Vulnerabilities > CVE-2018-1002105 - 7PK - Errors vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Fuzzing for garnering J2EE/.NET-based stack traces, for application mapping An attacker sends random, malformed, or otherwise unexpected messages to a target application and observes any stack traces produced by error messages. Fuzzing techniques involve sending random or malformed messages to a target and monitoring the target's response. The attacker does not initially know how a target will respond to individual messages but by attempting a large number of message variants they may find a variant that trigger's desired behavior. In this attack, the purpose of the fuzzing is to cause the targeted application to return an error including a stack trace, although fuzzing a target can also sometimes cause the target to enter an unstable state, causing a crash. The stack trace enumerates the chain of methods that led up to the point where the error was encountered. This can not only reveal the names of the methods (some of which may have known weaknesses) but possibly also the location of class files and libraries as well as parameter values. In some cases, the stack trace might even disclose sensitive configuration or user information.
- Fuzzing Fuzzing is a software testing method that feeds randomly constructed input to the system and looks for an indication that a failure in response to that input has occurred. Fuzzing treats the system as a black box and is totally free from any preconceptions or assumptions about the system. An attacker can leverage fuzzing to try to identify weaknesses in the system. For instance fuzzing can help an attacker discover certain assumptions made in the system about user input. Fuzzing gives an attacker a quick way of potentially uncovering some of these assumptions without really knowing anything about the internals of the system. These assumptions can then be turned against the system by specially crafting user input that may allow an attacker to achieve his goals.
Exploit-Db
file exploits/multiple/remote/46052.py id EDB-ID:46052 last seen 2018-12-25 modified 2018-12-10 platform multiple port published 2018-12-10 reporter Exploit-DB source https://www.exploit-db.com/download/46052 title Kubernetes - (Unauthenticated) Arbitrary Requests type remote file exploits/multiple/remote/46053.py id EDB-ID:46053 last seen 2018-12-25 modified 2018-12-10 platform multiple port published 2018-12-10 reporter Exploit-DB source https://www.exploit-db.com/download/46053 title Kubernetes - (Authenticated) Arbitrary Requests type remote
Nessus
NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0112_KUBERNETES.NASL description An update of the kubernetes package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 122010 published 2019-02-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122010 title Photon OS 2.0: Kubernetes PHSA-2018-2.0-0112 code # # (C) Tenable Network Security, Inc.` # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2018-2.0-0112. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(122010); script_version("1.2"); script_cvs_date("Date: 2019/04/02 21:54:17"); script_cve_id("CVE-2018-1002105"); script_name(english:"Photon OS 2.0: Kubernetes PHSA-2018-2.0-0112"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the kubernetes package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-112.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1002105"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/28"); script_set_attribute(attribute:"patch_publication_date", value:"2018/11/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:kubernetes"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_exists(rpm:"kubernetes-1.10", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", reference:"kubernetes-1.10.11-1.ph2")) flag++; if (rpm_exists(rpm:"kubernetes-1.11", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", reference:"kubernetes-1.11.5-1.ph2")) flag++; if (rpm_exists(rpm:"kubernetes-debuginfo-1.10", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", reference:"kubernetes-debuginfo-1.10.11-1.ph2")) flag++; if (rpm_exists(rpm:"kubernetes-debuginfo-1.11", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", reference:"kubernetes-debuginfo-1.11.5-1.ph2")) flag++; if (rpm_exists(rpm:"kubernetes-kubeadm-1.10", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", reference:"kubernetes-kubeadm-1.10.11-1.ph2")) flag++; if (rpm_exists(rpm:"kubernetes-kubeadm-1.11", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", reference:"kubernetes-kubeadm-1.11.5-1.ph2")) flag++; if (rpm_exists(rpm:"kubernetes-kubectl-extras-1.10", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", reference:"kubernetes-kubectl-extras-1.10.11-1.ph2")) flag++; if (rpm_exists(rpm:"kubernetes-kubectl-extras-1.11", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", reference:"kubernetes-kubectl-extras-1.11.5-1.ph2")) flag++; if (rpm_exists(rpm:"kubernetes-pause-1.10", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", reference:"kubernetes-pause-1.10.11-1.ph2")) flag++; if (rpm_exists(rpm:"kubernetes-pause-1.11", release:"PhotonOS-2.0") && rpm_check(release:"PhotonOS-2.0", reference:"kubernetes-pause-1.11.5-1.ph2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kubernetes"); }NASL family Misc. NASL id RANCHER_2_1_3.NASL description The version of a Docker container of Rancher is prior to 1.6.25, 2.0.9, or 2.1.3 and, thus, is affected by a proxy request handling flaw contained in Kubernetes. A remote, unauthenticated attacker may be able to leverage API calls to escalate privileges via proxy request handling vulnerability. Note that a successful attack requires that an API extension server is directly accessible from the Kubernetes API server last seen 2020-06-01 modified 2020-06-02 plugin id 119779 published 2018-12-19 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119779 title Rancher < 1.6.25 / 2.0.9 / 2.1.3 Kubernetes Proxy Request Handling Vulnerability code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(119779); script_version("1.2"); script_cvs_date("Date: 2019/04/05 23:25:06"); script_cve_id("CVE-2018-1002105"); script_bugtraq_id(106068); script_name(english:"Rancher < 1.6.25 / 2.0.9 / 2.1.3 Kubernetes Proxy Request Handling Vulnerability"); script_summary(english:"Checks version of Docker container."); script_set_attribute(attribute:"synopsis", value: "A Docker container of Rancher installed on the remote host is missing a security patch."); script_set_attribute(attribute:"description", value: "The version of a Docker container of Rancher is prior to 1.6.25, 2.0.9, or 2.1.3 and, thus, is affected by a proxy request handling flaw contained in Kubernetes. A remote, unauthenticated attacker may be able to leverage API calls to escalate privileges via proxy request handling vulnerability. Note that a successful attack requires that an API extension server is directly accessible from the Kubernetes API server's network or that a cluster has granted pod exec, attach, port-forward permissions too loosely."); # https://forums.rancher.com/t/rancher-security-advisory-kubernetes-cve-2018-1002105/12598 script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?abbbe5ed"); script_set_attribute(attribute:"solution", value: "Upgrade to version 1.6.25, 2.0.9, 2.1.3 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1002105"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date",value:"2018/12/05"); script_set_attribute(attribute:"patch_publication_date",value:"2018/12/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/19"); script_set_attribute(attribute:"plugin_type",value:"local"); script_set_attribute(attribute:"cpe",value:"x-cpe:/a:rancher_labs:rancher"); script_set_attribute(attribute:"potential_vulnerability",value:"true"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Misc."); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("rancher_local_detection.nbin"); script_require_keys("installed_sw/Rancher", "Settings/ParanoidReport"); exit(0); } include("vcf.inc"); include("vcf_extras.inc"); if (report_paranoia < 2) audit(AUDIT_PARANOID); app = "Rancher"; get_install_count(app_name:app, exit_if_zero:TRUE); app_info = vcf::get_app_info(app:app); constraints = [ {"fixed_version" : "1.6.25", "fixed_display" : "v1.6.25"}, {"min_version" : "2.0.0", "fixed_version" : "2.0.9", "fixed_display" : "v2.0.9"}, {"min_version" : "2.1.0", "fixed_version" : "2.1.3", "fixed_display" : "v2.1.3"} ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-3537.NASL description An update is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat last seen 2020-06-01 modified 2020-06-02 plugin id 119408 published 2018-12-04 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119408 title RHEL 7 : OpenShift Container Platform 3.11 (RHSA-2018:3537) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2018:3537. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(119408); script_version("1.6"); script_cvs_date("Date: 2019/10/24 15:35:46"); script_cve_id("CVE-2018-1002105", "CVE-2018-12115", "CVE-2018-3830"); script_xref(name:"RHSA", value:"2018:3537"); script_name(english:"RHEL 7 : OpenShift Container Platform 3.11 (RHSA-2018:3537)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update is now available for Red Hat OpenShift Container Platform 3.11. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es) : * A privilege escalation vulnerability exists in OpenShift Container Platform 3.x which allows for compromise of pods running on a compute node to which a pod is scheduled with normal user privilege. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. Additionally, on versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the 'servicecatalog' API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services. (CVE-2018-1002105) * nodejs: Out of bounds (OOB) write via UCS-2 encoding (CVE-2018-12115) * kibana: Cross-site scripting via the source field formatter (CVE-2018-3830) Space precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation for details about these changes : https://docs.openshift.com/container-platform/3.11/release_notes/ ocp_3_11_release_notes.html All OpenShift Container Platform 3.11 users are advised to upgrade to these updated packages and images." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/vulnerabilities/3716411" ); script_set_attribute( attribute:"see_also", value:"https://docs.openshift.com/container-platform/3.11/release_notes/" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:3537" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2018-3830" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2018-12115" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2018-1002105" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-enterprise-service-catalog"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-enterprise-service-catalog-svcat"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-cluster-autoscaler"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-descheduler"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-dockerregistry"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hyperkube"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-hypershift"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-metrics-server"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node-problem-detector"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-service-idler"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-template-service-broker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-web-console"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cri-o"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:golang-github-openshift-oauth-proxy"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kibana"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:kibana-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-ansible"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-playbooks"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-roles"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-enterprise-autoheal"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-enterprise-cluster-capacity"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-cephfs-provisioner"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-efs-provisioner"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-local-provisioner"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-manila-provisioner"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-snapshot-controller"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-external-storage-snapshot-provisioner"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-monitor-project-lifecycle"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-monitor-sample-app"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:prometheus"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:prometheus-alertmanager"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:prometheus-node-exporter"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-elasticsearch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-nose-xcover"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/08/21"); script_set_attribute(attribute:"patch_publication_date", value:"2018/11/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/04"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2018:3537"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_exists(rpm:"atomic-enterprise-service-catalog-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-enterprise-service-catalog-3.11.43-1.git.1671.04b17f5.el7")) flag++; if (rpm_exists(rpm:"atomic-enterprise-service-catalog-svcat-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-enterprise-service-catalog-svcat-3.11.43-1.git.1671.04b17f5.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-3.11.43-1.git.0.647ac05.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-clients-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-clients-3.11.43-1.git.0.647ac05.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-clients-redistributable-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-clients-redistributable-3.11.43-1.git.0.647ac05.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-cluster-autoscaler-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-cluster-autoscaler-3.11.43-1.git.0.55c4e4b.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-descheduler-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-descheduler-3.11.43-1.git.300.a720f7f.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-docker-excluder-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"atomic-openshift-docker-excluder-3.11.43-1.git.0.647ac05.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-dockerregistry-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-dockerregistry-3.11.43-1.git.446.b80f8a1.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-excluder-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"atomic-openshift-excluder-3.11.43-1.git.0.647ac05.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-hyperkube-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-hyperkube-3.11.43-1.git.0.647ac05.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-hypershift-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-hypershift-3.11.43-1.git.0.647ac05.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-master-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-master-3.11.43-1.git.0.647ac05.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-metrics-server-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-metrics-server-3.11.43-1.git.52.6cc0a21.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-node-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-node-3.11.43-1.git.0.647ac05.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-node-problem-detector-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-node-problem-detector-3.11.43-1.git.252.f45475c.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-pod-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-pod-3.11.43-1.git.0.647ac05.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-sdn-ovs-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-sdn-ovs-3.11.43-1.git.0.647ac05.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-service-idler-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-service-idler-3.11.43-1.git.14.bbbb450.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-template-service-broker-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-template-service-broker-3.11.43-1.git.0.647ac05.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-tests-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-tests-3.11.43-1.git.0.647ac05.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-web-console-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-web-console-3.11.43-1.git.316.7753377.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"cri-o-1.11.8-2.rhaos3.11.git71cc465.el7")) flag++; if (rpm_exists(rpm:"golang-github-openshift-oauth-proxy-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"golang-github-openshift-oauth-proxy-3.11.43-1.git.419.03122b3.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"jenkins-2-plugins-3.11.1539805268-1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kibana-5.6.12-1.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"kibana-debuginfo-5.6.12-1.el7")) flag++; if (rpm_exists(rpm:"openshift-ansible-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"openshift-ansible-3.11.43-1.git.0.fa69a02.el7")) flag++; if (rpm_exists(rpm:"openshift-ansible-docs-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"openshift-ansible-docs-3.11.43-1.git.0.fa69a02.el7")) flag++; if (rpm_exists(rpm:"openshift-ansible-playbooks-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"openshift-ansible-playbooks-3.11.43-1.git.0.fa69a02.el7")) flag++; if (rpm_exists(rpm:"openshift-ansible-roles-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"openshift-ansible-roles-3.11.43-1.git.0.fa69a02.el7")) flag++; if (rpm_exists(rpm:"openshift-enterprise-autoheal-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"openshift-enterprise-autoheal-3.11.43-1.git.219.be400cf.el7")) flag++; if (rpm_exists(rpm:"openshift-enterprise-cluster-capacity-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"openshift-enterprise-cluster-capacity-3.11.43-1.git.380.9cbcbb2.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"openshift-external-storage-cephfs-provisioner-0.0.2-4.gitd3c94f0.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"openshift-external-storage-debuginfo-0.0.2-4.gitd3c94f0.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"openshift-external-storage-efs-provisioner-0.0.2-4.gitd3c94f0.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"openshift-external-storage-local-provisioner-0.0.2-4.gitd3c94f0.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"openshift-external-storage-manila-provisioner-0.0.2-4.gitd3c94f0.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"openshift-external-storage-snapshot-controller-0.0.2-4.gitd3c94f0.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"openshift-external-storage-snapshot-provisioner-0.0.2-4.gitd3c94f0.el7")) flag++; if (rpm_exists(rpm:"openshift-monitor-project-lifecycle-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"openshift-monitor-project-lifecycle-3.11.43-1.git.59.662daae.el7")) flag++; if (rpm_exists(rpm:"openshift-monitor-sample-app-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"openshift-monitor-sample-app-3.11.43-1.git.5.83ab17f.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"prometheus-3.11.43-1.git.5021.31a8f1d.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"prometheus-alertmanager-3.11.43-1.git.0.19c2765.el7")) flag++; if (rpm_exists(rpm:"prometheus-node-exporter-3.11", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"prometheus-node-exporter-3.11.43-1.git.1060.0aff287.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"python-elasticsearch-5.5.5-1.el7")) flag++; if (rpm_check(release:"RHEL7", reference:"python-nose-xcover-1.0.10-1.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "atomic-enterprise-service-catalog / etc"); } }NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2019-1_0-0202_KUBERNETES.NASL description An update of the kubernetes package has been released. last seen 2020-06-01 modified 2020-06-02 plugin id 122013 published 2019-02-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122013 title Photon OS 1.0: Kubernetes PHSA-2019-1.0-0202 code # # (C) Tenable Network Security, Inc.` # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2019-1.0-0202. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(122013); script_version("1.2"); script_cvs_date("Date: 2019/04/02 21:54:17"); script_cve_id("CVE-2018-1002105"); script_name(english:"Photon OS 1.0: Kubernetes PHSA-2019-1.0-0202"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the kubernetes package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-202.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1002105"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/01/03"); script_set_attribute(attribute:"patch_publication_date", value:"2019/01/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/07"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:kubernetes"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-1.0", reference:"kubernetes-1.9.6-2.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"kubernetes-debuginfo-1.9.6-2.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"kubernetes-kubeadm-1.9.6-2.ph1")) flag++; if (rpm_check(release:"PhotonOS-1.0", reference:"kubernetes-pause-1.9.6-2.ph1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kubernetes"); }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-3754.NASL description An update is now available for Red Hat OpenShift Container Platform release 3.3. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat last seen 2020-06-01 modified 2020-06-02 plugin id 119416 published 2018-12-04 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119416 title RHEL 7 : OpenShift Container Platform 3.3 (RHSA-2018:3754) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2018:3754. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(119416); script_version("1.6"); script_cvs_date("Date: 2019/10/24 15:35:46"); script_cve_id("CVE-2018-1002105"); script_xref(name:"RHSA", value:"2018:3754"); script_name(english:"RHEL 7 : OpenShift Container Platform 3.3 (RHSA-2018:3754)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update is now available for Red Hat OpenShift Container Platform release 3.3. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es) : * A privilege escalation vulnerability exists in OpenShift Container Platform 3.x which allows for compromise of pods running on a compute node to which a pod is scheduled with normal user privilege. This access could include access to all secrets, pods, environment variables, running pod/container processes, and persistent volumes, including in privileged containers. Additionally, on versions 3.6 and higher of OpenShift Container Platform, this vulnerability allows cluster-admin level access to any API hosted by an aggregated API server. This includes the 'servicecatalog' API which is installed by default in 3.7 and later. Cluster-admin level access to the service catalog allows creation of brokered services by an unauthenticated user with escalated privileges in any namespace and on any node. This could lead to an attacker being allowed to deploy malicious code, or alter existing services. (CVE-2018-1002105) This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.3. See the following advisory for the container images for this release : https://access.redhat.com/errata/RHBA-2018:3753 https://docs.openshift.com/container-platform/3.3/release_notes/ ocp_3_3_release_notes.html All OpenShift Container Platform 3.3 users are advised to upgrade to these updated packages and images." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHBA-2018:0114" ); script_set_attribute( attribute:"see_also", value:"https://docs.openshift.com/container-platform/3.3/release_notes/" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:3754" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2018-1002105" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-dockerregistry"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-utils"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-ansible"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-callback-plugins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-docs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-filter-plugins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-lookup-plugins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-playbooks"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-roles"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tuned-profiles-atomic-openshift-node"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/05"); script_set_attribute(attribute:"patch_publication_date", value:"2018/12/03"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/04"); script_set_attribute(attribute:"in_the_news", value:"true"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2018:3754"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_exists(rpm:"atomic-openshift-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-3.3.1.46.45-1.git.0.2ce596e.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-clients-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-clients-3.3.1.46.45-1.git.0.2ce596e.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-clients-redistributable-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-clients-redistributable-3.3.1.46.45-1.git.0.2ce596e.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-docker-excluder-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"atomic-openshift-docker-excluder-3.3.1.46.45-1.git.0.2ce596e.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-dockerregistry-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-dockerregistry-3.3.1.46.45-1.git.0.2ce596e.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-excluder-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"atomic-openshift-excluder-3.3.1.46.45-1.git.0.2ce596e.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-master-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-master-3.3.1.46.45-1.git.0.2ce596e.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-node-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-node-3.3.1.46.45-1.git.0.2ce596e.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-pod-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-pod-3.3.1.46.45-1.git.0.2ce596e.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-sdn-ovs-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-sdn-ovs-3.3.1.46.45-1.git.0.2ce596e.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-tests-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-tests-3.3.1.46.45-1.git.0.2ce596e.el7")) flag++; if (rpm_exists(rpm:"atomic-openshift-utils-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"atomic-openshift-utils-3.3.149-1.git.0.3859ddb.el7")) flag++; if (rpm_exists(rpm:"openshift-ansible-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"openshift-ansible-3.3.149-1.git.0.3859ddb.el7")) flag++; if (rpm_exists(rpm:"openshift-ansible-callback-plugins-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"openshift-ansible-callback-plugins-3.3.149-1.git.0.3859ddb.el7")) flag++; if (rpm_exists(rpm:"openshift-ansible-docs-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"openshift-ansible-docs-3.3.149-1.git.0.3859ddb.el7")) flag++; if (rpm_exists(rpm:"openshift-ansible-filter-plugins-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"openshift-ansible-filter-plugins-3.3.149-1.git.0.3859ddb.el7")) flag++; if (rpm_exists(rpm:"openshift-ansible-lookup-plugins-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"openshift-ansible-lookup-plugins-3.3.149-1.git.0.3859ddb.el7")) flag++; if (rpm_exists(rpm:"openshift-ansible-playbooks-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"openshift-ansible-playbooks-3.3.149-1.git.0.3859ddb.el7")) flag++; if (rpm_exists(rpm:"openshift-ansible-roles-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"openshift-ansible-roles-3.3.149-1.git.0.3859ddb.el7")) flag++; if (rpm_exists(rpm:"tuned-profiles-atomic-openshift-node-3.3", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"tuned-profiles-atomic-openshift-node-3.3.1.46.45-1.git.0.2ce596e.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "atomic-openshift / atomic-openshift-clients / etc"); } }NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-2908.NASL description An update is now available for Red Hat OpenShift Container Platform 3.9. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat last seen 2020-06-01 modified 2020-06-02 plugin id 119407 published 2018-12-04 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119407 title RHEL 7 : OpenShift Container Platform 3.9 (RHSA-2018:2908) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-3624.NASL description An update is now available for Red Hat OpenShift Container Platform release 3.5. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat last seen 2020-06-01 modified 2020-06-02 plugin id 119412 published 2018-12-04 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119412 title RHEL 7 : OpenShift Container Platform 3.5 (RHSA-2018:3624) NASL family SuSE Local Security Checks NASL id OPENSUSE-2020-554.NASL description This update introduces kubernetes version 1.14.1 and cri-o 1.17.1 to Leap 15.1. last seen 2020-04-30 modified 2020-04-27 plugin id 136011 published 2020-04-27 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136011 title openSUSE Security Update : kubernetes (openSUSE-2020-554) (Dirty COW) NASL family PhotonOS Local Security Checks NASL id PHOTONOS_PHSA-2018-2_0-0112.NASL description An update of 'kubernetes' packages of Photon OS has been released. last seen 2019-02-08 modified 2019-02-07 plugin id 119753 published 2018-12-18 reporter Tenable source https://www.tenable.com/plugins/index.php?view=single&id=119753 title Photon OS 2.0: Kubernetes PHSA-2018-2.0-0112 (deprecated) NASL family Fedora Local Security Checks NASL id FEDORA_2019-3ECFF65275.NASL description - Allow to install cri-o as alternative to docker - Allow to install moby-engine as alternative to docker ---- Update to v1.12.5 (Verify backend upgraded connection) Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 122880 published 2019-03-18 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/122880 title Fedora 29 : kubernetes (2019-3ecff65275) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-3549.NASL description An update is now available for Red Hat OpenShift Container Platform 3.10. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat last seen 2020-06-01 modified 2020-06-02 plugin id 119409 published 2018-12-04 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119409 title RHEL 7 : OpenShift Container Platform 3.10 (RHSA-2018:3549) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-3551.NASL description An update is now available for Red Hat OpenShift Container Platform 3.8. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat last seen 2020-06-01 modified 2020-06-02 plugin id 119410 published 2018-12-04 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119410 title RHEL 7 : OpenShift Container Platform 3.8 (RHSA-2018:3551) NASL family Fedora Local Security Checks NASL id FEDORA_2018-314913636B.NASL description - Rebase to upstream 8de5c3442e56dbe05403990ce0821746673fd588, let last seen 2020-06-05 modified 2019-01-03 plugin id 120332 published 2019-01-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/120332 title Fedora 29 : origin (2018-314913636b) NASL family CGI abuses NASL id KUBE_CVE_2018_1002105.NASL description A remote, unauthenticated attacker may be able to leverage API calls to escalate privileges via proxy request handling vulnerability. Note that a successful attack requires that an API extension server is directly accessible from the Kubernetes API server last seen 2020-06-01 modified 2020-06-02 plugin id 119677 published 2018-12-14 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119677 title Kubernetes proxy request handling vulnerability (CVE-2018-1002105) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-2906.NASL description An update is now available for Red Hat OpenShift Container Platform release 3.7. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat last seen 2020-06-01 modified 2020-06-02 plugin id 119406 published 2018-12-04 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119406 title RHEL 7 : OpenShift Container Platform 3.7 (RHSA-2018:2906) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-3752.NASL description An update is now available for Red Hat OpenShift Container Platform release 3.4. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat last seen 2020-06-01 modified 2020-06-02 plugin id 119415 published 2018-12-04 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119415 title RHEL 7 : OpenShift Container Platform 3.4 (RHSA-2018:3752) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-3598.NASL description An update is now available for Red Hat OpenShift Container Platform release 3.6. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. OpenShift Enterprise by Red Hat is the company last seen 2020-06-01 modified 2020-06-02 plugin id 119411 published 2018-12-04 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119411 title RHEL 7 : OpenShift Container Platform 3.6 (RHSA-2018:3598) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2018-3742.NASL description An update is now available for Red Hat OpenShift Container Platform 3.2. Red Hat Product Security has rated this update as having a security impact of Critical. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat OpenShift Container Platform is Red Hat last seen 2020-06-01 modified 2020-06-02 plugin id 119414 published 2018-12-04 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119414 title RHEL 7 : OpenShift Container Platform 3.2 (RHSA-2018:3742) NASL family CGI abuses NASL id KUBE_1_12_3.NASL description The version of Kubernetes installed on the remote host is version 1.x prior to 1.10.11, 1.11.x prior to 1.11.5, or 1.12.x prior to 1.12.3, and thus, is affected by a remote, unauthenticated privilege escalation vulnerability. Note that a successful attack requires that an API extension server is directly accessible from the Kubernetes API server last seen 2020-06-01 modified 2020-06-02 plugin id 119327 published 2018-12-04 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/119327 title Kubernetes 1.x < 1.10.11 / 1.11.x < 1.11.5 / 1.12.x < 1.12.3 API Server Privilege Escalation
Redhat
| advisories |
| ||||||||||||||||||||||||||||||||
| rpms |
|
References
- https://github.com/kubernetes/kubernetes/issues/71411
- https://access.redhat.com/errata/RHSA-2018:3754
- https://access.redhat.com/errata/RHSA-2018:3752
- https://access.redhat.com/errata/RHSA-2018:3742
- https://access.redhat.com/errata/RHSA-2018:3624
- https://access.redhat.com/errata/RHSA-2018:3598
- https://access.redhat.com/errata/RHSA-2018:3551
- https://access.redhat.com/errata/RHSA-2018:3549
- https://access.redhat.com/errata/RHSA-2018:3537
- http://www.securityfocus.com/bid/106068
- https://github.com/evict/poc_CVE-2018-1002105
- https://www.exploit-db.com/exploits/46053/
- https://www.exploit-db.com/exploits/46052/
- https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do
- https://security.netapp.com/advisory/ntap-20190416-0001/
- http://www.openwall.com/lists/oss-security/2019/06/28/2
- http://www.openwall.com/lists/oss-security/2019/07/06/3
- http://www.openwall.com/lists/oss-security/2019/07/06/4
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00041.html
- https://groups.google.com/forum/#%21topic/kubernetes-announce/GVllWCg6L88