4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
73.7%
According to the versions of the ghostscript packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(142175);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/13");
script_cve_id(
"CVE-2020-14373",
"CVE-2020-16287",
"CVE-2020-16288",
"CVE-2020-16289",
"CVE-2020-16290",
"CVE-2020-16291",
"CVE-2020-16292",
"CVE-2020-16293",
"CVE-2020-16294",
"CVE-2020-16295",
"CVE-2020-16296",
"CVE-2020-16297",
"CVE-2020-16298",
"CVE-2020-16299",
"CVE-2020-16300",
"CVE-2020-16301",
"CVE-2020-16304",
"CVE-2020-16305",
"CVE-2020-16306",
"CVE-2020-16307",
"CVE-2020-16308",
"CVE-2020-16309",
"CVE-2020-16310",
"CVE-2020-17538"
);
script_name(english:"EulerOS 2.0 SP8 : ghostscript (EulerOS-SA-2020-2309)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the ghostscript packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :
- This package provides useful conversion utilities based
on Ghostscript software, for converting PS, PDF and
other document formats between each other. Ghostscript
is a suite of software providing an interpreter for
Adobe Systems' PostScript (PS) and Portable Document
Format (PDF) page description languages. Its primary
purpose includes displaying (rasterization & rendering)
and printing of document pages, as well as conversions
between different document formats.Security Fix(es):A
buffer overflow vulnerability in GetNumSameData() in
contrib/lips4/gdevlips.c of Artifex Software
GhostScript v9.50 allows a remote attacker to cause a
denial of service via a crafted PDF file.
(CVE-2020-17538)A division by zero vulnerability in
dot24_print_page() in devices/gdevdm24.c of Artifex
Software GhostScript v9.50 allows a remote attacker to
cause a denial of service via a crafted PDF file.
(CVE-2020-16310)A buffer overflow vulnerability in
lxm5700m_print_page() in devices/gdevlxm.c of Artifex
Software GhostScript v9.50 allows a remote attacker to
cause a denial of service via a crafted eps file.
(CVE-2020-16309)A buffer overflow vulnerability in
p_print_image() in devices/gdevcdj.c of Artifex
Software GhostScript v9.50 allows a remote attacker to
cause a denial of service via a crafted PDF file.
(CVE-2020-16308)A null pointer dereference
vulnerability in devices/vector/gdevtxtw.c and
psi/zbfont.c of Artifex Software GhostScript v9.50
allows a remote attacker to cause a denial of service
via a crafted postscript file. (CVE-2020-16307)A null
pointer dereference vulnerability in devices/gdevtsep.c
of Artifex Software GhostScript v9.50 allows a remote
attacker to cause a denial of service via a crafted
postscript file. (CVE-2020-16306)A buffer overflow
vulnerability in pcx_write_rle() in
contrib/japanese/gdev10v.c of Artifex Software
GhostScript v9.50 allows a remote attacker to cause a
denial of service via a crafted PDF file.
(CVE-2020-16305)A buffer overflow vulnerability in
image_render_color_thresh() in base/gxicolor.c of
Artifex Software GhostScript v9.50 allows a remote
attacker to escalate privileges via a crafted eps file.
(CVE-2020-16304)A buffer overflow vulnerability in
okiibm_print_page1() in devices/gdevokii.c of Artifex
Software GhostScript v9.50 allows a remote attacker to
cause a denial of service via a crafted PDF file.
(CVE-2020-16301)A buffer overflow vulnerability in
tiff12_print_page() in devices/gdevtfnx.c of Artifex
Software GhostScript v9.50 allows a remote attacker to
cause a denial of service via a crafted PDF file.
(CVE-2020-16300)A Division by Zero vulnerability in
bj10v_print_page() in contrib/japanese/gdev10v.c of
Artifex Software GhostScript v9.50 allows a remote
attacker to cause a denial of service via a crafted PDF
file. (CVE-2020-16299)A buffer overflow vulnerability
in mj_color_correct() in contrib/japanese/gdevmjc.c of
Artifex Software GhostScript v9.50 allows a remote
attacker to cause a denial of service via a crafted PDF
file. (CVE-2020-16298)A buffer overflow vulnerability
in FloydSteinbergDitheringC() in contrib/gdevbjca.c of
Artifex Software GhostScript v9.50 allows a remote
attacker to cause a denial of service via a crafted PDF
file. (CVE-2020-16297)A buffer overflow vulnerability
in GetNumWrongData() in contrib/lips4/gdevlips.c of
Artifex Software GhostScript v9.50 allows a remote
attacker to cause a denial of service via a crafted PDF
file. (CVE-2020-16296)A null pointer dereference
vulnerability in clj_media_size() in devices/gdevclj.c
of Artifex Software GhostScript v9.50 allows a remote
attacker to cause a denial of service via a crafted PDF
file. (CVE-2020-16295)A buffer overflow vulnerability
in epsc_print_page() in devices/gdevepsc.c of Artifex
Software GhostScript v9.50 allows a remote attacker to
cause a denial of service via a crafted PDF file.
(CVE-2020-16294)A null pointer dereference
vulnerability in
compose_group_nonknockout_nonblend_isolated_allmask_com
mon() in base/gxblend.c of Artifex Software GhostScript
v9.50 allows a remote attacker to cause a denial of
service via a crafted PDF file. (CVE-2020-16293)A
buffer overflow vulnerability in mj_raster_cmd() in
contrib/japanese/gdevmjc.c of Artifex Software
GhostScript v9.50 allows a remote attacker to cause a
denial of service via a crafted PDF file.
(CVE-2020-16292)A buffer overflow vulnerability in
contrib/gdevdj9.c of Artifex Software GhostScript v9.50
allows a remote attacker to cause a denial of service
via a crafted PDF file. (CVE-2020-16291)A buffer
overflow vulnerability in jetp3852_print_page() in
devices/gdev3852.c of Artifex Software GhostScript
v9.50 allows a remote attacker to cause a denial of
service via a crafted PDF file. (CVE-2020-16290)A
buffer overflow vulnerability in cif_print_page() in
devices/gdevcif.c of Artifex Software GhostScript v9.50
allows a remote attacker to cause a denial of service
via a crafted PDF file. (CVE-2020-16289)A buffer
overflow vulnerability in pj_common_print_page() in
devices/gdevpjet.c of Artifex Software GhostScript
v9.50 allows a remote attacker to cause a denial of
service via a crafted PDF file. (CVE-2020-16288)A
buffer overflow vulnerability in lprn_is_black() in
contrib/lips4/gdevlprn.c of Artifex Software
GhostScript v9.50 allows a remote attacker to cause a
denial of service via a crafted PDF file.
(CVE-2020-16287)A use after free was found in
igc_reloc_struct_ptr() of psi/igc.c of
ghostscript-9.25. A local attacker could supply a
specially crafted PDF file to cause a denial of
service.(CVE-2020-14373)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2309
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?f08c94c9");
script_set_attribute(attribute:"solution", value:
"Update the affected ghostscript packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-17538");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2020/11/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/11/02");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ghostscript");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libgs");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
flag = 0;
pkgs = ["ghostscript-9.25-1.h10.eulerosv2r8",
"libgs-9.25-1.h10.eulerosv2r8"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ghostscript");
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14373
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16287
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16288
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16289
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16290
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16291
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16292
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16293
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16294
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16295
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16296
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16297
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16298
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16299
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16300
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16301
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16304
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16305
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16306
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16307
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16308
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16309
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16310
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17538
www.nessus.org/u?f08c94c9
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:N/I:N/A:P
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
7 High
AI Score
Confidence
High
0.004 Low
EPSS
Percentile
73.7%