Lucene search

K
amazonAmazonALAS2-2021-1576
HistoryJan 05, 2021 - 11:34 p.m.

Medium: cloud-init

2021-01-0523:34:00
alas.aws.amazon.com
10

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

5.9 Medium

AI Score

Confidence

High

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

17.8%

Issue Overview:

The default cloud-init configuration included “ssh_deletekeys: 0”, disabling cloud-init’s deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks. (CVE-2018-10896)

A flaw was found in cloud-init, where it uses the random.choice function when creating sensitive random strings used for generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the password of the victim user. (CVE-2020-8631)

A flaw was found in cloud-init, where it uses short passwords when generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the password of the victim user. (CVE-2020-8632)

Affected Packages:

cloud-init

Note:

This advisory is applicable to Amazon Linux 2 (AL2) Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories.

Issue Correction:
Run yum update cloud-init to update your system.

New Packages:

noarch:  
    cloud-init-19.3-4.amzn2.noarch  
  
src:  
    cloud-init-19.3-4.amzn2.src  

Additional References

Red Hat: CVE-2018-10896, CVE-2020-8631, CVE-2020-8632

Mitre: CVE-2018-10896, CVE-2020-8631, CVE-2020-8632

OSVersionArchitecturePackageVersionFilename
Amazon Linux2noarchcloud-init< 19.3-4.amzn2cloud-init-19.3-4.amzn2.noarch.rpm

7.1 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

5.9 Medium

AI Score

Confidence

High

3.6 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

17.8%