Vulnerabilities > CVE-2019-10222 - Improper Handling of Exceptional Conditions vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
HIGH Summary
A flaw was found in the Ceph RGW configuration with Beast as the front end handling client requests. An unauthenticated attacker could crash the Ceph RGW server by sending valid HTTP headers and terminating the connection, resulting in a remote denial of service for Ceph RGW clients.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 | |
Application | 2 | |
OS | 2 |
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2019-F47093CC3D.NASL description ceph 14.2.3 GA Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 129172 published 2019-09-24 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129172 title Fedora 30 : 2:ceph (2019-f47093cc3d) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-f47093cc3d. # include("compat.inc"); if (description) { script_id(129172); script_version("1.3"); script_cvs_date("Date: 2019/12/24"); script_cve_id("CVE-2019-10222"); script_xref(name:"FEDORA", value:"2019-f47093cc3d"); script_name(english:"Fedora 30 : 2:ceph (2019-f47093cc3d)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "ceph 14.2.3 GA Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-f47093cc3d" ); script_set_attribute( attribute:"solution", value:"Update the affected 2:ceph package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:ceph"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:30"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/24"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^30([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 30", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC30", reference:"ceph-14.2.3-1.fc30", epoch:"2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:ceph"); }
NASL family Fedora Local Security Checks NASL id FEDORA_2019-5E54D5E6E9.NASL description ceph 14.2.3 GA Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 129619 published 2019-10-07 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/129619 title Fedora 31 : 2:ceph (2019-5e54d5e6e9) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory FEDORA-2019-5e54d5e6e9. # include("compat.inc"); if (description) { script_id(129619); script_version("1.3"); script_cvs_date("Date: 2019/12/20"); script_cve_id("CVE-2019-10222"); script_xref(name:"FEDORA", value:"2019-5e54d5e6e9"); script_name(english:"Fedora 31 : 2:ceph (2019-5e54d5e6e9)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "ceph 14.2.3 GA Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2019-5e54d5e6e9" ); script_set_attribute( attribute:"solution", value:"Update the affected 2:ceph package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:2:ceph"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:31"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/09/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/07"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! preg(pattern:"^31([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 31", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC31", reference:"ceph-14.2.3-1.fc31", epoch:"2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "2:ceph"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2019-2577.NASL description An update is now available for Red Hat Ceph Storage 3.3 on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Security Fix(es) : * ceph: Unauthenticated clients can crash ceph RGW configured with beast as frontend (CVE-2019-10222) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. last seen 2020-03-18 modified 2019-09-03 plugin id 128446 published 2019-09-03 reporter This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128446 title RHEL 7 : ceph (RHSA-2019:2577) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2019:2577. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(128446); script_version("1.7"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/06"); script_cve_id("CVE-2019-10222"); script_xref(name:"RHSA", value:"2019:2577"); script_name(english:"RHEL 7 : ceph (RHSA-2019:2577)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "An update is now available for Red Hat Ceph Storage 3.3 on Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services. Security Fix(es) : * ceph: Unauthenticated clients can crash ceph RGW configured with beast as frontend (CVE-2019-10222) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2019:2577" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2019-10222" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ceph-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ceph-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ceph-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ceph-fuse"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ceph-mds"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ceph-mgr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ceph-mon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ceph-radosgw"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ceph-selinux"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ceph-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libcephfs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libcephfs2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:librados-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:librados2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libradosstriper1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:librbd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:librbd1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:librgw-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:librgw2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-cephfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-rados"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-rbd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-rgw"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rbd-mirror"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/08/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/09/03"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2019:2577"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (! (rpm_exists(release:"RHEL7", rpm:"librados2-12.*\.el7cp"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "Ceph Storage"); if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ceph-base-12.2.12-48.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ceph-common-12.2.12-48.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ceph-debuginfo-12.2.12-48.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ceph-fuse-12.2.12-48.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ceph-mds-12.2.12-48.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ceph-mgr-12.2.12-48.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ceph-mon-12.2.12-48.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ceph-radosgw-12.2.12-48.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ceph-selinux-12.2.12-48.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"ceph-test-12.2.12-48.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libcephfs-devel-12.2.12-48.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libcephfs2-12.2.12-48.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"librados-devel-12.2.12-48.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"librados2-12.2.12-48.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"libradosstriper1-12.2.12-48.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"librbd-devel-12.2.12-48.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"librbd1-12.2.12-48.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"librgw-devel-12.2.12-48.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"librgw2-12.2.12-48.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-cephfs-12.2.12-48.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-rados-12.2.12-48.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-rbd-12.2.12-48.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"python-rgw-12.2.12-48.el7")) flag++; if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"rbd-mirror-12.2.12-48.el7")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ceph-base / ceph-common / ceph-debuginfo / ceph-fuse / ceph-mds / etc"); } }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2247-1.NASL description This update for ceph fixes the following issues : Security issue fixed : CVE-2019-10222: Fixed RGW crash via unauthenticated clients (bsc#1145093). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128319 published 2019-08-29 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128319 title SUSE SLED15 / SLES15 Security Update : ceph (SUSE-SU-2019:2247-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2019:2247-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(128319); script_version("1.4"); script_cvs_date("Date: 2019/12/31"); script_cve_id("CVE-2019-10222"); script_name(english:"SUSE SLED15 / SLES15 Security Update : ceph (SUSE-SU-2019:2247-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for ceph fixes the following issues : Security issue fixed : CVE-2019-10222: Fixed RGW crash via unauthenticated clients (bsc#1145093). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1145093" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-10222/" ); # https://www.suse.com/support/update/announcement/2019/suse-su-20192247-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?b9e8477e" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1:zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2247=1 SUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2247=1 SUSE Enterprise Storage 6:zypper in -t patch SUSE-Storage-6-2019-2247=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-common-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-fuse"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-fuse-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-mds"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-mds-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-mgr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-mgr-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-mon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-mon-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-osd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-osd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-radosgw"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-radosgw-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-test-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-test-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:cephfs-shell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libcephfs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libcephfs2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libcephfs2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:librados-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:librados-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:librados2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:librados2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libradospp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:librbd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:librbd1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:librbd1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:librgw-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:librgw2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:librgw2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-ceph-argparse"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-cephfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-cephfs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-rados"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-rados-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-rbd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-rbd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-rgw"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-rgw-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:rados-objclass-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:rbd-fuse"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:rbd-fuse-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:rbd-mirror"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:rbd-mirror-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:rbd-nbd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:rbd-nbd-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/08/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/29"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP1", os_ver + " SP" + sp); if (os_ver == "SLED15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"ceph-test-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"ceph-test-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"ceph-test-debugsource-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-base-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-base-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-debugsource-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-fuse-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-fuse-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-mds-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-mds-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-mgr-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-mgr-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-mon-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-mon-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-osd-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-osd-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-radosgw-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-radosgw-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"cephfs-shell-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"rbd-fuse-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"rbd-fuse-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"rbd-mirror-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"rbd-mirror-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"rbd-nbd-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"rbd-nbd-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-common-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-common-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-debugsource-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"libcephfs-devel-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"libcephfs2-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"libcephfs2-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"librados-devel-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"librados-devel-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"librados2-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"librados2-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"libradospp-devel-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"librbd-devel-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"librbd1-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"librbd1-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"librgw-devel-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"librgw2-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"librgw2-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-ceph-argparse-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-cephfs-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-cephfs-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-rados-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-rados-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-rbd-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-rbd-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-rgw-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-rgw-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"rados-objclass-devel-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"ceph-test-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"ceph-test-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"ceph-test-debugsource-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-base-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-base-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-debugsource-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-fuse-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-fuse-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-mds-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-mds-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-mgr-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-mgr-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-mon-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-mon-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-osd-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-osd-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-radosgw-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-radosgw-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"cephfs-shell-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"rbd-fuse-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"rbd-fuse-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"rbd-mirror-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"rbd-mirror-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"rbd-nbd-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"rbd-nbd-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-common-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-common-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-debugsource-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"libcephfs-devel-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"libcephfs2-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"libcephfs2-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"librados-devel-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"librados-devel-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"librados2-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"librados2-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"libradospp-devel-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"librbd-devel-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"librbd1-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"librbd1-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"librgw-devel-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"librgw2-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"librgw2-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-ceph-argparse-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-cephfs-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-cephfs-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-rados-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-rados-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-rbd-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-rbd-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-rgw-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-rgw-debuginfo-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"rados-objclass-devel-14.2.2.349+g6716a1e448-3.9.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ceph"); }
NASL family SuSE Local Security Checks NASL id SUSE_SU-2019-2736-1.NASL description This update for ceph, ceph-iscsi and ses-manual_en fixes the following issues : Security issues fixed : CVE-2019-10222: Fixed RGW crash caused by unauthenticated clients. (bsc#1145093) Non-security issues-fixed: ceph-volume: prints errors to stdout with --format json (bsc#1132767) mgr/dashboard: Changing rgw-api-host does not get effective without disable/enable dashboard mgr module (bsc#1137503) mgr/dashboard: Silence Alertmanager alerts (bsc#1141174) mgr/dashboard: Fix e2e failures caused by webdriver version (bsc#1145759) librbd: always try to acquire exclusive lock when removing image (bsc#1149093) The no{up,down,in,out} related commands have been revamped (bsc#1151990) radosgw-admin gets two new subcommands for managing expire-stale objects. (bsc#1151991) Deploying a single new BlueStore OSD on a cluster upgraded to SES6 from SES5 breaks pool utilization stats reported by ceph df (bsc#1151992) Ceph cluster will no longer issue a health warning if CRUSH tunables are older than last seen 2020-06-01 modified 2020-06-02 plugin id 130161 published 2019-10-23 reporter This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/130161 title SUSE SLED15 / SLES15 Security Update : ceph, ceph-iscsi, ses-manual_en (SUSE-SU-2019:2736-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SUSE update advisory SUSE-SU-2019:2736-1. # The text itself is copyright (C) SUSE. # include("compat.inc"); if (description) { script_id(130161); script_version("1.3"); script_cvs_date("Date: 2019/12/18"); script_cve_id("CVE-2019-10222"); script_name(english:"SUSE SLED15 / SLES15 Security Update : ceph, ceph-iscsi, ses-manual_en (SUSE-SU-2019:2736-1)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote SUSE host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update for ceph, ceph-iscsi and ses-manual_en fixes the following issues : Security issues fixed : CVE-2019-10222: Fixed RGW crash caused by unauthenticated clients. (bsc#1145093) Non-security issues-fixed: ceph-volume: prints errors to stdout with --format json (bsc#1132767) mgr/dashboard: Changing rgw-api-host does not get effective without disable/enable dashboard mgr module (bsc#1137503) mgr/dashboard: Silence Alertmanager alerts (bsc#1141174) mgr/dashboard: Fix e2e failures caused by webdriver version (bsc#1145759) librbd: always try to acquire exclusive lock when removing image (bsc#1149093) The no{up,down,in,out} related commands have been revamped (bsc#1151990) radosgw-admin gets two new subcommands for managing expire-stale objects. (bsc#1151991) Deploying a single new BlueStore OSD on a cluster upgraded to SES6 from SES5 breaks pool utilization stats reported by ceph df (bsc#1151992) Ceph cluster will no longer issue a health warning if CRUSH tunables are older than 'hammer' (bsc#1151993) Nautilus-based librbd clients can not open images on Jewel clusters (bsc#1151994) The RGW num_rados_handles has been removed in Ceph 14.2.3 (bsc#1151995) 'osd_deep_scrub_large_omap_object_key_threshold' has been lowered in Nautilus 14.2.3 (bsc#1152002) Support iSCSI target-level CHAP authentication (bsc#1145617) Validation and render of iSCSI controls based 'type' (bsc#1140491) Fix error editing iSCSI image advanced settings (bsc#1146656) Fix error during iSCSI target edit Fixes in ses-manual_en: Added a new chapter with changelogs of Ceph releases. (bsc#1135584) Rewrote rolling updates and replaced running stage.0 with manual commands to prevent infinite loop. (bsc#1134444) Improved name of CaaSP to its fuller version. (bsc#1151439) Verify which OSD's are going to be removed before running stage.5. (bsc#1150406) Added two additional steps to recovering an OSD. (bsc#1147132) Fixes in ceph-iscsi: Validate kernel LIO controls type and value (bsc#1140491) TPG lun_id persistence (bsc#1145618) Target level CHAP authentication (bsc#1145617) ceph-iscsi was updated to the upstream 3.2 release: Always use host FQDN instead of shortname Validate min/max value for target controls and rbd:user/tcmu-runner image controls (bsc#1140491) Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1132767" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1134444" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1135584" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1137503" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1140491" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1141174" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1145093" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1145617" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1145618" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1145759" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1146656" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1147132" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1149093" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1150406" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1151439" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1151990" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1151991" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1151992" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1151993" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1151994" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1151995" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.suse.com/show_bug.cgi?id=1152002" ); script_set_attribute( attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2019-10222/" ); # https://www.suse.com/support/update/announcement/2019/suse-su-20192736-1/ script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?cd6b95a4" ); script_set_attribute( attribute:"solution", value: "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or 'zypper patch'. Alternatively you can run the command listed for your product : SUSE Linux Enterprise Module for Open Buildservice Development Tools 15-SP1:zypper in -t patch SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2019-2736=1 SUSE Linux Enterprise Module for Basesystem 15-SP1:zypper in -t patch SUSE-SLE-Module-Basesystem-15-SP1-2019-2736=1 SUSE Enterprise Storage 6:zypper in -t patch SUSE-Storage-6-2019-2736=1" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-base-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-common-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-fuse"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-fuse-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-mds"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-mds-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-mgr"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-mgr-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-mon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-mon-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-osd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-osd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-radosgw"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-radosgw-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-test"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-test-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:ceph-test-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:cephfs-shell"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libcephfs-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libcephfs2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libcephfs2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:librados-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:librados-devel-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:librados2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:librados2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:libradospp-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:librbd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:librbd1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:librbd1-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:librgw-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:librgw2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:librgw2-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-ceph-argparse"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-cephfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-cephfs-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-rados"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-rados-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-rbd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-rbd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-rgw"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:python3-rgw-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:rados-objclass-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:rbd-fuse"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:rbd-fuse-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:rbd-mirror"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:rbd-mirror-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:rbd-nbd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:rbd-nbd-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/10/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/10/23"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE"); os_ver = pregmatch(pattern: "^(SLE(S|D)\d+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "SUSE"); os_ver = os_ver[1]; if (! preg(pattern:"^(SLED15|SLES15)$", string:os_ver)) audit(AUDIT_OS_NOT, "SUSE SLED15 / SLES15", "SUSE " + os_ver); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SUSE " + os_ver, cpu); sp = get_kb_item("Host/SuSE/patchlevel"); if (isnull(sp)) sp = "0"; if (os_ver == "SLES15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLES15 SP1", os_ver + " SP" + sp); if (os_ver == "SLED15" && (! preg(pattern:"^(1)$", string:sp))) audit(AUDIT_OS_NOT, "SLED15 SP1", os_ver + " SP" + sp); flag = 0; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"ceph-test-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"ceph-test-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", cpu:"x86_64", reference:"ceph-test-debugsource-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-base-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-base-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-debugsource-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-fuse-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-fuse-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-mds-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-mds-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-mgr-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-mgr-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-mon-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-mon-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-osd-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-osd-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-radosgw-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-radosgw-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"cephfs-shell-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"rbd-fuse-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"rbd-fuse-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"rbd-mirror-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"rbd-mirror-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"rbd-nbd-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"rbd-nbd-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-common-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-common-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"ceph-debugsource-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"libcephfs-devel-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"libcephfs2-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"libcephfs2-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"librados-devel-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"librados-devel-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"librados2-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"librados2-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"libradospp-devel-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"librbd-devel-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"librbd1-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"librbd1-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"librgw-devel-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"librgw2-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"librgw2-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-ceph-argparse-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-cephfs-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-cephfs-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-rados-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-rados-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-rbd-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-rbd-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-rgw-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"python3-rgw-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLES15", sp:"1", reference:"rados-objclass-devel-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"ceph-test-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"ceph-test-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", cpu:"x86_64", reference:"ceph-test-debugsource-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-base-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-base-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-debugsource-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-fuse-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-fuse-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-mds-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-mds-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-mgr-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-mgr-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-mon-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-mon-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-osd-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-osd-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-radosgw-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-radosgw-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"cephfs-shell-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"rbd-fuse-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"rbd-fuse-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"rbd-mirror-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"rbd-mirror-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"rbd-nbd-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"rbd-nbd-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-common-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-common-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"ceph-debugsource-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"libcephfs-devel-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"libcephfs2-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"libcephfs2-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"librados-devel-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"librados-devel-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"librados2-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"librados2-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"libradospp-devel-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"librbd-devel-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"librbd1-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"librbd1-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"librgw-devel-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"librgw2-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"librgw2-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-ceph-argparse-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-cephfs-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-cephfs-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-rados-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-rados-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-rbd-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-rbd-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-rgw-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"python3-rgw-debuginfo-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (rpm_check(release:"SLED15", sp:"1", reference:"rados-objclass-devel-14.2.4.373+gc3e67ed133-3.19.1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ceph / ceph-iscsi / ses-manual_en"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-4112-1.NASL description Abhishek Lekshmanan discovered that the RADOS gateway implementation in Ceph did not handle client disconnects properly in some situations. A remote attacker could use this to cause a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 128323 published 2019-08-29 reporter Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/128323 title Ubuntu 18.04 LTS / 19.04 : ceph vulnerability (USN-4112-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-4112-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(128323); script_version("1.4"); script_cvs_date("Date: 2019/12/31"); script_cve_id("CVE-2019-10222"); script_xref(name:"USN", value:"4112-1"); script_name(english:"Ubuntu 18.04 LTS / 19.04 : ceph vulnerability (USN-4112-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "Abhishek Lekshmanan discovered that the RADOS gateway implementation in Ceph did not handle client disconnects properly in some situations. A remote attacker could use this to cause a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/4112-1/" ); script_set_attribute( attribute:"solution", value:"Update the affected ceph and / or radosgw packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ceph"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:radosgw"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:18.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:19.04"); script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/08"); script_set_attribute(attribute:"patch_publication_date", value:"2019/08/29"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/29"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2019 Canonical, Inc. / NASL script (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(18\.04|19\.04)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 18.04 / 19.04", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"18.04", pkgname:"ceph", pkgver:"12.2.12-0ubuntu0.18.04.2")) flag++; if (ubuntu_check(osver:"18.04", pkgname:"radosgw", pkgver:"12.2.12-0ubuntu0.18.04.2")) flag++; if (ubuntu_check(osver:"19.04", pkgname:"ceph", pkgver:"13.2.6-0ubuntu0.19.04.3")) flag++; if (ubuntu_check(osver:"19.04", pkgname:"radosgw", pkgver:"13.2.6-0ubuntu0.19.04.3")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ceph / radosgw"); }
Redhat
rpms |
|
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10222
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10222
- https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html
- https://lists.debian.org/debian-lts-announce/2023/10/msg00034.html
- https://tracker.ceph.com/issues/40018
- https://tracker.ceph.com/issues/40018