Vulnerabilities > CVE-2020-1702
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
LOW Summary
A malicious container image can consume an unbounded amount of memory when being pulled to a container runtime host, such as Red Hat Enterprise Linux using podman, or OpenShift Container Platform. An attacker can use this flaw to trick a user, with privileges to pull container images, into crashing the process responsible for pulling the image. This flaw affects containers-image versions before 5.2.0.
Vulnerable Configurations
Nessus
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1234.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1234 advisory. - runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc (CVE-2019-16884) - containers/image: Container images read entire image manifest into memory (CVE-2020-1702) - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-04-23 modified 2020-04-01 plugin id 135084 published 2020-04-01 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135084 title RHEL 7 : docker (RHSA-2020:1234) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:1234. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(135084); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/14"); script_cve_id("CVE-2019-16884", "CVE-2020-1702", "CVE-2020-8945"); script_xref(name:"RHSA", value:"2020:1234"); script_name(english:"RHEL 7 : docker (RHSA-2020:1234)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1234 advisory. - runc: AppArmor/SELinux bypass with malicious image that specifies a volume at /proc (CVE-2019-16884) - containers/image: Container images read entire image manifest into memory (CVE-2020-1702) - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/41.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/400.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/416.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1234"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-16884"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1702"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-8945"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1784228"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1795376"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1796451"); script_set_attribute(attribute:"solution", value: "Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8945"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(41, 400, 416); script_set_attribute(attribute:"vuln_publication_date", value:"2019/09/25"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/01"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_extras_other:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-client"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-logrotate"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-lvm-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-novolume-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-rhel-push-plugin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-v1.10-migrator"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'docker-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'}, {'reference':'docker-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'}, {'reference':'docker-client-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'}, {'reference':'docker-client-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'}, {'reference':'docker-common-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'}, {'reference':'docker-common-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'}, {'reference':'docker-logrotate-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'}, {'reference':'docker-logrotate-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'}, {'reference':'docker-lvm-plugin-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'}, {'reference':'docker-lvm-plugin-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'}, {'reference':'docker-novolume-plugin-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'}, {'reference':'docker-novolume-plugin-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'}, {'reference':'docker-rhel-push-plugin-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'}, {'reference':'docker-rhel-push-plugin-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'}, {'reference':'docker-v1.10-migrator-1.13.1-161.git64e9980.el7_8', 'cpu':'s390x', 'release':'7', 'epoch':'2'}, {'reference':'docker-v1.10-migrator-1.13.1-161.git64e9980.el7_8', 'cpu':'x86_64', 'release':'7', 'epoch':'2'} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_spec_vers_cmp) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++; } else { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++; } } } if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'docker / docker-client / docker-common / etc'); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1227.NASL description The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1227 advisory. - podman: resolving symlink in host filesystem leads to unexpected results of copy operation (CVE-2019-18466) - containers/image: Container images read entire image manifest into memory (CVE-2020-1702) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-04-23 modified 2020-04-01 plugin id 135081 published 2020-04-01 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/135081 title RHEL 7 : podman (RHSA-2020:1227) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:1227. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(135081); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/04/21"); script_cve_id("CVE-2019-18466", "CVE-2020-1702"); script_xref(name:"RHSA", value:"2020:1227"); script_name(english:"RHEL 7 : podman (RHSA-2020:1227)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1227 advisory. - podman: resolving symlink in host filesystem leads to unexpected results of copy operation (CVE-2019-18466) - containers/image: Container images read entire image manifest into memory (CVE-2020-1702) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/59.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/400.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1227"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-18466"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1702"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1650395"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1758509"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1788549"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1797599"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1806895"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1807437"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1807586"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1808702"); script_set_attribute(attribute:"solution", value: "Update the affected podman and / or podman-docker packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-18466"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(59, 400); script_set_attribute(attribute:"vuln_publication_date", value:"2019/10/28"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/01"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_extras_other:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman-docker"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'podman-1.6.4-16.el7_8', 'cpu':'s390x', 'release':'7'}, {'reference':'podman-1.6.4-16.el7_8', 'cpu':'x86_64', 'release':'7'}, {'reference':'podman-docker-1.6.4-16.el7_8', 'release':'7'} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_spec_vers_cmp) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++; } else { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++; } } } if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'podman / podman-docker'); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2116.NASL description The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2116 advisory. - buildah: Crafted input tar file may lead to local file overwrite during image build process (CVE-2020-10696) - containers/image: Container images read entire image manifest into memory (CVE-2020-1702) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-15 modified 2020-05-12 plugin id 136521 published 2020-05-12 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136521 title RHEL 7 : buildah (RHSA-2020:2116) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:2116. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(136521); script_version("1.2"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/13"); script_cve_id("CVE-2020-1702", "CVE-2020-10696"); script_xref(name:"RHSA", value:"2020:2116"); script_name(english:"RHEL 7 : buildah (RHSA-2020:2116)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:2116 advisory. - buildah: Crafted input tar file may lead to local file overwrite during image build process (CVE-2020-10696) - containers/image: Container images read entire image manifest into memory (CVE-2020-1702) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/22.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/400.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:2116"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-10696"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1702"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1792796"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1817651"); script_set_attribute(attribute:"solution", value: "Update the affected buildah package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-10696"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(22, 400); script_set_attribute(attribute:"vuln_publication_date", value:"2020/03/31"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/12"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:rhel_extras_other:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:buildah"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'buildah-1.11.6-11.el7_8', 'cpu':'s390x', 'release':'7'}, {'reference':'buildah-1.11.6-11.el7_8', 'cpu':'x86_64', 'release':'7'} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_spec_vers_cmp) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++; } else { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++; } } } if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'buildah'); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1650.NASL description The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1650 advisory. - runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation (CVE-2019-19921) - containers/image: Container images read entire image manifest into memory (CVE-2020-1702) - podman: incorrectly allows existing files in volumes to be overwritten by a container when it is created (CVE-2020-1726) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-21 modified 2020-04-28 plugin id 136053 published 2020-04-28 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136053 title RHEL 8 : container-tools:rhel8 (RHSA-2020:1650) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:1650. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(136053); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/05/20"); script_cve_id("CVE-2019-19921", "CVE-2020-1702", "CVE-2020-1726"); script_xref(name:"RHSA", value:"2020:1650"); script_name(english:"RHEL 8 : container-tools:rhel8 (RHSA-2020:1650)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1650 advisory. - runc: volume mount race condition with shared mounts leads to information leak/integrity manipulation (CVE-2019-19921) - containers/image: Container images read entire image manifest into memory (CVE-2020-1702) - podman: incorrectly allows existing files in volumes to be overwritten by a container when it is created (CVE-2020-1726) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/41.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/400.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/552.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1650"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2019-19921"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1702"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1726"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1792796"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1796107"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1801152"); script_set_attribute(attribute:"solution", value: "Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-1726"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(41, 400, 552); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/11"); script_set_attribute(attribute:"patch_publication_date", value:"2020/04/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/28"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:enterprise_linux:8::appstream"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:buildah"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:buildah-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:buildah-tests"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cockpit-podman"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:conmon"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:container-selinux"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:containers-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:crit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:criu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:criu-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:fuse-overlayfs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:fuse-overlayfs-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman-docker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman-remote"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman-tests"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-podman-api"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-criu"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:runc"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:runc-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:skopeo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:skopeo-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:skopeo-tests"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:slirp4netns"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:slirp4netns-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:toolbox"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:udica"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); module_ver = get_kb_item('Host/RedHat/appstream/container-tools'); if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module container-tools:rhel8'); if ('rhel8' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module container-tools:' + module_ver); appstreams = { 'container-tools:rhel8': [ {'reference':'buildah-1.11.6-7.module+el8.2.0+5856+b8046c6d', 'cpu':'aarch64', 'release':'8'}, {'reference':'buildah-1.11.6-7.module+el8.2.0+5856+b8046c6d', 'cpu':'s390x', 'release':'8'}, {'reference':'buildah-1.11.6-7.module+el8.2.0+5856+b8046c6d', 'cpu':'x86_64', 'release':'8'}, {'reference':'buildah-debugsource-1.11.6-7.module+el8.2.0+5856+b8046c6d', 'cpu':'aarch64', 'release':'8'}, {'reference':'buildah-debugsource-1.11.6-7.module+el8.2.0+5856+b8046c6d', 'cpu':'s390x', 'release':'8'}, {'reference':'buildah-debugsource-1.11.6-7.module+el8.2.0+5856+b8046c6d', 'cpu':'x86_64', 'release':'8'}, {'reference':'buildah-tests-1.11.6-7.module+el8.2.0+5856+b8046c6d', 'cpu':'aarch64', 'release':'8'}, {'reference':'buildah-tests-1.11.6-7.module+el8.2.0+5856+b8046c6d', 'cpu':'s390x', 'release':'8'}, {'reference':'buildah-tests-1.11.6-7.module+el8.2.0+5856+b8046c6d', 'cpu':'x86_64', 'release':'8'}, {'reference':'cockpit-podman-12-1.module+el8.2.0+5950+6d183a6a', 'release':'8'}, {'reference':'conmon-2.0.6-1.module+el8.2.0+5182+3136e5d4', 'cpu':'aarch64', 'release':'8', 'epoch':'2'}, {'reference':'conmon-2.0.6-1.module+el8.2.0+5182+3136e5d4', 'cpu':'s390x', 'release':'8', 'epoch':'2'}, {'reference':'conmon-2.0.6-1.module+el8.2.0+5182+3136e5d4', 'cpu':'x86_64', 'release':'8', 'epoch':'2'}, {'reference':'container-selinux-2.124.0-1.module+el8.2.0+5182+3136e5d4', 'release':'8', 'epoch':'2'}, {'reference':'containernetworking-plugins-0.8.3-5.module+el8.2.0+5201+6b31f0d9', 'cpu':'aarch64', 'release':'8'}, {'reference':'containernetworking-plugins-0.8.3-5.module+el8.2.0+5201+6b31f0d9', 'cpu':'s390x', 'release':'8'}, {'reference':'containernetworking-plugins-0.8.3-5.module+el8.2.0+5201+6b31f0d9', 'cpu':'x86_64', 'release':'8'}, {'reference':'containernetworking-plugins-debugsource-0.8.3-5.module+el8.2.0+5201+6b31f0d9', 'cpu':'aarch64', 'release':'8'}, {'reference':'containernetworking-plugins-debugsource-0.8.3-5.module+el8.2.0+5201+6b31f0d9', 'cpu':'s390x', 'release':'8'}, {'reference':'containernetworking-plugins-debugsource-0.8.3-5.module+el8.2.0+5201+6b31f0d9', 'cpu':'x86_64', 'release':'8'}, {'reference':'containers-common-0.1.40-10.module+el8.2.0+5955+6cd70ceb', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'containers-common-0.1.40-10.module+el8.2.0+5955+6cd70ceb', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'containers-common-0.1.40-10.module+el8.2.0+5955+6cd70ceb', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'crit-3.12-9.module+el8.2.0+5029+3ac48e7d', 'cpu':'aarch64', 'release':'8'}, {'reference':'crit-3.12-9.module+el8.2.0+5029+3ac48e7d', 'cpu':'s390x', 'release':'8'}, {'reference':'crit-3.12-9.module+el8.2.0+5029+3ac48e7d', 'cpu':'x86_64', 'release':'8'}, {'reference':'criu-3.12-9.module+el8.2.0+5029+3ac48e7d', 'cpu':'aarch64', 'release':'8'}, {'reference':'criu-3.12-9.module+el8.2.0+5029+3ac48e7d', 'cpu':'s390x', 'release':'8'}, {'reference':'criu-3.12-9.module+el8.2.0+5029+3ac48e7d', 'cpu':'x86_64', 'release':'8'}, {'reference':'criu-debugsource-3.12-9.module+el8.2.0+5029+3ac48e7d', 'cpu':'aarch64', 'release':'8'}, {'reference':'criu-debugsource-3.12-9.module+el8.2.0+5029+3ac48e7d', 'cpu':'s390x', 'release':'8'}, {'reference':'criu-debugsource-3.12-9.module+el8.2.0+5029+3ac48e7d', 'cpu':'x86_64', 'release':'8'}, {'reference':'fuse-overlayfs-0.7.2-5.module+el8.2.0+6060+9dbc027d', 'cpu':'aarch64', 'release':'8'}, {'reference':'fuse-overlayfs-0.7.2-5.module+el8.2.0+6060+9dbc027d', 'cpu':'s390x', 'release':'8'}, {'reference':'fuse-overlayfs-0.7.2-5.module+el8.2.0+6060+9dbc027d', 'cpu':'x86_64', 'release':'8'}, {'reference':'fuse-overlayfs-debugsource-0.7.2-5.module+el8.2.0+6060+9dbc027d', 'cpu':'aarch64', 'release':'8'}, {'reference':'fuse-overlayfs-debugsource-0.7.2-5.module+el8.2.0+6060+9dbc027d', 'cpu':'s390x', 'release':'8'}, {'reference':'fuse-overlayfs-debugsource-0.7.2-5.module+el8.2.0+6060+9dbc027d', 'cpu':'x86_64', 'release':'8'}, {'reference':'podman-1.6.4-10.module+el8.2.0+6063+e761893a', 'cpu':'aarch64', 'release':'8'}, {'reference':'podman-1.6.4-10.module+el8.2.0+6063+e761893a', 'cpu':'s390x', 'release':'8'}, {'reference':'podman-1.6.4-10.module+el8.2.0+6063+e761893a', 'cpu':'x86_64', 'release':'8'}, {'reference':'podman-debugsource-1.6.4-10.module+el8.2.0+6063+e761893a', 'cpu':'aarch64', 'release':'8'}, {'reference':'podman-debugsource-1.6.4-10.module+el8.2.0+6063+e761893a', 'cpu':'s390x', 'release':'8'}, {'reference':'podman-debugsource-1.6.4-10.module+el8.2.0+6063+e761893a', 'cpu':'x86_64', 'release':'8'}, {'reference':'podman-docker-1.6.4-10.module+el8.2.0+6063+e761893a', 'release':'8'}, {'reference':'podman-remote-1.6.4-10.module+el8.2.0+6063+e761893a', 'cpu':'aarch64', 'release':'8'}, {'reference':'podman-remote-1.6.4-10.module+el8.2.0+6063+e761893a', 'cpu':'s390x', 'release':'8'}, {'reference':'podman-remote-1.6.4-10.module+el8.2.0+6063+e761893a', 'cpu':'x86_64', 'release':'8'}, {'reference':'podman-tests-1.6.4-10.module+el8.2.0+6063+e761893a', 'cpu':'aarch64', 'release':'8'}, {'reference':'podman-tests-1.6.4-10.module+el8.2.0+6063+e761893a', 'cpu':'s390x', 'release':'8'}, {'reference':'podman-tests-1.6.4-10.module+el8.2.0+6063+e761893a', 'cpu':'x86_64', 'release':'8'}, {'reference':'python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.2.0+5201+6b31f0d9', 'release':'8'}, {'reference':'python3-criu-3.12-9.module+el8.2.0+5029+3ac48e7d', 'cpu':'aarch64', 'release':'8'}, {'reference':'python3-criu-3.12-9.module+el8.2.0+5029+3ac48e7d', 'cpu':'s390x', 'release':'8'}, {'reference':'python3-criu-3.12-9.module+el8.2.0+5029+3ac48e7d', 'cpu':'x86_64', 'release':'8'}, {'reference':'runc-1.0.0-65.rc10.module+el8.2.0+5762+aaee29fb', 'cpu':'aarch64', 'release':'8'}, {'reference':'runc-1.0.0-65.rc10.module+el8.2.0+5762+aaee29fb', 'cpu':'s390x', 'release':'8'}, {'reference':'runc-1.0.0-65.rc10.module+el8.2.0+5762+aaee29fb', 'cpu':'x86_64', 'release':'8'}, {'reference':'runc-debugsource-1.0.0-65.rc10.module+el8.2.0+5762+aaee29fb', 'cpu':'aarch64', 'release':'8'}, {'reference':'runc-debugsource-1.0.0-65.rc10.module+el8.2.0+5762+aaee29fb', 'cpu':'s390x', 'release':'8'}, {'reference':'runc-debugsource-1.0.0-65.rc10.module+el8.2.0+5762+aaee29fb', 'cpu':'x86_64', 'release':'8'}, {'reference':'skopeo-0.1.40-10.module+el8.2.0+5955+6cd70ceb', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'skopeo-0.1.40-10.module+el8.2.0+5955+6cd70ceb', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'skopeo-0.1.40-10.module+el8.2.0+5955+6cd70ceb', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'skopeo-debugsource-0.1.40-10.module+el8.2.0+5955+6cd70ceb', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'skopeo-debugsource-0.1.40-10.module+el8.2.0+5955+6cd70ceb', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'skopeo-debugsource-0.1.40-10.module+el8.2.0+5955+6cd70ceb', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'skopeo-tests-0.1.40-10.module+el8.2.0+5955+6cd70ceb', 'cpu':'aarch64', 'release':'8', 'epoch':'1'}, {'reference':'skopeo-tests-0.1.40-10.module+el8.2.0+5955+6cd70ceb', 'cpu':'s390x', 'release':'8', 'epoch':'1'}, {'reference':'skopeo-tests-0.1.40-10.module+el8.2.0+5955+6cd70ceb', 'cpu':'x86_64', 'release':'8', 'epoch':'1'}, {'reference':'slirp4netns-0.4.2-3.git21fdece.module+el8.2.0+5658+9a15711d', 'cpu':'aarch64', 'release':'8'}, {'reference':'slirp4netns-0.4.2-3.git21fdece.module+el8.2.0+5658+9a15711d', 'cpu':'s390x', 'release':'8'}, {'reference':'slirp4netns-0.4.2-3.git21fdece.module+el8.2.0+5658+9a15711d', 'cpu':'x86_64', 'release':'8'}, {'reference':'slirp4netns-debugsource-0.4.2-3.git21fdece.module+el8.2.0+5658+9a15711d', 'cpu':'aarch64', 'release':'8'}, {'reference':'slirp4netns-debugsource-0.4.2-3.git21fdece.module+el8.2.0+5658+9a15711d', 'cpu':'s390x', 'release':'8'}, {'reference':'slirp4netns-debugsource-0.4.2-3.git21fdece.module+el8.2.0+5658+9a15711d', 'cpu':'x86_64', 'release':'8'}, {'reference':'toolbox-0.0.7-1.module+el8.2.0+6096+9c3f08f3', 'release':'8'}, {'reference':'udica-0.2.1-2.module+el8.2.0+4896+8f613c81', 'release':'8'} ], }; flag = 0; appstreams_found = 0; foreach module (keys(appstreams)) { appstream = NULL; appstream_name = NULL; appstream_version = NULL; appstream_split = split(module, sep:':', keep:FALSE); if (!empty_or_null(appstream_split)) { appstream_name = appstream_split[0]; appstream_version = appstream_split[1]; appstream = get_kb_item('Host/RedHat/appstream/' + appstream_name); } if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') { appstreams_found++; foreach package_array ( appstreams[module] ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++; } } } } if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module container-tools:rhel8'); if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'buildah / buildah-debugsource / buildah-tests / etc'); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-1937.NASL description The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1937 advisory. - containers/image: Container images read entire image manifest into memory (CVE-2020-1702) - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-05-08 modified 2020-05-05 plugin id 136320 published 2020-05-05 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136320 title RHEL 7 / 8 : OpenShift Container Platform 4.4.3 cri-o (RHSA-2020:1937) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:1937. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(136320); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/07/14"); script_cve_id("CVE-2020-1702", "CVE-2020-8945"); script_xref(name:"RHSA", value:"2020:1937"); script_name(english:"RHEL 7 / 8 : OpenShift Container Platform 4.4.3 cri-o (RHSA-2020:1937)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing one or more security updates."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:1937 advisory. - containers/image: Container images read entire image manifest into memory (CVE-2020-1702) - proglottis/gpgme: Use-after-free in GPGME bindings during container image pull (CVE-2020-8945) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/400.html"); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/416.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:1937"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1702"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-8945"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1792796"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1795838"); script_set_attribute(attribute:"solution", value: "Update the affected cri-o and / or cri-o-debugsource packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8945"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_cwe_id(400, 416); script_set_attribute(attribute:"vuln_publication_date", value:"2020/02/12"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/04"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/05"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:openshift:4.4"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:openshift:4.4::el7"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:openshift:4.4::el8"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cri-o"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cri-o-debugsource"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^(7|8)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 8.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'cri-o-1.17.4-8.dev.rhaos4.4.git5f5c5e4.el7', 'cpu':'x86_64', 'release':'7'}, {'reference':'cri-o-1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8', 'cpu':'x86_64', 'release':'8'}, {'reference':'cri-o-debugsource-1.17.4-8.dev.rhaos4.4.git5f5c5e4.el8', 'cpu':'x86_64', 'release':'8'} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (reference && release) { if (rpm_spec_vers_cmp) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:TRUE)) flag++; } else { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch)) flag++; } } } if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cri-o / cri-o-debugsource'); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2020-2218.NASL description The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2218 advisory. - containers/image: Container images read entire image manifest into memory (CVE-2020-1702) Note that Nessus has not tested for this issue but has instead relied only on the application last seen 2020-06-01 modified 2020-06-01 plugin id 136977 published 2020-06-01 reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/136977 title RHEL 7 : OpenShift Container Platform 3.11 (RHSA-2020:2218) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2020:2218. The text # itself is copyright (C) Red Hat, Inc. # include('compat.inc'); if (description) { script_id(136977); script_version("1.1"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/01"); script_cve_id("CVE-2020-1702"); script_xref(name:"RHSA", value:"2020:2218"); script_name(english:"RHEL 7 : OpenShift Container Platform 3.11 (RHSA-2020:2218)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute(attribute:"synopsis", value: "The remote Red Hat host is missing a security update."); script_set_attribute(attribute:"description", value: "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2218 advisory. - containers/image: Container images read entire image manifest into memory (CVE-2020-1702) Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/400.html"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:2218"); script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-1702"); script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1792796"); script_set_attribute(attribute:"solution", value: "Update the affected cri-o package."); script_set_attribute(attribute:"risk_factor", value:"Low"); script_cwe_id(400); script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/28"); script_set_attribute(attribute:"patch_publication_date", value:"2020/05/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/06/01"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:openshift:3.11"); script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:openshift:3.11::el7"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cri-o"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Red Hat Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include('audit.inc'); include('global_settings.inc'); include('misc_func.inc'); include('rpm.inc'); if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item('Host/RedHat/release'); if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat'); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat'); os_ver = os_ver[1]; if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver); if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item('Host/cpu'); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu); pkgs = [ {'reference':'cri-o-1.11.16-0.9.dev.rhaos3.11.git6d43aae.el7', 'cpu':'x86_64', 'release':'7'} ]; flag = 0; foreach package_array ( pkgs ) { reference = NULL; release = NULL; sp = NULL; cpu = NULL; el_string = NULL; rpm_spec_vers_cmp = NULL; epoch = NULL; allowmaj = NULL; if (!empty_or_null(package_array['reference'])) reference = package_array['reference']; if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release']; if (!empty_or_null(package_array['sp'])) sp = package_array['sp']; if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu']; if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string']; if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp']; if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch']; if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj']; if (reference && release) { if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++; } } if (flag) { security_report_v4( port : 0, severity : SECURITY_NOTE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cri-o'); }
Redhat
rpms |
|