Vulnerabilities > CVE-2019-13313 - Information Exposure vulnerability in multiple products

047910
CVSS 7.8 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
local
low complexity
libosinfo
fedoraproject
redhat
CWE-200
nessus

Summary

libosinfo 1.5.0 allows local users to discover credentials by listing a process, because credentials are passed to osinfo-install-script via the command line.

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Subverting Environment Variable Values
    The attacker directly or indirectly modifies environment variables used by or controlling the target software. The attacker's goal is to cause the target software to deviate from its expected operation in a manner that benefits the attacker.
  • Footprinting
    An attacker engages in probing and exploration activity to identify constituents and properties of the target. Footprinting is a general term to describe a variety of information gathering techniques, often used by attackers in preparation for some attack. It consists of using tools to learn as much as possible about the composition, configuration, and security mechanisms of the targeted application, system or network. Information that might be collected during a footprinting effort could include open ports, applications and their versions, network topology, and similar information. While footprinting is not intended to be damaging (although certain activities, such as network scans, can sometimes cause disruptions to vulnerable applications inadvertently) it may often pave the way for more damaging attacks.
  • Exploiting Trust in Client (aka Make the Client Invisible)
    An attack of this type exploits a programs' vulnerabilities in client/server communication channel authentication and data integrity. It leverages the implicit trust a server places in the client, or more importantly, that which the server believes is the client. An attacker executes this type of attack by placing themselves in the communication channel between client and server such that communication directly to the server is possible where the server believes it is communicating only with a valid client. There are numerous variations of this type of attack.
  • Browser Fingerprinting
    An attacker carefully crafts small snippets of Java Script to efficiently detect the type of browser the potential victim is using. Many web-based attacks need prior knowledge of the web browser including the version of browser to ensure successful exploitation of a vulnerability. Having this knowledge allows an attacker to target the victim with attacks that specifically exploit known or zero day weaknesses in the type and version of the browser used by the victim. Automating this process via Java Script as a part of the same delivery system used to exploit the browser is considered more efficient as the attacker can supply a browser fingerprinting method and integrate it with exploit code, all contained in Java Script and in response to the same web page request by the browser.
  • Session Credential Falsification through Prediction
    This attack targets predictable session ID in order to gain privileges. The attacker can predict the session ID used during a transaction to perform spoofing and session hijacking.

Nessus

  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-2003.NASL
    descriptionAccording to the version of the libosinfo package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in libosinfo, version 1.5.0, where the script for automated guest installations,
    last seen2020-05-08
    modified2019-09-24
    plugin id129196
    published2019-09-24
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/129196
    titleEulerOS 2.0 SP3 : libosinfo (EulerOS-SA-2019-2003)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(129196);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/07");
    
      script_cve_id(
        "CVE-2019-13313"
      );
    
      script_name(english:"EulerOS 2.0 SP3 : libosinfo (EulerOS-SA-2019-2003)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the libosinfo package installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerability :
    
      - A flaw was found in libosinfo, version 1.5.0, where the
        script for automated guest installations,
        'osinfo-install-script', accepts user and admin
        passwords via command line arguments. This could allow
        guest passwords to leak to other system users via a
        process listing.(CVE-2019-13313)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2003
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?77546500");
      script_set_attribute(attribute:"solution", value:
    "Update the affected libosinfo package.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/09/25");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/24");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libosinfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
    
    flag = 0;
    
    pkgs = ["libosinfo-0.2.12-3.h2"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_NOTE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libosinfo");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2019-3387.NASL
    descriptionAn update for osinfo-db, osinfo-db-tools, libosinfo, and gnome-boxes is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link (s) in the References section. The osinfo-db package contains a database that provides information about operating systems and hypervisor platforms to facilitate the automated configuration and provisioning of new virtual machines. The libosinfo packages provide a library that allows virtualization provisioning tools to determine the optimal device settings for a combination of hypervisor and operating system. Security Fix(es) : * Libosinfo: osinfo-install-script option leaks password via command line argument (CVE-2019-13313) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes : For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.1 Release Notes linked from the References section.
    last seen2020-06-01
    modified2020-06-02
    plugin id130532
    published2019-11-06
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/130532
    titleRHEL 8 : osinfo-db and libosinfo (RHSA-2019:3387)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2019:3387. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(130532);
      script_version("1.2");
      script_cvs_date("Date: 2019/12/17");
    
      script_cve_id("CVE-2019-13313");
      script_xref(name:"RHSA", value:"2019:3387");
    
      script_name(english:"RHEL 8 : osinfo-db and libosinfo (RHSA-2019:3387)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "An update for osinfo-db, osinfo-db-tools, libosinfo, and gnome-boxes
    is now available for Red Hat Enterprise Linux 8.
    
    Red Hat Product Security has rated this update as having a security
    impact of Low. A Common Vulnerability Scoring System (CVSS) base
    score, which gives a detailed severity rating, is available for each
    vulnerability from the CVE link (s) in the References section.
    
    The osinfo-db package contains a database that provides information
    about operating systems and hypervisor platforms to facilitate the
    automated configuration and provisioning of new virtual machines.
    
    The libosinfo packages provide a library that allows virtualization
    provisioning tools to determine the optimal device settings for a
    combination of hypervisor and operating system.
    
    Security Fix(es) :
    
    * Libosinfo: osinfo-install-script option leaks password via command
    line argument (CVE-2019-13313)
    
    For more details about the security issue(s), including the impact, a
    CVSS score, acknowledgments, and other related information, refer to
    the CVE page(s) listed in the References section.
    
    Additional Changes :
    
    For detailed information on changes in this release, see the Red Hat
    Enterprise Linux 8.1 Release Notes linked from the References section."
      );
      # https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?774148ae"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2019:3387"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2019-13313"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gnome-boxes");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gnome-boxes-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gnome-boxes-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libosinfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libosinfo-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libosinfo-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:osinfo-db");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:osinfo-db-tools");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:osinfo-db-tools-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:osinfo-db-tools-debugsource");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/11/05");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/11/06");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 8.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2019:3387";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_NOTE,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"gnome-boxes-3.28.5-7.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"gnome-boxes-debuginfo-3.28.5-7.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"gnome-boxes-debugsource-3.28.5-7.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"i686", reference:"libosinfo-1.5.0-3.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"libosinfo-1.5.0-3.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"libosinfo-1.5.0-3.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"i686", reference:"libosinfo-debuginfo-1.5.0-3.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"libosinfo-debuginfo-1.5.0-3.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"libosinfo-debuginfo-1.5.0-3.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"i686", reference:"libosinfo-debugsource-1.5.0-3.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"libosinfo-debugsource-1.5.0-3.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"libosinfo-debugsource-1.5.0-3.el8")) flag++;
      if (rpm_check(release:"RHEL8", reference:"osinfo-db-20190611-1.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"osinfo-db-tools-1.5.0-4.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"osinfo-db-tools-1.5.0-4.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"osinfo-db-tools-debuginfo-1.5.0-4.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"osinfo-db-tools-debuginfo-1.5.0-4.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"s390x", reference:"osinfo-db-tools-debugsource-1.5.0-4.el8")) flag++;
      if (rpm_check(release:"RHEL8", cpu:"x86_64", reference:"osinfo-db-tools-debugsource-1.5.0-4.el8")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_NOTE,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "gnome-boxes / gnome-boxes-debuginfo / gnome-boxes-debugsource / etc");
      }
    }
    
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1821.NASL
    descriptionAccording to the version of the libosinfo package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in libosinfo, version 1.5.0, where the script for automated guest installations,
    last seen2020-05-03
    modified2019-08-27
    plugin id128190
    published2019-08-27
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128190
    titleEulerOS 2.0 SP8 : libosinfo (EulerOS-SA-2019-1821)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(128190);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/01");
    
      script_cve_id(
        "CVE-2019-13313"
      );
    
      script_name(english:"EulerOS 2.0 SP8 : libosinfo (EulerOS-SA-2019-1821)");
      script_summary(english:"Checks the rpm output for the updated package.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote EulerOS host is missing a security update.");
      script_set_attribute(attribute:"description", value:
    "According to the version of the libosinfo package installed, the
    EulerOS installation on the remote host is affected by the following
    vulnerability :
    
      - A flaw was found in libosinfo, version 1.5.0, where the
        script for automated guest installations,
        'osinfo-install-script', accepts user and admin
        passwords via command line arguments. This could allow
        guest passwords to leak to other system users via a
        process listing.(CVE-2019-13313)
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the EulerOS security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues.");
      # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-1821
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6de1decb");
      script_set_attribute(attribute:"solution", value:
    "Update the affected libosinfo package.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2019/08/28");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/27");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libosinfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"Huawei Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
      script_exclude_keys("Host/EulerOS/uvp_version");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/EulerOS/release");
    if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
    if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");
    
    sp = get_kb_item("Host/EulerOS/sp");
    if (isnull(sp) || sp !~ "^(8)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8");
    
    uvp = get_kb_item("Host/EulerOS/uvp_version");
    if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP8", "EulerOS UVP " + uvp);
    
    if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
    if ("aarch64" >!< cpu) audit(AUDIT_ARCH_NOT, "aarch64", cpu);
    
    flag = 0;
    
    pkgs = ["libosinfo-1.2.0-4.h6.eulerosv2r8"];
    
    foreach (pkg in pkgs)
      if (rpm_check(release:"EulerOS-2.0", sp:"8", reference:pkg)) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_NOTE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libosinfo");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2020-1051.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1051 advisory. - Libosinfo: osinfo-install-script option leaks password via command line argument (CVE-2019-13313) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-06-06
    modified2020-04-10
    plugin id135326
    published2020-04-10
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135326
    titleCentOS 7 : libosinfo (CESA-2020:1051)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1854.NASL
    descriptionAccording to the version of the libosinfo package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in libosinfo, version 1.5.0, where the script for automated guest installations,
    last seen2020-05-08
    modified2019-09-17
    plugin id128906
    published2019-09-17
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128906
    titleEulerOS 2.0 SP2 : libosinfo (EulerOS-SA-2019-1854)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-D2CDE4761E.NASL
    descriptionSecurity fix for CVE-2019-13313 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127083
    published2019-07-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127083
    titleFedora 29 : libosinfo (2019-d2cde4761e)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-4B8990E4D6.NASL
    descriptionSecurity fix for CVE-2019-13313 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126798
    published2019-07-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126798
    titleFedora 29 : mingw-libosinfo (2019-4b8990e4d6)
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2020-1051.NASL
    descriptionThe remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:1051 advisory. - Libosinfo: osinfo-install-script option leaks password via command line argument (CVE-2019-13313) Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-04-23
    modified2020-04-01
    plugin id135064
    published2020-04-01
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135064
    titleRHEL 7 : libosinfo (RHSA-2020:1051)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-C9FBE3DB9C.NASL
    descriptionSecurity fix for CVE-2019-13313 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id127082
    published2019-07-26
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/127082
    titleFedora 30 : libosinfo (2019-c9fbe3db9c)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2019-E23AEAC13E.NASL
    descriptionSecurity fix for CVE-2019-13313 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id126802
    published2019-07-19
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/126802
    titleFedora 30 : mingw-libosinfo (2019-e23aeac13e)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1952.NASL
    descriptionAccording to the version of the libosinfo package installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerability : - A flaw was found in libosinfo, version 1.5.0, where the script for automated guest installations,
    last seen2020-06-01
    modified2020-06-02
    plugin id128955
    published2019-09-17
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128955
    titleEulerOS Virtualization for ARM 64 3.0.2.0 : libosinfo (EulerOS-SA-2019-1952)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SU-2019-2273-1.NASL
    descriptionThis update for libosinfo fixes the following issues : Security issue fixed : CVE-2019-13313: Fixed a information leak where a local user could gather credentials from the osinfo-install-script (bsc#1140749). Non-security issues fixed: Fixed OS detection for multiple versions of SLE12, SLE15 and openSUSE Leap (bsc#1105607, bsc#1122858, bsc#1105607, bsc#1054986, bsc#1054986) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id128504
    published2019-09-04
    reporterThis script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128504
    titleSUSE SLES12 Security Update : libosinfo (SUSE-SU-2019:2273-1)
  • NASL familyHuawei Local Security Checks
    NASL idEULEROS_SA-2019-1888.NASL
    descriptionAccording to the version of the libosinfo package installed, the EulerOS installation on the remote host is affected by the following vulnerability : - A flaw was found in libosinfo, version 1.5.0, where the script for automated guest installations,
    last seen2020-05-08
    modified2019-09-16
    plugin id128811
    published2019-09-16
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/128811
    titleEulerOS 2.0 SP5 : libosinfo (EulerOS-SA-2019-1888)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20200407_LIBOSINFO_ON_SL7_X.NASL
    description* Libosinfo: osinfo-install-script option leaks password via command line argument
    last seen2020-04-30
    modified2020-04-21
    plugin id135815
    published2020-04-21
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/135815
    titleScientific Linux Security Update : libosinfo on SL7.x x86_64 (20200407)

Redhat

advisories
  • bugzilla
    id1739897
    titleRHEL8.1 ppc64le iso is recognized as x86_64 by Boxes (Source Selection)
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 8 is installed
        ovaloval:com.redhat.rhba:tst:20193384074
      • OR
        • AND
          • commentosinfo-db-tools is earlier than 0:1.5.0-4.el8
            ovaloval:com.redhat.rhsa:tst:20193387001
          • commentosinfo-db-tools is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193387002
        • AND
          • commentosinfo-db-tools-debugsource is earlier than 0:1.5.0-4.el8
            ovaloval:com.redhat.rhsa:tst:20193387003
          • commentosinfo-db-tools-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193387004
        • AND
          • commentosinfo-db is earlier than 0:20190611-1.el8
            ovaloval:com.redhat.rhsa:tst:20193387005
          • commentosinfo-db is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140434
        • AND
          • commentlibosinfo-debugsource is earlier than 0:1.5.0-3.el8
            ovaloval:com.redhat.rhsa:tst:20193387007
          • commentlibosinfo-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193387008
        • AND
          • commentlibosinfo is earlier than 0:1.5.0-3.el8
            ovaloval:com.redhat.rhsa:tst:20193387009
          • commentlibosinfo is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140404
        • AND
          • commentgnome-boxes-debugsource is earlier than 0:3.28.5-7.el8
            ovaloval:com.redhat.rhsa:tst:20193387011
          • commentgnome-boxes-debugsource is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20193387012
        • AND
          • commentgnome-boxes is earlier than 0:3.28.5-7.el8
            ovaloval:com.redhat.rhsa:tst:20193387013
          • commentgnome-boxes is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhba:tst:20192044122
    rhsa
    idRHSA-2019:3387
    released2019-11-05
    severityLow
    titleRHSA-2019:3387: osinfo-db and libosinfo security and bug fix update (Low)
  • bugzilla
    id1727766
    titleCVE-2019-13313 Libosinfo: osinfo-install-script option leaks password via command line argument
    oval
    OR
    • commentRed Hat Enterprise Linux must be installed
      ovaloval:com.redhat.rhba:tst:20070304026
    • AND
      • commentRed Hat Enterprise Linux 7 is installed
        ovaloval:com.redhat.rhba:tst:20150364027
      • OR
        • AND
          • commentlibosinfo is earlier than 0:1.1.0-5.el7
            ovaloval:com.redhat.rhsa:tst:20201051001
          • commentlibosinfo is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140404
        • AND
          • commentlibosinfo-vala is earlier than 0:1.1.0-5.el7
            ovaloval:com.redhat.rhsa:tst:20201051003
          • commentlibosinfo-vala is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140400
        • AND
          • commentlibosinfo-devel is earlier than 0:1.1.0-5.el7
            ovaloval:com.redhat.rhsa:tst:20201051005
          • commentlibosinfo-devel is signed with Red Hat redhatrelease2 key
            ovaloval:com.redhat.rhsa:tst:20183140402
    rhsa
    idRHSA-2020:1051
    released2020-03-31
    severityLow
    titleRHSA-2020:1051: libosinfo security and bug fix update (Low)
rpms
  • gnome-boxes-0:3.28.5-7.el8
  • gnome-boxes-debuginfo-0:3.28.5-7.el8
  • gnome-boxes-debugsource-0:3.28.5-7.el8
  • libosinfo-0:1.5.0-3.el8
  • libosinfo-debuginfo-0:1.5.0-3.el8
  • libosinfo-debugsource-0:1.5.0-3.el8
  • osinfo-db-0:20190611-1.el8
  • osinfo-db-tools-0:1.5.0-4.el8
  • osinfo-db-tools-debuginfo-0:1.5.0-4.el8
  • osinfo-db-tools-debugsource-0:1.5.0-4.el8
  • libosinfo-0:1.1.0-5.el7
  • libosinfo-debuginfo-0:1.1.0-5.el7
  • libosinfo-devel-0:1.1.0-5.el7
  • libosinfo-vala-0:1.1.0-5.el7