Lucene search
Copyright (C) 2021 Greenbone AGOPENVAS:1361412562311220212047HistoryJul 01, 2021 - 12:00 a.m.
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2021-2047)
2021-07-0100:00:00
Copyright (C) 2021 Greenbone AG
plugins.openvas.org
5
huawei euleros
binutils
security advisory
bfd library
dwarf functionality
excessive memory consumption
open race window
gnu binutils
privileged user
unprivileged user
symlink
package update
CVSS2
3.3
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:P/A:N
CVSS3
6.3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
6.4
Confidence
High
EPSS
0.001
Percentile
25.3%
The remote host is missing an update for the Huawei EulerOS
# SPDX-FileCopyrightText: 2021 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2021.2047");
script_cve_id("CVE-2021-20197", "CVE-2021-3487");
script_tag(name:"creation_date", value:"2021-07-01 07:40:47 +0000 (Thu, 01 Jul 2021)");
script_version("2024-02-05T14:36:56+0000");
script_tag(name:"last_modification", value:"2024-02-05 14:36:56 +0000 (Mon, 05 Feb 2024)");
script_tag(name:"cvss_base", value:"3.3");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:M/Au:N/C:P/I:P/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2021-04-01 13:39:20 +0000 (Thu, 01 Apr 2021)");
script_name("Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2021-2047)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2021 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP9\-X86_64");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2021-2047");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2021-2047");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'binutils' package(s) announced via the EulerOS-SA-2021-2047 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"There's a flaw in the BFD library of binutils in versions before 2.36. An attacker who supplies a crafted file to an application linked with BFD, and using the DWARF functionality, could cause an impact to system availability by way of excessive memory consumption.(CVE-2021-3487)
There is an open race window when writing output in the following utilities in GNU binutils version 2.35 and earlier:ar, objcopy, strip, ranlib. When these utilities are run as a privileged user (presumably as part of a script updating binaries across different users), an unprivileged user can trick these utilities into getting ownership of arbitrary files through a symlink.(CVE-2021-20197)");
script_tag(name:"affected", value:"'binutils' package(s) on Huawei EulerOS V2.0SP9(x86_64).");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROS-2.0SP9-x86_64") {
if(!isnull(res = isrpmvuln(pkg:"binutils", rpm:"binutils~2.34~1.h18.eulerosv2r9", rls:"EULEROS-2.0SP9-x86_64"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);
Related
openvas
openvas
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2021-2058)
2021-07-01 00:00:00
Huawei EulerOS: Security Advisory for binutils (EulerOS-SA-2021-1974)
2021-06-07 00:00:00
Mageia: Security Advisory (MGASA-2021-0341)
2022-01-28 00:00:00
nessus
nessus
EulerOS 2.0 SP9 : binutils (EulerOS-SA-2021-2058)
2021-07-01 00:00:00
EulerOS 2.0 SP9 : binutils (EulerOS-SA-2021-2047)
2021-07-01 00:00:00
EulerOS 2.0 SP8 : binutils (EulerOS-SA-2021-1976)
2021-06-28 00:00:00
mageia
mageia
Updated binutils packages fix security vulnerabilities
2021-07-12 23:26:21
osv
osv
Moderate: binutils security update
2021-11-09 09:11:20
Moderate: binutils security update
2021-11-09 09:11:20
CVE-2021-20197
2021-03-26 17:15:12
rocky
rocky
binutils security update
2021-11-09 09:11:20
oraclelinux
oraclelinux
binutils security update
2021-11-16 00:00:00
almalinux
almalinux
Moderate: binutils security update
2021-11-09 09:11:20
redhat
redhat
(RHSA-2021:4364) Moderate: binutils security update
2021-11-09 09:11:20
(RHSA-2021:5137) Moderate: Openshift Logging Security Release (5.0.10)
2021-12-14 21:31:08
debiancve
debiancve
CVE-2021-20197
2021-03-26 17:15:12
CVE-2021-3487
2021-04-15 14:15:17
prion
prion
Open redirect
2021-03-26 17:15:00
Design/Logic Flaw
2021-04-15 14:15:00
cvelist
cvelist
CVE-2021-20197
2021-03-26 16:47:20
CVE-2021-3487
2021-04-15 13:35:42
cbl_mariner
cbl_mariner
CVE-2021-20197 affecting package binutils 2.32-5
2021-06-09 03:50:42
CVE-2021-3487 affecting package binutils 2.32-5
2021-06-09 03:50:42
redhatcve
redhatcve
CVE-2021-20197
2021-01-26 21:11:10
CVE-2021-3487
2021-04-08 20:52:11
nvd
nvd
CVE-2021-20197
2021-03-26 17:15:12
CVE-2021-3487
2021-04-15 14:15:17
alpinelinux
alpinelinux
CVE-2021-20197
2021-03-26 17:15:00
CVE-2021-3487
2021-04-15 14:15:17
cve
cve
CVE-2021-20197
2021-03-26 17:15:12
CVE-2021-3487
2021-04-15 14:15:17
veracode
veracode
Privilege Escalation
2021-08-16 17:57:00
Denial Of Service (DoS)
2021-04-25 00:13:27
fedora
fedora
[SECURITY] Fedora 33 Update: mingw-binutils-2.34-7.fc33
2021-02-06 01:18:28
[SECURITY] Fedora 34 Update: mingw-binutils-2.34-8.fc34
2021-04-24 20:24:37
[SECURITY] Fedora 32 Update: mingw-binutils-2.32-10.fc32
2021-04-20 15:01:47
ubuntucve
ubuntucve
CVE-2021-20197
2021-03-26 00:00:00
CVE-2021-3487
2021-04-15 00:00:00
cloudlinux
cloudlinux
Fix of CVE: CVE-2021-3487
2021-09-23 12:14:20
Fix of CVE: CVE-2021-3487
2021-10-05 14:07:07
photon
photon
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2021-1.0-0386
2021-05-04 00:00:00
Home
Download Photon OS
User Documentation
FAQ
Security Advisories
Related Information
Lightwave - PHSA-2021-2.0-0341
2021-05-04 00:00:00
Moderate Photon OS Security Update - PHSA-2021-0230
2021-05-04 00:00:00
freebsd
freebsd
ibm
ibm
gentoo
gentoo
GNU Binutils: Multiple Vulnerabilities
2022-08-14 00:00:00
cloudfoundry
cloudfoundry
USN-5124-1: GNU binutils vulnerabilities | Cloud Foundry
2021-10-28 00:00:00
USN-5341-1: GNU binutils vulnerabilities | Cloud Foundry
2022-04-21 00:00:00
ubuntu
ubuntu
GNU binutils vulnerabilities
2021-10-25 00:00:00
GNU binutils vulnerabilities
2022-03-22 00:00:00
amazon
amazon
Medium: gcc10-binutils
2021-09-08 23:35:00
Medium: gcc10-binutils
2021-09-08 23:35:00
suse
suse
Security update for binutils (moderate)
2021-11-04 00:00:00
Security update for binutils (moderate)
2021-11-15 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1808
2021-07-02 16:33:56
CVSS2
3.3
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:L/AC:M/Au:N/C:P/I:P/A:N
CVSS3
6.3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N
AI Score
6.4
Confidence
High
EPSS
0.001
Percentile
25.3%
Related for OPENVAS:1361412562311220212047