Lucene search
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2020-2465.NASLHistoryNov 06, 2020 - 12:00 a.m.
EulerOS Virtualization 3.0.6.6 : dbus (EulerOS-SA-2020-2465)
2020-11-0600:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
CVSS2
4.9
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
5.8
Confidence
High
EPSS
0
Percentile
5.1%
According to the version of the dbus packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability :
- An issue was discovered in dbus >= 1.3.0 before 1.12.18. The DBusServer in libdbus, as used in dbus-daemon, leaks file descriptors when a message exceeds the per-message file descriptor limit. A local attacker with access to the D-Bus system bus or another system service’s private AF_UNIX socket could use this to make the system service reach its file descriptor limit, denying service to subsequent D-Bus clients.(CVE-2020-12049)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(142516);
script_version("1.6");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/09");
script_cve_id("CVE-2020-12049");
script_name(english:"EulerOS Virtualization 3.0.6.6 : dbus (EulerOS-SA-2020-2465)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the version of the dbus packages installed, the EulerOS
Virtualization installation on the remote host is affected by the
following vulnerability :
- An issue was discovered in dbus >= 1.3.0 before
1.12.18. The DBusServer in libdbus, as used in
dbus-daemon, leaks file descriptors when a message
exceeds the per-message file descriptor limit. A local
attacker with access to the D-Bus system bus or another
system service's private AF_UNIX socket could use this
to make the system service reach its file descriptor
limit, denying service to subsequent D-Bus
clients.(CVE-2020-12049)
Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2465
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0a26aeab");
script_set_attribute(attribute:"solution", value:
"Update the affected dbus package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-12049");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2020/11/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/11/06");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:dbus");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:dbus-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:dbus-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:dbus-x11");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.6.6");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.6.6") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.6.6");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
flag = 0;
pkgs = ["dbus-1.10.24-7.h11.eulerosv2r7",
"dbus-devel-1.10.24-7.h11.eulerosv2r7",
"dbus-libs-1.10.24-7.h11.eulerosv2r7",
"dbus-x11-1.10.24-7.h11.eulerosv2r7"];
foreach (pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dbus");
}
Related
redhatcve
redhatcve
CVE-2020-12049
2020-06-19 15:56:02
freebsd
freebsd
dbus file descriptor leak
2020-04-09 00:00:00
nessus
nessus
NewStart CGSL CORE 5.04 / MAIN 5.04 : dbus Vulnerability (NS-SA-2020-0081)
2020-12-09 00:00:00
EulerOS 2.0 SP5 : dbus (EulerOS-SA-2020-2242)
2020-10-30 00:00:00
SUSE SLES15 Security Update : dbus-1 (SUSE-SU-2021:2470-1)
2021-07-28 00:00:00
ubuntu
ubuntu
DBus vulnerability
2020-06-16 00:00:00
DBus vulnerability
2020-06-16 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for dbus (EulerOS-SA-2020-2096)
2020-09-29 00:00:00
Huawei EulerOS: Security Advisory for dbus (EulerOS-SA-2020-2465)
2020-11-05 00:00:00
openSUSE: Security Advisory for dbus-1 (openSUSE-SU-2021:1204-1)
2021-08-27 00:00:00
oraclelinux
oraclelinux
dbus security update
2020-07-14 00:00:00
dbus security update
2020-07-23 00:00:00
dbus security update
2020-10-06 00:00:00
prion
prion
Code injection
2020-06-08 17:15:00
redhat
redhat
(RHSA-2020:3044) Important: dbus security update
2020-07-21 14:16:04
(RHSA-2020:2894) Important: dbus security update
2020-07-13 10:17:31
(RHSA-2020:3298) Important: dbus security update
2020-08-04 07:13:03
nvd
nvd
CVE-2020-12049
2020-06-08 17:15:09
cvelist
cvelist
CVE-2020-12049
2020-06-08 00:00:00
alpinelinux
alpinelinux
CVE-2020-12049
2020-06-08 17:15:09
cve
cve
CVE-2020-12049
2020-06-08 17:15:09
ubuntucve
ubuntucve
CVE-2020-12049
2020-06-08 00:00:00
gentoo
gentoo
D-Bus: Denial of service
2020-07-27 00:00:00
mageia
mageia
Updated dbus packages fix security vulnerability
2020-06-15 10:54:40
debiancve
debiancve
CVE-2020-12049
2020-06-08 17:15:09
veracode
veracode
Denial Of Service (DoS)
2020-07-14 02:45:33
osv
osv
dbus - security update
2020-06-05 00:00:00
CVE-2020-12049
2020-06-08 17:15:09
suse
suse
Security update for dbus-1 (moderate)
2021-08-27 00:00:00
Security update for dbus-1 (moderate)
2021-08-23 00:00:00
f5
f5
K16729408 : D-Bus vulnerability CVE-2020-12049
2021-04-12 00:00:00
debian
debian
[SECURITY] [DLA 2235-1] dbus security update
2020-06-05 15:33:53
centos
centos
dbus security update
2020-07-14 22:54:19
cloudfoundry
cloudfoundry
USN-4398-1: DBus vulnerability | Cloud Foundry
2020-07-22 00:00:00
archlinux
archlinux
[ASA-202006-9] dbus: denial of service
2020-06-13 00:00:00
amazon
amazon
Important: dbus
2022-10-31 19:40:00
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2020-2.0-0259
2020-07-03 00:00:00
Critical Photon OS Security Update - PHSA-2020-0259
2020-07-03 00:00:00
Moderate Photon OS Security Update - PHSA-2024-3.0-0722
2024-02-08 00:00:00
CVSS2
4.9
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:N/A:C
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
AI Score
5.8
Confidence
High
EPSS
0
Percentile
5.1%
Related for EULEROS_SA-2020-2465.NASL