Test ID:	1.3.6.1.4.1.25623.1.1.2.2021.1762
Category:	Huawei EulerOS Local Security Checks
Title:	Huawei EulerOS: Security Advisory for open-iscsi (EulerOS-SA-2021-1762)
Summary:	The remote host is missing an update for the Huawei EulerOS 'open-iscsi' package(s) announced via the EulerOS-SA-2021-1762 advisory.
Description:	Summary: The remote host is missing an update for the Huawei EulerOS 'open-iscsi' package(s) announced via the EulerOS-SA-2021-1762 advisory. Vulnerability Insight: An issue was discovered in uIP 1.0, as used in Contiki 3.0 and other products. The code that reassembles fragmented packets fails to properly validate the total length of an incoming packet specified in its IP header, as well as the fragmentation offset value specified in the IP header. By crafting a packet with specific values of the IP header length and the fragmentation offset, attackers can write into the .bss section of the program (past the statically allocated buffer that is used for storing the fragmented data) and cause a denial of service in uip_reass() in uip.c, or possibly execute arbitrary code on some target architectures.(CVE-2020-17438) Affected Software/OS: 'open-iscsi' package(s) on Huawei EulerOS Virtualization release 2.9.0. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2020-17438 https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 https://www.kb.cert.org/vuls/id/815128
Copyright	Copyright (C) 2021 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.