Lucene search

HistoryJun 30, 2021 - 12:00 a.m.

EulerOS Virtualization for ARM 64 3.0.6.0 : git (EulerOS-SA-2021-1998)

2021-06-3000:00:00

www.tenable.com

euleros

virtualization

arm 64

vulnerability

git

remote host

repository

symbolic links

clean/smudge filters

ntfs

hfs+

apfs

windows

macos

git lfs

patch

workaround

cve-2021-21300

tenable network security

CVSS2

5.1

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

AI Score

7.6

Confidence

High

EPSS

0.895

Percentile

98.8%

JSON

According to the version of the git packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability :

Git is an open-source distributed revision control system. In affected versions of Git a specially crafted repository that contains symbolic links as well as files using a clean/smudge filter such as Git LFS,may cause just-checked out script to be executed while cloning onto a case-insensitive file system such as NTFS,HFS+ or APFS (i.e. the default file systems on Windows and macOS). Note that clean/smudge filters have to be configured for that. Git for Windows configures Git LFS by default,and is therefore vulnerable. The problem has been patched in the versions published on Tuesday,March 9th,2021. As a workaound,if symbolic link support is disabled in Git (e.g. via git config --global core.symlinks false),the described attack won’t work. Likewise,if no clean/smudge filters such as Git LFS are configured globally (i.e. before cloning),the attack is foiled. As always,it is best to avoid cloning repositories from untrusted sources.(CVE-2021-21300)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(151172);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/12");

  script_cve_id("CVE-2021-21300");

  script_name(english:"EulerOS Virtualization for ARM 64 3.0.6.0 : git (EulerOS-SA-2021-1998)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization for ARM 64 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the version of the git packages installed, the EulerOS
Virtualization for ARM 64 installation on the remote host is affected
by the following vulnerability :

  - Git is an open-source distributed revision control
    system. In affected versions of Git a specially crafted
    repository that contains symbolic links as well as
    files using a clean/smudge filter such as Git LFS,may
    cause just-checked out script to be executed while
    cloning onto a case-insensitive file system such as
    NTFS,HFS+ or APFS (i.e. the default file systems on
    Windows and macOS). Note that clean/smudge filters have
    to be configured for that. Git for Windows configures
    Git LFS by default,and is therefore vulnerable. The
    problem has been patched in the versions published on
    Tuesday,March 9th,2021. As a workaound,if symbolic link
    support is disabled in Git (e.g. via `git config
    --global core.symlinks false`),the described attack
    won't work. Likewise,if no clean/smudge filters such as
    Git LFS are configured globally (i.e. _before_
    cloning),the attack is foiled. As always,it is best to
    avoid cloning repositories from untrusted
    sources.(CVE-2021-21300)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1998
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cea65f42");
  script_set_attribute(attribute:"solution", value:
"Update the affected git package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-21300");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Git LFS Clone Command Exec');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2021/06/30");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/06/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:git");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:git-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:git-core-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:perl-Git");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.6.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.6.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.6.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

flag = 0;

pkgs = ["git-2.19.1-1.h9.eulerosv2r8",
        "git-core-2.19.1-1.h9.eulerosv2r8",
        "git-core-doc-2.19.1-1.h9.eulerosv2r8",
        "perl-Git-2.19.1-1.h9.eulerosv2r8"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "git");
}