The remote host is missing an update for the Huawei EulerOS
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.1.2.2024.1792");
script_cve_id("CVE-2023-45918");
script_tag(name:"creation_date", value:"2024-06-03 04:15:31 +0000 (Mon, 03 Jun 2024)");
script_version("2024-06-03T05:05:26+0000");
script_tag(name:"last_modification", value:"2024-06-03 05:05:26 +0000 (Mon, 03 Jun 2024)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_name("Huawei EulerOS: Security Advisory for ncurses (EulerOS-SA-2024-1792)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("Huawei EulerOS Local Security Checks");
script_dependencies("gb_huawei_euleros_consolidation.nasl");
script_mandatory_keys("ssh/login/euleros", "ssh/login/rpms", re:"ssh/login/release=EULEROS\-2\.0SP11");
script_xref(name:"Advisory-ID", value:"EulerOS-SA-2024-1792");
script_xref(name:"URL", value:"https://developer.huaweicloud.com/intl/en-us/euleros/securitydetail.html?secId=EulerOS-SA-2024-1792");
script_tag(name:"summary", value:"The remote host is missing an update for the Huawei EulerOS 'ncurses' package(s) announced via the EulerOS-SA-2024-1792 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"A vulnerability was found in GNU ncurses 6.4-20230610. It has been rated as problematic. This issue affects the function tgetstr. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.(CVE-2023-45918)");
script_tag(name:"affected", value:"'ncurses' package(s) on Huawei EulerOS V2.0SP11.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "EULEROS-2.0SP11") {
if(!isnull(res = isrpmvuln(pkg:"ncurses", rpm:"ncurses~6.3~2.h7.eulerosv2r11", rls:"EULEROS-2.0SP11"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ncurses-base", rpm:"ncurses-base~6.3~2.h7.eulerosv2r11", rls:"EULEROS-2.0SP11"))) {
report += res;
}
if(!isnull(res = isrpmvuln(pkg:"ncurses-libs", rpm:"ncurses-libs~6.3~2.h7.eulerosv2r11", rls:"EULEROS-2.0SP11"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);