Vulnerabilities > CVE-2017-15020 - Out-of-bounds Read vulnerability in GNU Binutils 2.29

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(104332);
  script_version("3.11");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");

  script_cve_id(
    "CVE-2017-14333",
    "CVE-2017-15020"
  );

  script_name(english:"EulerOS 2.0 SP2 : binutils (EulerOS-SA-2017-1279)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the binutils packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - The process_version_sections function in readelf.c in
    GNU Binutils 2.29 allows attackers to cause a denial of
    service (Integer Overflow, and hang because of a
    time-consuming loop) or possibly have unspecified other
    impact via a crafted binary file with invalid values of
    ent.vn_next, during 'readelf -a'
    execution.(CVE-2017-14333)

  - dwarf1.c in the Binary File Descriptor (BFD) library
    (aka libbfd), as distributed in GNU Binutils 2.29,
    mishandles pointers, which allows remote attackers to
    cause a denial of service (application crash) or
    possibly have unspecified other impact via a crafted
    ELF file, related to parse_die and parse_line_table, as
    demonstrated by a parse_die heap-based buffer
    over-read.(CVE-2017-15020)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1279
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7aa5d71a");
  script_set_attribute(attribute:"solution", value:
"Update the affected binutils packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/11/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:binutils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:binutils-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["binutils-2.23.52.0.1-55.h2",
        "binutils-devel-2.23.52.0.1-55.h2"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "binutils");
}

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(124934);
  script_version("1.4");
  script_cvs_date("Date: 2020/01/17");

  script_cve_id(
    "CVE-2014-8484",
    "CVE-2014-8485",
    "CVE-2014-8501",
    "CVE-2014-8502",
    "CVE-2014-8503",
    "CVE-2014-8504",
    "CVE-2014-8737",
    "CVE-2014-8738",
    "CVE-2017-15020",
    "CVE-2017-16826",
    "CVE-2017-16827",
    "CVE-2017-16828",
    "CVE-2017-16831",
    "CVE-2018-19932",
    "CVE-2018-7208",
    "CVE-2018-7568",
    "CVE-2018-7569",
    "CVE-2018-7642",
    "CVE-2018-7643",
    "CVE-2018-8945"
  );
  script_bugtraq_id(
    70714,
    70741,
    70761,
    70866,
    70868,
    70869,
    70908,
    71083
  );

  script_name(english:"EulerOS Virtualization 3.0.1.0 : binutils (EulerOS-SA-2019-1431)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS Virtualization host is missing multiple security
updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the binutils package installed, the
EulerOS Virtualization installation on the remote host is affected by
the following vulnerabilities :

  - An integer wraparound has been discovered in the Binary
    File Descriptor (BFD) library distributed in GNU
    Binutils up to version 2.30. An attacker could cause a
    crash by providing an ELF file with corrupted DWARF
    debug information.(CVE-2018-7568)

  - A stack-based buffer overflow flaw was found in the way
    various binutils utilities processed certain files. If
    a user were tricked into processing a specially crafted
    file, it could cause the utility used to process that
    file to crash or, potentially, execute arbitrary code
    with the privileges of the user running that
    utility.(CVE-2014-8501)

  - The coff_slurp_line_table function in coffcode.h in the
    Binary File Descriptor (BFD) library (aka libbfd), as
    distributed in GNU Binutils 2.29.1, allows remote
    attackers to cause a denial of service (invalid memory
    access and application crash) or possibly have
    unspecified other impact via a crafted PE
    file.(CVE-2017-16826)

  - It was found that the fix for the CVE-2014-8485 issue
    was incomplete: a heap-based buffer overflow in the
    objdump utility could cause it to crash or,
    potentially, execute arbitrary code with the privileges
    of the user running objdump when processing specially
    crafted files.(CVE-2014-8502)

  - A directory traversal flaw was found in the strip and
    objcopy utilities. A specially crafted file could cause
    strip or objdump to overwrite an arbitrary file
    writable by the user running either of these
    utilities.(CVE-2014-8737)

  - The bfd_section_from_shdr function in elf.c in the
    Binary File Descriptor (BFD) library (aka libbfd), as
    distributed in GNU Binutils 2.30, allows remote
    attackers to cause a denial of service (segmentation
    fault) via a large attribute section.(CVE-2018-8945)

  - In the coff_pointerize_aux function in coffgen.c in the
    Binary File Descriptor (BFD) library (aka libbfd), as
    distributed in GNU Binutils 2.30, an index is not
    validated, which allows remote attackers to cause a
    denial of service (segmentation fault) or possibly have
    unspecified other impact via a crafted file, as
    demonstrated by objcopy of a COFF
    object.(CVE-2018-7208)

  - dwarf1.c in the Binary File Descriptor (BFD) library
    (aka libbfd), as distributed in GNU Binutils 2.29,
    mishandles pointers, which allows remote attackers to
    cause a denial of service (application crash) or
    possibly have unspecified other impact via a crafted
    ELF file, related to parse_die and parse_line_table, as
    demonstrated by a parse_die heap-based buffer
    over-read.(CVE-2017-15020)

  - A buffer overflow flaw was found in the way various
    binutils utilities processed certain files. If a user
    were tricked into processing a specially crafted file,
    it could cause the utility used to process that file to
    crash or, potentially, execute arbitrary code with the
    privileges of the user running that
    utility.(CVE-2014-8485)

  - An integer overflow flaw was found in the way the
    strings utility processed certain files. If a user were
    tricked into running the strings utility on a specially
    crafted file, it could cause the strings executable to
    crash.(CVE-2014-8484)

  - A heap-based buffer overflow flaw was found in the way
    certain binutils utilities processed archive files. If
    a user were tricked into processing a specially crafted
    archive file, it could cause the utility used to
    process that archive to crash or, potentially, execute
    arbitrary code with the privileges of the user running
    that utility.(CVE-2014-8738)

  - The swap_std_reloc_in function in aoutx.h in the Binary
    File Descriptor (BFD) library (aka libbfd), as
    distributed in GNU Binutils 2.30, allows remote
    attackers to cause a denial of service
    (aout_32_swap_std_reloc_out NULL pointer dereference
    and application crash) via a crafted ELF file, as
    demonstrated by objcopy.(CVE-2018-7642)

  - The display_debug_frames function in dwarf.c in GNU
    Binutils 2.29.1 allows remote attackers to cause a
    denial of service (integer overflow and heap-based
    buffer over-read, and application crash) or possibly
    have unspecified other impact via a crafted ELF file,
    related to print_debug_frame.(CVE-2017-16828)

  - A stack-based buffer overflow flaw was found in the
    SREC parser of the libbfd library. A specially crafted
    file could cause an application using the libbfd
    library to crash or, potentially, execute arbitrary
    code with the privileges of the user running that
    application.(CVE-2014-8504)

  - An integer wraparound has been discovered in the Binary
    File Descriptor (BFD) library distributed in GNU
    Binutils up to version 2.30. An attacker could cause a
    crash by providing an ELF file with corrupted DWARF
    debug information.(CVE-2018-7569)

  - A stack-based buffer overflow flaw was found in the way
    objdump processed IHEX files. A specially crafted IHEX
    file could cause objdump to crash or, potentially,
    execute arbitrary code with the privileges of the user
    running objdump.(CVE-2014-8503)

  - coffgen.c in the Binary File Descriptor (BFD) library
    (aka libbfd), as distributed in GNU Binutils 2.29.1,
    does not validate the symbol count, which allows remote
    attackers to cause a denial of service (integer
    overflow and application crash, or excessive memory
    allocation) or possibly have unspecified other impact
    via a crafted PE file.(CVE-2017-16831)

  - The aout_get_external_symbols function in aoutx.h in
    the Binary File Descriptor (BFD) library (aka libbfd),
    as distributed in GNU Binutils 2.29.1, allows remote
    attackers to cause a denial of service (slurp_symtab
    invalid free and application crash) or possibly have
    unspecified other impact via a crafted ELF
    file.(CVE-2017-16827)

  - The display_debug_ranges function in dwarf.c in GNU
    Binutils 2.30 allows remote attackers to cause a denial
    of service (integer overflow and application crash) or
    possibly have unspecified other impact via a crafted
    ELF file, as demonstrated by objdump.(CVE-2018-7643)

  - An issue was discovered in the Binary File Descriptor
    (BFD) library (aka libbfd), as distributed in GNU
    Binutils through 2.31. There is an integer overflow and
    infinite loop caused by the IS_CONTAINED_BY_LMA macro
    in elf.c.(CVE-2018-19932)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1431
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?2de8da5b");
  script_set_attribute(attribute:"solution", value:
"Update the affected binutils packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/05/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/05/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:binutils");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:uvp:3.0.1.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
uvp = get_kb_item("Host/EulerOS/uvp_version");
if (uvp != "3.0.1.0") audit(AUDIT_OS_NOT, "EulerOS Virtualization 3.0.1.0");
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["binutils-2.27-28.base.1.h15"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "binutils");
}

#
# (C) Tenable Network Security, Inc.
#
# @DEPRECATED@
#
# Disabled on 2/7/2019
#

# The descriptive text and package checks in this plugin were
# extracted from VMware Security Advisory PHSA-2017-0038. The text
# itself is copyright (C) VMware, Inc.

include("compat.inc");

if (description)
{
  script_id(111887);
  script_version("1.2");
  script_cvs_date("Date: 2019/02/07 18:59:50");

  script_cve_id(
    "CVE-2017-0379",
    "CVE-2017-7507",
    "CVE-2017-7529",
    "CVE-2017-7687",
    "CVE-2017-10790",
    "CVE-2017-11462",
    "CVE-2017-11472",
    "CVE-2017-12154",
    "CVE-2017-12799",
    "CVE-2017-13704",
    "CVE-2017-13728",
    "CVE-2017-14729",
    "CVE-2017-14745",
    "CVE-2017-14867",
    "CVE-2017-15020",
    "CVE-2017-1000116",
    "CVE-2017-1000381"
  );

  script_name(english:"Photon OS 1.0: Binutils / C / Dnsmasq / Git / Gnutls / Krb5 / Linux / Mercurial / Mesos / Nginx PHSA-2017-0038 (deprecated)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"This plugin has been deprecated.");
  script_set_attribute(attribute:"description", value:
"An update of [gnutls, c-ares, nginx, mercurial, linux, mesos, git,
binutils, krb5, dnsmasq] packages for PhotonOS has been released.");
  # https://github.com/vmware/photon/wiki/Security-Updates-78
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?12da2a77");
  script_set_attribute(attribute:"solution", value:"n/a.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-14867");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/10/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:binutils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:c");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:dnsmasq");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:git");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:gnutls");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:krb5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:linux");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:mercurial");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:mesos");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:nginx");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"PhotonOS Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");

  exit(0);
}

exit(0, "This plugin has been deprecated.");

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/PhotonOS/release");
if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");

if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);

flag = 0;

pkgs = [
  "binutils-2.29.1-1.ph1",
  "binutils-debuginfo-2.29.1-1.ph1",
  "binutils-devel-2.29.1-1.ph1",
  "c-ares-1.12.0-2.ph1",
  "c-ares-debuginfo-1.12.0-2.ph1",
  "c-ares-devel-1.12.0-2.ph1",
  "dnsmasq-2.76-3.ph1",
  "dnsmasq-debuginfo-2.76-3.ph1",
  "git-2.14.2-1.ph1",
  "git-debuginfo-2.14.2-1.ph1",
  "git-lang-2.14.2-1.ph1",
  "gnutls-3.5.15-1.ph1",
  "gnutls-debuginfo-3.5.15-1.ph1",
  "gnutls-devel-3.5.15-1.ph1",
  "krb5-1.15.2-1.ph1",
  "krb5-debuginfo-1.15.2-1.ph1",
  "linux-4.4.92-1.ph1",
  "linux-api-headers-4.4.92-1.ph1",
  "linux-debuginfo-4.4.92-1.ph1",
  "linux-dev-4.4.92-1.ph1",
  "linux-docs-4.4.92-1.ph1",
  "linux-drivers-gpu-4.4.92-1.ph1",
  "linux-esx-4.4.92-2.ph1",
  "linux-esx-debuginfo-4.4.92-2.ph1",
  "linux-esx-devel-4.4.92-2.ph1",
  "linux-esx-docs-4.4.92-2.ph1",
  "linux-oprofile-4.4.92-1.ph1",
  "linux-sound-4.4.92-1.ph1",
  "linux-tools-4.4.92-1.ph1",
  "mercurial-4.3.3-1.ph1",
  "mercurial-debuginfo-4.3.3-1.ph1",
  "mesos-1.2.2-1.ph1",
  "mesos-debuginfo-1.2.2-1.ph1",
  "mesos-devel-1.2.2-1.ph1",
  "mesos-python-1.2.2-1.ph1",
  "nginx-1.11.13-4.ph1",
  "nginx-debuginfo-1.11.13-4.ph1"
];

foreach (pkg in pkgs)
  if (rpm_check(release:"PhotonOS-1.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "binutils / c / dnsmasq / git / gnutls / krb5 / linux / mercurial / mesos / nginx");
}

#
# (C) Tenable Network Security, Inc.
#

include("compat.inc");

if (description)
{
  script_id(104331);
  script_version("3.12");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/04");

  script_cve_id(
    "CVE-2017-14333",
    "CVE-2017-15020"
  );

  script_name(english:"EulerOS 2.0 SP1 : binutils (EulerOS-SA-2017-1278)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"According to the versions of the binutils packages installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

  - The process_version_sections function in readelf.c in
    GNU Binutils 2.29 allows attackers to cause a denial of
    service (Integer Overflow, and hang because of a
    time-consuming loop) or possibly have unspecified other
    impact via a crafted binary file with invalid values of
    ent.vn_next, during 'readelf -a'
    execution.(CVE-2017-14333)

  - dwarf1.c in the Binary File Descriptor (BFD) library
    (aka libbfd), as distributed in GNU Binutils 2.29,
    mishandles pointers, which allows remote attackers to
    cause a denial of service (application crash) or
    possibly have unspecified other impact via a crafted
    ELF file, related to parse_die and parse_line_table, as
    demonstrated by a parse_die heap-based buffer
    over-read.(CVE-2017-15020)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2017-1278
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?df560e70");
  script_set_attribute(attribute:"solution", value:
"Update the affected binutils packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");

  script_set_attribute(attribute:"patch_publication_date", value:"2017/11/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2017/11/02");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:binutils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:binutils-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2017-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(1)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP1", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["binutils-2.23.52.0.1-55.h3",
        "binutils-devel-2.23.52.0.1-55.h3"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"1", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "binutils");
}