EulerOS 2.0 SP2 : icoutils (EulerOS-SA-2017-1059)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote EulerOS host is missing multiple security updates.

Description :

According to the versions of the icoutils package installed, the
EulerOS installation on the remote host is affected by the following
vulnerabilities :

- Multiple vulnerabilities were found in icoutils, in the
wrestool program. An attacker could create a crafted
executable that, when read by wrestool, could result in
memory corruption leading to a crash or potential code
execution. (CVE-2017-5208, CVE-2017-5333,
CVE-2017-6009)

- A vulnerability was found in icoutils, in the wrestool
program. An attacker could create a crafted executable
that, when read by wrestool, could result in failure to
allocate memory or an over-large memcpy operation,
leading to a crash. (CVE-2017-5332)

- Multiple vulnerabilities were found in icoutils, in the
icotool program. An attacker could create a crafted ICO
or CUR file that, when read by icotool, could result in
memory corruption leading to a crash or potential code
execution. (CVE-2017-6010, CVE-2017-6011)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://www.nessus.org/u?73a16263

Solution :

Update the affected icoutils packages.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.1
(CVSS2#E:POC/RL:U/RC:ND)
Public Exploit Available : true

Family: Huawei Local Security Checks

Nessus Plugin ID: 99904 ()

Bugtraq ID:

CVE ID: CVE-2017-5208
CVE-2017-5332
CVE-2017-5333
CVE-2017-6009
CVE-2017-6010
CVE-2017-6011

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now