Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2020-1222.NASLHistoryMar 13, 2020 - 12:00 a.m.
EulerOS Virtualization for ARM 64 3.0.2.0 : unzip (EulerOS-SA-2020-1222)
2020-03-1300:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
25
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.2
Confidence
High
EPSS
0.047
Percentile
92.7%
According to the versions of the unzip package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities :
-
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.(CVE-2015-7697)
-
Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.(CVE-2015-7696)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(134511);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/22");
script_cve_id("CVE-2015-7696", "CVE-2015-7697");
script_name(english:"EulerOS Virtualization for ARM 64 3.0.2.0 : unzip (EulerOS-SA-2020-1222)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization for ARM 64 host is missing multiple security
updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the unzip package installed, the EulerOS
Virtualization for ARM 64 installation on the remote host is affected
by the following vulnerabilities :
- Info-ZIP UnZip 6.0 allows remote attackers to cause a
denial of service (infinite loop) via empty bzip2 data
in a ZIP archive.(CVE-2015-7697)
- Info-ZIP UnZip 6.0 allows remote attackers to cause a
denial of service (heap-based buffer over-read and
application crash) or possibly execute arbitrary code
via a crafted password-protected ZIP archive, possibly
related to an Extra-Field size value.(CVE-2015-7696)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1222
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?58486a40");
script_set_attribute(attribute:"solution", value:
"Update the affected unzip packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2015-7696");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"patch_publication_date", value:"2020/03/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/03/13");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:unzip");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.2.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.2.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
flag = 0;
pkgs = ["unzip-6.0-19.h7"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "unzip");
}
Related
openvas
openvas
Huawei EulerOS: Security Advisory for unzip (EulerOS-SA-2019-2234)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for unzip (EulerOS-SA-2020-1222)
2020-03-13 00:00:00
Debian: Security Advisory (DLA-330-1)
2023-03-08 00:00:00
nessus
nessus
EulerOS 2.0 SP5 : unzip (EulerOS-SA-2019-2234)
2019-11-08 00:00:00
Ubuntu 14.04 LTS : unzip regression (USN-2788-2)
2015-11-10 00:00:00
ubuntu
ubuntu
unzip regression
2015-11-09 00:00:00
unzip vulnerabilities
2015-10-29 00:00:00
debian
debian
[SECURITY] [DLA 330-1] unzip security update
2015-10-22 09:43:10
[SECURITY] [DSA 3386-1] unzip security update
2015-10-31 14:36:35
[SECURITY] [DSA 3386-1] unzip security update
2015-10-31 14:36:35
osv
osv
unzip - regression update
2015-10-31 00:00:00
unzip - security update
2015-10-31 00:00:00
freebsd
freebsd
unzip -- multiple vulnerabilities
2015-09-26 00:00:00
securityvulns
securityvulns
[USN-2788-1] unzip vulnerabilities
2015-11-01 00:00:00
unzip security vulneravilities
2015-11-01 00:00:00
cloudfoundry
cloudfoundry
USN-2788-1 and USN-2788-2 unzip vulnerability | Cloud Foundry
2015-11-24 00:00:00
archlinux
archlinux
unzip: multiple issues
2015-11-03 00:00:00
cbl_mariner
cbl_mariner
CVE-2015-7696 affecting package unzip for versions less than 6.0-20
2024-03-19 17:21:46
CVE-2015-7696 affecting package unzip for versions less than 6.0-19
2022-04-09 06:51:51
CVE-2015-7696 affecting package unzip 6.0-19
2020-09-09 06:09:13
cvelist
cvelist
CVE-2015-7696
2015-11-06 18:00:00
CVE-2015-7697
2015-11-06 18:00:00
cve
cve
CVE-2015-7696
2015-11-06 18:59:04
CVE-2015-7697
2015-11-06 18:59:05
alpinelinux
alpinelinux
CVE-2015-7696
2015-11-06 18:59:04
CVE-2015-7697
2015-11-06 18:59:05
ubuntucve
ubuntucve
CVE-2015-7696
2015-10-12 00:00:00
CVE-2015-7697
2015-10-12 00:00:00
prion
prion
Heap overflow
2015-11-06 18:59:00
Design/Logic Flaw
2015-11-06 18:59:00
nvd
nvd
CVE-2015-7696
2015-11-06 18:59:04
CVE-2015-7697
2015-11-06 18:59:05
debiancve
debiancve
CVE-2015-7696
2015-11-06 18:59:04
CVE-2015-7697
2015-11-06 18:59:05
rosalinux
rosalinux
Advisory ROSA-SA-2021-1991
2021-07-02 18:18:35
suse
suse
Security update for unzip (moderate)
2018-10-05 21:18:21
photon
photon
ibm
ibm
amazon
amazon
Important: unzip
2021-02-17 18:14:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
7.2
Confidence
High
EPSS
0.047
Percentile
92.7%
Related for EULEROS_SA-2020-1222.NASL