Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2024-1464.NASL
HistoryMar 21, 2024 - 12:00 a.m.

EulerOS Virtualization 2.9.1 : tar (EulerOS-SA-2024-1464)

2024-03-2100:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15
euleros virtualization
tar package
denial of service
cve-2023-39804

AI Score

6.7

Confidence

Low

EPSS

0

Percentile

15.5%

JSON

According to the versions of the tar package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :

  • A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and could allow an attacker to cause an application crash, resulting in a denial of service. (CVE-2023-39804)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(192419);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/21");

  script_cve_id("CVE-2023-39804");

  script_name(english:"EulerOS Virtualization 2.9.1 : tar (EulerOS-SA-2024-1464)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the tar package installed, the EulerOS Virtualization installation on the remote host is
affected by the following vulnerabilities :

  - A flaw was found in tar. This issue occurs when extended attributes are processed in PAX archives, and
    could allow an attacker to cause an application crash, resulting in a denial of service. (CVE-2023-39804)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2024-1464
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?616d49ed");
  script_set_attribute(attribute:"solution", value:
"Update the affected tar packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-39804");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/01/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/03/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/21");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:tar");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:2.9.1");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var _release = get_kb_item("Host/EulerOS/release");
if (isnull(_release) || _release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "2.9.1") audit(AUDIT_OS_NOT, "EulerOS Virtualization 2.9.1");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu && "x86" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);

var flag = 0;

var pkgs = [
  "tar-1.30-11.h4.eulerosv2r9"
];

foreach (var pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_NOTE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tar");
}

Related

redos 1
openvas 15
nessus 23
osv 2
amazon 1
debiancve 1
debian 1
cve 1
ubuntu 1
nvd 1
veracode 1
redhatcve 1
cvelist 1
ubuntucve 1
vulnrichment 1
photon 3
hp 2
redos
redos
ROS-20240425-02
2024-04-25 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for tar (EulerOS-SA-2024-1188)
2024-02-09 00:00:00
Huawei EulerOS: Security Advisory for tar (EulerOS-SA-2024-1623)
2024-05-15 00:00:00
Huawei EulerOS: Security Advisory for tar (EulerOS-SA-2024-1539)
2024-04-22 00:00:00
nessus
nessus
EulerOS Virtualization 2.11.1 : tar (EulerOS-SA-2024-1623)
2024-05-15 00:00:00
Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : GNU Tar vulnerability (USN-6543-1)
2023-12-11 00:00:00
EulerOS 2.0 SP11 : tar (EulerOS-SA-2024-1231)
2024-03-12 00:00:00
osv
osv
tar vulnerability
2023-12-11 00:26:33
tar - security update
2024-03-09 00:00:00
amazon
amazon
Low: tar
2024-01-03 21:04:00
debiancve
debiancve
CVE-2023-39804
2024-03-27 04:15:08
debian
debian
[SECURITY] [DLA 3755-1] tar security update
2024-03-09 21:22:24
cve
cve
CVE-2023-39804
2024-03-27 04:15:08
ubuntu
ubuntu
GNU Tar vulnerability
2023-12-11 00:00:00
nvd
nvd
CVE-2023-39804
2024-03-27 04:15:08
veracode
veracode
Denial Of Service (DOS)
2023-12-15 16:25:51
redhatcve
redhatcve
CVE-2023-39804
2023-12-11 19:27:11
cvelist
cvelist
CVE-2023-39804
2024-03-27 00:00:00
ubuntucve
ubuntucve
CVE-2023-39804
2023-11-30 00:00:00
vulnrichment
vulnrichment
CVE-2023-39804
2024-03-27 00:00:00
photon
photon
Low Photon OS Security Update - PHSA-2023-3.0-0703
2023-12-22 00:00:00
Low Photon OS Security Update - PHSA-2023-5.0-0178
2023-12-23 00:00:00
Low Photon OS Security Update - PHSA-2024-4.0-0540
2024-01-07 00:00:00
hp
hp
HP ThinPro 8.1 SP 2 Security Updates
2024-04-12 00:00:00
HP ThinPro 8.0 SP 8 Security Updates
2024-03-01 00:00:00

AI Score

6.7

Confidence

Low

EPSS

0

Percentile

15.5%

JSON
Related for EULEROS_SA-2024-1464.NASL
redos1openvas15nessus23osv2amazon1debiancve1debian1cve1ubuntu1nvd1veracode1redhatcve1cvelist1ubuntucve1vulnrichment1photon3hp2