This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2022-2710.NASLEulerOS 2.0 SP5 : golang (EulerOS-SA-2022-2710)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
57.3%
According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
-
In filepath.Clean in path/filepath in Go before 1.17.11 and 1.18.x before 1.18.3 on Windows, invalid paths such as .\c: could be converted to valid paths (such as c: in this example). (CVE-2022-29804)
-
Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files. (CVE-2022-30631)
-
Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.
(CVE-2022-30632) -
Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the ‘any’ field tag. (CVE-2022-30633)
-
Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. (CVE-2022-30634)
-
Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.
(CVE-2022-30635) -
Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header. (CVE-2022-32148)
-
A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go before 1.17.13 and 1.18.5, potentially allowing a denial of service. (CVE-2022-32189)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(166979);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/05");
script_cve_id(
"CVE-2022-29804",
"CVE-2022-30631",
"CVE-2022-30632",
"CVE-2022-30633",
"CVE-2022-30634",
"CVE-2022-30635",
"CVE-2022-32148",
"CVE-2022-32189"
);
script_xref(name:"IAVB", value:"2022-B-0025-S");
script_name(english:"EulerOS 2.0 SP5 : golang (EulerOS-SA-2022-2710)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by
the following vulnerabilities :
- In filepath.Clean in path/filepath in Go before 1.17.11 and 1.18.x before 1.18.3 on Windows, invalid paths
such as .\c: could be converted to valid paths (such as c: in this example). (CVE-2022-29804)
- Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker
to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length
compressed files. (CVE-2022-30631)
- Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to
cause a panic due to stack exhaustion via a path containing a large number of path separators.
(CVE-2022-30632)
- Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to
cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a
nested field that uses the 'any' field tag. (CVE-2022-30633)
- Infinite loop in Read in crypto/rand before Go 1.17.11 and Go 1.18.3 on Windows allows attacker to cause
an indefinite hang by passing a buffer larger than 1 << 32 - 1 bytes. (CVE-2022-30634)
- Uncontrolled recursion in Decoder.Decode in encoding/gob before Go 1.17.12 and Go 1.18.4 allows an
attacker to cause a panic due to stack exhaustion via a message which contains deeply nested structures.
(CVE-2022-30635)
- Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by
calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the
X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For
header. (CVE-2022-32148)
- A too-short encoded message can cause a panic in Float.GobDecode and Rat GobDecode in math/big in Go
before 1.17.13 and 1.18.5, potentially allowing a denial of service. (CVE-2022-32189)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2710
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ccfe8350");
script_set_attribute(attribute:"solution", value:
"Update the affected golang packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-29804");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/06/07");
script_set_attribute(attribute:"patch_publication_date", value:"2022/11/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/11/04");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:golang");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:golang-bin");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:golang-src");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (_release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");
var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(5)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP5", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
var flag = 0;
var pkgs = [
"golang-1.13.3-9.h23.eulerosv2r7",
"golang-bin-1.13.3-9.h23.eulerosv2r7",
"golang-src-1.13.3-9.h23.eulerosv2r7"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"5", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "golang");
}
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-29804
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30631
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30632
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30633
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30634
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30635
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32148
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32189
www.nessus.org/u?ccfe8350
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.002 Low
EPSS
Percentile
57.3%