Detections
Analytics

EulerOS 2.0 SP12 : dhcp (EulerOS-SA-2025-1291)

high Nessus Plugin ID 232973

Synopsis

The remote EulerOS host is missing a security update.

Description

According to the versions of the dhcp package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :

 The code that processes control channel messages sent to `named` calls certain functions recursively during packet parsing. Recursion depth is only limited by the maximum accepted packet size; depending on the environment, this may cause the packet-parsing code to run out of available stack memory, causing `named` to terminate unexpectedly. Since each incoming control channel message is fully parsed before its contents are authenticated, exploiting this flaw does not require the attacker to hold a valid RNDC key;
 only network access to the control channel's configured TCP port is necessary.(CVE-2023-3341)

Tenable has extracted the preceding description block directly from the EulerOS dhcp security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected dhcp packages.

See Also

http://www.nessus.org/u?1464916d

Plugin Details

Severity: High

ID: 232973

File Name: EulerOS_SA-2025-1291.nasl

Version: 1.1

Type: local

Published: 3/20/2025

Updated: 3/20/2025

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS Score Source: CVE-2023-3341

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:huawei:euleros:dhcp, cpe:/o:huawei:euleros:2.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/EulerOS/release, Host/EulerOS/rpm-list, Host/EulerOS/sp

Excluded KB Items: Host/EulerOS/uvp_version

Exploit Ease: No known exploits are available

Patch Publication Date: 3/17/2025

Vulnerability Publication Date: 9/20/2023

Reference Information

CVE: CVE-2023-3341