Vulnerabilities > CVE-2018-1000117 - Classic Buffer Overflow vulnerability in Python

047910
CVSS 6.7 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
python
CWE-120
nessus
NVD
Published: 2018-03-07
Updated: 2022-07-05

Summary

Python Software Foundation CPython version From 3.2 until 3.6.4 on Windows contains a Buffer Overflow vulnerability in os.symlink() function on Windows that can result in Arbitrary code execution, likely escalation of privilege. This attack appears to be exploitable via a python script that creates a symlink with an attacker controlled name or location. This vulnerability appears to have been fixed in 3.7.0 and 3.6.5.

Vulnerable Configurations

Part Description Count
Application
Python
140
OS
Microsoft
1

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Buffer Overflow via Environment Variables
    This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
  • Overflow Buffers
    Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
  • Client-side Injection-induced Buffer Overflow
    This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
  • Filter Failure through Buffer Overflow
    In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
  • MIME Conversion
    An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.

Nessus

  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-2_0-0037.NASL
    descriptionAn update of {'mercurial', 'python2', 'zsh', 'pycrypto', 'patch', 'binutils', 'paramiko', 'httpd', 'mysql', 'xerces-c', 'util-linux', 'net-snmp', 'python3', 'sqlite'} packages of Photon OS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111297
    published2018-07-24
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111297
    titlePhoton OS 2.0 : Zsh / Python3 / Xerces / Mercurial / Pmd / Pycrypto / Net / Python2 / Util / Mysql / Paramiko / Binutils / Patch / Sqlite (PhotonOS-PHSA-2018-2.0-0037) (deprecated)
    code
    #
# (C) Tenable Network Security, Inc.
#
# @DEPRECATED@
#
# Disabled on 2/7/2019
#

# The descriptive text and package checks in this plugin were
# extracted from VMware Security Advisory PHSA-2018-2.0-0037. The text
# itself is copyright (C) VMware, Inc.

include("compat.inc");

if (description)
{
  script_id(111297);
  script_version("1.3");
  script_cvs_date("Date: 2019/04/05 23:25:07");

  script_cve_id(
    "CVE-2017-12627",
    "CVE-2017-18207",
    "CVE-2018-1303",
    "CVE-2018-2573",
    "CVE-2018-2583",
    "CVE-2018-2612",
    "CVE-2018-2622",
    "CVE-2018-2640",
    "CVE-2018-2665",
    "CVE-2018-2668",
    "CVE-2018-2703",
    "CVE-2018-6594",
    "CVE-2018-6951",
    "CVE-2018-7208",
    "CVE-2018-7549",
    "CVE-2018-7643",
    "CVE-2018-7738",
    "CVE-2018-7750",
    "CVE-2018-8740",
    "CVE-2018-1000030",
    "CVE-2018-1000116",
    "CVE-2018-1000117",
    "CVE-2018-1000132"
  );
  script_bugtraq_id(
    102678,
    102681,
    102682,
    102704,
    102706,
    102708,
    102709,
    102710,
    103044,
    103077,
    103219,
    103264,
    103367,
    103466,
    103522,
    103713,
    104527
  );

  script_name(english:"Photon OS 2.0 : Zsh / Python3 / Xerces / Mercurial / Pmd / Pycrypto / Net / Python2 / Util / Mysql / Paramiko / Binutils / Patch / Sqlite (PhotonOS-PHSA-2018-2.0-0037) (deprecated)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"This plugin has been deprecated.");
  script_set_attribute(attribute:"description", value:
"An update of {'mercurial', 'python2', 'zsh', 'pycrypto', 'patch',
'binutils', 'paramiko', 'httpd', 'mysql', 'xerces-c', 'util-linux',
'net-snmp', 'python3', 'sqlite'} packages of Photon OS has been
released.");
  # https://github.com/vmware/photon/wiki/Security-Updates-2-37
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?5a24de30");
  script_set_attribute(attribute:"solution", value:"n/a.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12627");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/04/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/07/24");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:zsh");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:xerces");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:mercurial");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:pmd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:pycrypto");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:net");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:util");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:paramiko");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:binutils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:patch");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:sqlite");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"PhotonOS Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");

  exit(0);
}

exit(0, "This plugin has been deprecated.");

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/PhotonOS/release");
if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0");

if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);

flag = 0;

pkgs = [
  "binutils-2.30-4.ph2",
  "binutils-debuginfo-2.30-4.ph2",
  "binutils-devel-2.30-4.ph2",
  "mercurial-4.5.3-1.ph2",
  "mercurial-debuginfo-4.5.3-1.ph2",
  "mysql-5.7.21-1.ph2",
  "mysql-debuginfo-5.7.21-1.ph2",
  "mysql-devel-5.7.21-1.ph2",
  "net-snmp-5.7.3-8.ph2",
  "net-snmp-debuginfo-5.7.3-8.ph2",
  "net-snmp-devel-5.7.3-8.ph2",
  "paramiko-2.1.5-1.ph2",
  "patch-2.7.5-5.ph2",
  "patch-debuginfo-2.7.5-5.ph2",
  "pmd-python2-0.0.5-5.ph2",
  "pmd-python3-0.0.5-5.ph2",
  "pycrypto-2.6.1-4.ph2",
  "pycrypto-debuginfo-2.6.1-4.ph2",
  "python2-2.7.13-12.ph2",
  "python2-debuginfo-2.7.13-12.ph2",
  "python2-devel-2.7.13-12.ph2",
  "python2-libs-2.7.13-12.ph2",
  "python2-test-2.7.13-12.ph2",
  "python2-tools-2.7.13-12.ph2",
  "python3-3.6.5-1.ph2",
  "python3-curses-3.6.5-1.ph2",
  "python3-debuginfo-3.6.5-1.ph2",
  "python3-devel-3.6.5-1.ph2",
  "python3-libs-3.6.5-1.ph2",
  "python3-paramiko-2.1.5-1.ph2",
  "python3-paramiko-2.1.5-1.ph2",
  "python3-pip-3.6.5-1.ph2",
  "python3-pycrypto-2.6.1-4.ph2",
  "python3-pycrypto-2.6.1-4.ph2",
  "python3-setuptools-3.6.5-1.ph2",
  "python3-test-3.6.5-1.ph2",
  "python3-tools-3.6.5-1.ph2",
  "python3-xml-3.6.5-1.ph2",
  "sqlite-3.22.0-2.ph2",
  "sqlite-debuginfo-3.22.0-2.ph2",
  "sqlite-devel-3.22.0-2.ph2",
  "sqlite-libs-3.22.0-2.ph2",
  "util-linux-2.32-1.ph2",
  "util-linux-debuginfo-2.32-1.ph2",
  "util-linux-devel-2.32-1.ph2",
  "util-linux-lang-2.32-1.ph2",
  "util-linux-libs-2.32-1.ph2",
  "xerces-c-3.2.1-1.ph2",
  "xerces-c-debuginfo-3.2.1-1.ph2",
  "xerces-c-devel-3.2.1-1.ph2",
  "zsh-5.3.1-6.ph2",
  "zsh-debuginfo-5.3.1-6.ph2",
  "zsh-html-5.3.1-6.ph2"
];

foreach (pkg in pkgs)
  if (rpm_check(release:"PhotonOS-2.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "zsh / python3 / xerces / mercurial / pmd / pycrypto / net / python2 / util / mysql / paramiko / binutils / patch / sqlite");
}
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0126_PYTHON3.NASL
    descriptionAn update of the python3 package has been released.
    last seen2020-03-17
    modified2019-02-07
    plugin id121828
    published2019-02-07
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/121828
    titlePhoton OS 1.0: Python3 PHSA-2018-1.0-0126
    code
    #
# (C) Tenable Network Security, Inc.
#


# The descriptive text and package checks in this plugin were
# extracted from VMware Security Advisory PHSA-2018-1.0-0126. The text
# itself is copyright (C) VMware, Inc.


include('compat.inc');

if (description)
{
  script_id(121828);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2019/03/08");

  script_cve_id("CVE-2017-18207", "CVE-2018-1000117");

  script_name(english:"Photon OS 1.0: Python3 PHSA-2018-1.0-0126");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"The remote PhotonOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"An update of the python3 package has been released.");
  script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-126.md");
  script_set_attribute(attribute:"solution", value:
"Update the affected Linux packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12627");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/04/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/04/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python3");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"PhotonOS Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/PhotonOS/release");
if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");

if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);

flag = 0;

if (rpm_check(release:"PhotonOS-1.0", reference:"python3-3.5.4-2.ph1")) flag++;
if (rpm_check(release:"PhotonOS-1.0", reference:"python3-debuginfo-3.5.4-2.ph1")) flag++;
if (rpm_check(release:"PhotonOS-1.0", reference:"python3-devel-3.5.4-2.ph1")) flag++;
if (rpm_check(release:"PhotonOS-1.0", reference:"python3-libs-3.5.4-2.ph1")) flag++;
if (rpm_check(release:"PhotonOS-1.0", reference:"python3-paramiko-1.17.6-1.ph1")) flag++;
if (rpm_check(release:"PhotonOS-1.0", reference:"python3-pycrypto-2.6.1-5.ph1")) flag++;
if (rpm_check(release:"PhotonOS-1.0", reference:"python3-tools-3.5.4-2.ph1")) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python3");
}
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2018-1_0-0126.NASL
    descriptionAn update of 'paramiko', 'mysql', 'mercurial', 'binutils', 'pycrypto', 'patch', 'sqlite-autoconf', 'httpd', 'python3', 'xerces-c', 'strongswan', 'net-snmp' packages of Photon OS has been released.
    last seen2019-02-21
    modified2019-02-07
    plugin id111930
    published2018-08-17
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=111930
    titlePhoton OS 1.0: Binutils / Httpd / Mercurial / Mysql / Net / Paramiko / Patch / Pycrypto / Python3 / Sqlite / Strongswan / Xerces PHSA-2018-1.0-0126 (deprecated)
    code
    #
# (C) Tenable Network Security, Inc.
#
# @DEPRECATED@
#
# Disabled on 2/7/2019
#

# The descriptive text and package checks in this plugin were
# extracted from VMware Security Advisory PHSA-2018-1.0-0126. The text
# itself is copyright (C) VMware, Inc.

include("compat.inc");

if (description)
{
  script_id(111930);
  script_version("1.3");
  script_cvs_date("Date: 2019/04/05 23:25:07");

  script_cve_id(
    "CVE-2017-9022",
    "CVE-2017-9023",
    "CVE-2017-12627",
    "CVE-2017-15710",
    "CVE-2017-15715",
    "CVE-2017-18207",
    "CVE-2018-1301",
    "CVE-2018-1302",
    "CVE-2018-1303",
    "CVE-2018-2573",
    "CVE-2018-2583",
    "CVE-2018-2612",
    "CVE-2018-2622",
    "CVE-2018-2640",
    "CVE-2018-2665",
    "CVE-2018-2668",
    "CVE-2018-2703",
    "CVE-2018-6594",
    "CVE-2018-6951",
    "CVE-2018-7208",
    "CVE-2018-7643",
    "CVE-2018-7750",
    "CVE-2018-8740",
    "CVE-2018-1000116",
    "CVE-2018-1000117",
    "CVE-2018-1000132"
  );

  script_name(english:"Photon OS 1.0: Binutils / Httpd / Mercurial / Mysql / Net / Paramiko / Patch / Pycrypto / Python3 / Sqlite / Strongswan / Xerces PHSA-2018-1.0-0126 (deprecated)");
  script_summary(english:"Checks the rpm output for the updated packages.");

  script_set_attribute(attribute:"synopsis", value:
"This plugin has been deprecated.");
  script_set_attribute(attribute:"description", value:
"An update of 'paramiko', 'mysql', 'mercurial', 'binutils', 'pycrypto',
'patch', 'sqlite-autoconf', 'httpd', 'python3', 'xerces-c',
'strongswan', 'net-snmp' packages of Photon OS has been released.");
  # https://github.com/vmware/photon/wiki/Security-Updates-1.0-126
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?22ce6999");
  script_set_attribute(attribute:"solution", value:"n/a.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12627");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"patch_publication_date", value:"2018/04/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/08/17");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:binutils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:httpd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:mercurial");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:net");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:paramiko");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:patch");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:pycrypto");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:sqlite");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:strongswan");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:xerces");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"PhotonOS Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");

  exit(0);
}

exit(0, "This plugin has been deprecated.");

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/PhotonOS/release");
if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");

if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);

flag = 0;

pkgs = [
  "binutils-2.30-3.ph1",
  "binutils-debuginfo-2.30-3.ph1",
  "binutils-devel-2.30-3.ph1",
  "httpd-2.4.33-1.ph1",
  "httpd-debuginfo-2.4.33-1.ph1",
  "httpd-devel-2.4.33-1.ph1",
  "httpd-docs-2.4.33-1.ph1",
  "httpd-tools-2.4.33-1.ph1",
  "mercurial-4.5.3-1.ph1",
  "mercurial-debuginfo-4.5.3-1.ph1",
  "mysql-5.7.21-1.ph1",
  "mysql-debuginfo-5.7.21-1.ph1",
  "mysql-devel-5.7.21-1.ph1",
  "net-snmp-5.7.3-5.ph1",
  "net-snmp-debuginfo-5.7.3-5.ph1",
  "net-snmp-devel-5.7.3-5.ph1",
  "paramiko-1.17.6-1.ph1",
  "patch-2.7.5-3.ph1",
  "patch-debuginfo-2.7.5-3.ph1",
  "pycrypto-2.6.1-5.ph1",
  "pycrypto-debuginfo-2.6.1-5.ph1",
  "python3-3.5.4-2.ph1",
  "python3-debuginfo-3.5.4-2.ph1",
  "python3-devel-3.5.4-2.ph1",
  "python3-libs-3.5.4-2.ph1",
  "python3-paramiko-1.17.6-1.ph1",
  "python3-pycrypto-2.6.1-5.ph1",
  "python3-tools-3.5.4-2.ph1",
  "sqlite-autoconf-3.22.0-2.ph1",
  "sqlite-autoconf-debuginfo-3.22.0-2.ph1",
  "strongswan-5.5.2-1.ph1",
  "strongswan-debuginfo-5.5.2-1.ph1",
  "xerces-c-3.2.1-1.ph1",
  "xerces-c-debuginfo-3.2.1-1.ph1",
  "xerces-c-devel-3.2.1-1.ph1"
];

foreach (pkg in pkgs)
  if (rpm_check(release:"PhotonOS-1.0", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "binutils / httpd / mercurial / mysql / net / paramiko / patch / pycrypto / python3 / sqlite / strongswan / xerces");
}

References