have to have the ability to time the creation of a
large number of signatures where explicit parameters
with no co-factor present are in use by an application
using libcrypto. For the avoidance of doubt libssl is
not vulnerable because explicit parameters are never
used. Fixed in OpenSSL 1.1.1d (Affected 1.1.1-1.1.1c).
Fixed in OpenSSL 1.1.0l (Affected 1.1.0-1.1.0k). Fixed
in OpenSSL 1.0.2t (Affected
1.0.2-1.0.2s).(CVE-2019-1547)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1061
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?49af0d0a");
script_set_attribute(attribute:"solution", value:
"Update the affected compat-openssl10 packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1563");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2019-1547");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"patch_publication_date", value:"2020/01/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:compat-openssl10");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.5.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.5.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.5.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
flag = 0;
pkgs = ["compat-openssl10-1.0.2o-3.h8.eulerosv2r8"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "compat-openssl10");
}
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
91.3%