ID MSF:POST/LINUX/GATHER/ENUM_XCHAT Type metasploit Reporter Rapid7 Modified 2020-04-22T13:07:19
Description
This module will collect XChat's config files and chat logs from the victim's machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The CONFIGS option can be used to collect information such as channel settings, channel/server passwords, etc. The CHATS option will simply download all the .log files.
{"id": "MSF:POST/LINUX/GATHER/ENUM_XCHAT", "type": "metasploit", "bulletinFamily": "exploit", "title": "Linux Gather XChat Enumeration", "description": "This module will collect XChat's config files and chat logs from the victim's machine. There are three actions you may choose: CONFIGS, CHATS, and ALL. The CONFIGS option can be used to collect information such as channel settings, channel/server passwords, etc. The CHATS option will simply download all the .log files.\n", "published": "2012-03-31T05:15:21", "modified": "2020-04-22T13:07:19", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "", "reporter": "Rapid7", "references": [], "cvelist": [], "lastseen": "2020-06-26T13:04:39", "viewCount": 30, "enchantments": {"score": {"value": 5.8, "vector": "NONE", "modified": "2020-06-26T13:04:39", "rev": 2}, "dependencies": {"references": [{"type": "symantec", "idList": ["SMNTC-111398"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892254", "OPENVAS:1361412562311220201698"]}, {"type": "ossfuzz", "idList": ["OSSFUZZ-23715"]}, {"type": "cve", "idList": ["CVE-2019-20892", "CVE-2020-5967"]}, {"type": "threatpost", "idList": ["THREATPOST:972202A633AD7E38B95647F050D95060", "THREATPOST:9530BF61FA72CF3E2B226C171BB8C5E7"]}, {"type": "thn", "idList": ["THN:BC9DF7EFEF0B10B6EB993A3B31B97DCA"]}, {"type": "nessus", "idList": ["PHOTONOS_PHSA-2020-3_0-0105_GETTEXT.NASL", "PHOTONOS_PHSA-2020-3_0-0104_PERL.NASL", "ORACLELINUX_ELSA-2020-2663.NASL", "SLACKWARE_SSA_2020-176-02.NASL", "ORACLELINUX_ELSA-2020-2664.NASL", "REDHAT-RHSA-2020-2670.NASL", "PHOTONOS_PHSA-2020-3_0-0104_LIBJPEG.NASL", "PHOTONOS_PHSA-2020-3_0-0105_NGHTTP2.NASL", "SLACKWARE_SSA_2020-176-01.NASL", "PHOTONOS_PHSA-2020-1_0-0302_PERL.NASL"]}, {"type": "ubuntu", "idList": ["USN-4404-2"]}], "modified": "2020-06-26T13:04:39", "rev": 2}, "vulnersScore": 5.8}, "sourceHref": "https://github.com/rapid7/metasploit-framework/blob/master//modules/post/linux/gather/enum_xchat.rb", "sourceData": "", "metasploitReliability": "", "metasploitHistory": ""}
{"rst": [{"lastseen": "2021-03-05T00:00:00", "bulletinFamily": "ioc", "cvelist": [], "description": "Found **45[.]94.141.58** in [RST Threat Feed](https://www.rstcloud.net/profeed) with score **47**.\n First seen: 2021-03-02T03:00:00, Last seen: 2021-03-05T03:00:00.\n IOC tags: **shellprobe, generic**.\nASN 52193: (First IP 45.94.140.0, Last IP 45.94.143.255).\nASN Name \"LINUXAS\" and Organisation \"Linux Security Group\".\nASN hosts 22 domains.\nGEO IP information: City \"Staraya Russa\", Country \"Russia\".\n[https://rstcloud.net/](https://rstcloud.net/)", "edition": 1, "modified": "2021-03-02T00:00:00", "id": "RST:6A4F62E5-91A9-35B2-BB77-F55C6956C934", "href": "", "published": "2021-03-06T00:00:00", "title": "RST Threat feed. IOC: 45.94.141.58", "type": "rst", "cvss": {}}], "threatpost": [{"lastseen": "2021-03-05T20:17:46", "bulletinFamily": "info", "cvelist": [], "description": "A communications and IT vendor for 90 percent of the world\u2019s airlines, SITA, has been breached, compromising passenger data stored on the company\u2019s U.S. servers in what the company is calling a \u201chighly sophisticated attack.\u201d\n\nThe affected servers are in Atlanta, and belong to the SITA Passenger Service System (SITA PSS), company spokeswoman Edna Ayme-Yahil told Threatpost. SITA PSS operates the systems for processing airline passenger data and belongs to a group of SITA companies, headquartered in the E.U.\n\n[Malaysia Air](<https://threatpost.com/malaysia-air-downplays-data-breach/164472/>) and [Singapore Airlines](<https://www.singaporeair.com/en_UK/sg/media-centre/news-alert/?id=kltm93p0>) have already made headlines in recent days after alerting their customers they\u2019ve been compromised as part of the attack.\n\nYahil declined to say how many users have been affected for confidentiality reasons, but Singapore Airlines reported more than 580,000 impacted customers alone, meaning the compromise could ultimately impact millions of users.\n\n\u201cEach affected airline has been provided with the details of the exact type of data that has been compromised, including details of the number of data records within each of the relevant data categories,\u201d Yahil said.\n\n## **Frequent-Flyer Data Compromised **\n\nWhile the company didn\u2019t comment specifically on the types of data exposed, \u201csave to say that it does include some personal data of airline passengers,\u201d Yahil added. \u201cMany airlines have issued public statements confirming what types of data have been affected in relation to their passengers.\u201d\n\nAirline members of the Star Alliance, including Luthansa, New Zealand Air and Singapore Airlines, along with OneWorld members Cathay Pacific, Finnair, Japan Airlines and [Malaysia Air](<https://threatpost.com/malaysia-air-downplays-data-breach/164472/>), have already started communicating with its at-risk users, Yahil told Threatpost, adding that South Korean airline JeJu Air\u2019s passenger data was also compromised.\n\n\u201cThe data security incident occurred at our third-party IT service provider and not Malaysia Airlines\u2019 computer systems,\u201d the Malaysia Air\u2019s Twitter account said about the breach earlier this week, without mentioning SITA by name. \u201cHowever, the airline is monitoring any suspicious activity concerning its members\u2019 accounts and in constant contact with the affected IT service provider to secure Enrich members\u2019 data and investigate the incident\u2019s scope and causes.\u201d\n\nThe systems are linked by SITA PSS so that one airline can recognize frequent-flyer benefits from other carriers.\n\n\u201cSITA PSS was holding the data of airlines that are not its direct customers, but are alliance members, because other airlines that are SITA PSS customers have an obligation to recognize the frequent flyer status of individual passengers and ensure that such passengers receive the appropriate privileges when they fly with them,\u201d Yahil explained to Threatpost. \u201cThat obligation arises from the contractual commitments that the other airline has agreed in its contractual arrangements with an alliance organization.\u201d\n\nShe added, \u201cIt is common practice for alliance members to recognize the frequent-flyer scheme tiers of the passengers they carry. This mandates the sharing of frequent-flyer data amongst alliance members and, consequently, the service providers to those alliance members (such as SITA).\u201d\n\n## **Airline Supply-Chain Attacks on The Rise **\n\nWhile details on how the attack happened are scant, HackerOne solutions architect Shlomie Liberow said SITA\u2019s trove of personal data would be tantalizing for cybercriminals.\n\n\u201cIt\u2019s not clear yet what the attack vector was in the SITA breach, but HackerOne vulnerability data shows that the aviation and aerospace industry see more privilege escalation and SQL-injection vulnerabilities than any other industry, accounting for 57 percent of the vulnerabilities reported to these companies by ethical hackers,\u201d Liberow explained. \u201cSITA would be an attractive target for criminals due to the sensitive nature of the information they hold \u2014 names, addresses, passport data.\u201d\n\nLiberow said it\u2019s time for the airlines to dig in on securing their systems.\n\n\u201cWe\u2019ve seen the aviation industry particularly hard hit over the past year, perhaps because criminals know they will be vulnerable and their focus and priorities on remaining in business. However, traditional enterprises like airlines have always been an attractive target since few are digital-first businesses, and therefore have relied on legacy software, which is more likely to be out-of-date or have existing vulnerabilities that can be exploited,\u201d Liberow added.\n\n## **Locking Down the Software Supply Chain **\n\nThe breach is yet another in a long list of recent brutal attacks on third-party supply-chain providers to target larger, more secure organizations. The most well-known recent event is the [SolarWinds breach](<https://threatpost.com/microsoft-solarwinds-azure-exchange-code/164104/>) of the U.S. government; and there\u2019s also the spate of [global zero-day attacks](<https://threatpost.com/accellion-zero-day-attacks-clop-ransomware-fin11/164150/>) on users of the Accellion legacy File Transfer Appliance product.\n\n\u201cThe proliferated effect of the attack on SITA is yet another example of how vulnerable organizations can be solely on the basis of their connections to third-party vendors,\u201d said Ran Nahmias, co-founder of Cyberpion. \u201cIf these kinds of seemingly legitimate connections are not properly monitored and protected, they can result in damaging breaches that unleash highly confidential data, as evidenced in this situation.\u201d\n\nThat means it\u2019s up to IT teams to evaluate the security of every company within their perimeter, Demi Ben-Air from Panorays said.\n\n\u201cYou simply cannot know whether your third parties meet your company\u2019s security controls and risk appetite until you\u2019ve completed a full vendor security assessment on them,\u201d Den-Air explained. \u201cBut through automated questionnaires, external footprint assessments and taking into consideration the business impact of the relationship, you can get a clear, up-to-date picture of supplier security risk. It\u2019s important to note that the best practice is not a \u2018one-and-done\u2019 activity, but through real-time, continuous monitoring.\u201d\n\nDavid Wheeler, director of open-source supply-chain security at the Linux Foundation, explained during a recent Threatpost webinar on how to lock down the supply chain that security-savvy IT pros should start asking for [SBOMs, or a software bill of materials](<https://threatpost.com/webinars/supply-chain-security-a-10-point-audit/>), before using any third-party solution. This will help ensure that the platform was written securely and with reliable code.\n\n\u201cToday\u2019s data breaches tell us it\u2019s no longer enough to secure your perimeter; you also have to secure your third parties, and their third parties,\u201d Ben-Ari warned.\n\n**_Check out our free [upcoming live webinar events](<https://threatpost.com/category/webinars/>) \u2013 unique, dynamic discussions with cybersecurity experts and the Threatpost community:_**\n\n * March 24: **Economics of 0-Day Disclosures: The Good, Bad and Ugly **([Learn more and register!](<https://threatpost.com/webinars/economics-of-0-day-disclosures-the-good-bad-and-ugly/>))\n * April 21: **Underground Markets: A Tour of the Dark Economy **([Learn more and register!](<https://threatpost.com/webinars/underground-markets-a-tour-of-the-dark-economy/>))\n", "modified": "2021-03-05T19:52:39", "published": "2021-03-05T19:52:39", "id": "THREATPOST:29B07A8A2EBA41F46CE6710CC2374FD5", "href": "https://threatpost.com/supply-chain-cyberattack-airlines/164549/", "type": "threatpost", "title": "Sprawling Cyberattack Breaches Several Airlines", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-03-05T16:44:35", "bulletinFamily": "info", "cvelist": ["CVE-2018-10561", "CVE-2018-10562", "CVE-2019-16920", "CVE-2019-19781"], "description": "Researchers have discovered what they say is the first variant of the Gafgyt botnet family to cloak its activity using the Tor network.\n\nGafgyt, a [botnet that was uncovered in 2014](<https://threatpost.com/mirai-gafgyt-botnets-return-to-target-infamous-apache-struts-sonicwall-flaws/137309/>), has become infamous for launching large-scale distributed denial-of-service (DDoS) attacks. Researchers first discovered activity from the newest variant, which they call Gafgyt_tor, on Feb. 15.\n\nIn order to evade detection, Gafgyt_tor uses Tor to hide its command-and-control (C2) communications, and encrypts sensitive strings in the samples. The use of [Tor by malware families is nothing new;](<https://threatpost.com/chewbacca-latest-malware-to-take-a-liking-to-tor/103220/>) however, researchers said they haven\u2019t seen Gafgyt leveraging the anonymity network until now.\n\n[](<https://threatpost.com/newsletter-sign/>)\n\n\u201cCompared with other Gafgyt variants, the biggest change of Gafgyt_tor is that the C2 communication is based on Tor, which increases the difficulty of detection and blocking,\u201d said researchers with NetLab 360 [on Thursday](<https://blog.netlab.360.com/gafgtyt_tor-and-necro-are-on-the-move-again/>). \u201cThe Tor-based C2 communication mechanism has been seen in other families we have analyzed before\u2026 but this is the first time we encountered it in the Gafgyt family.\u201d\n\n## **Gafgyt_tor Botnet: Propagation and New Functionalities**\n\nThe botnet is mainly propagated through weak Telnet passwords \u2013 a common issue on [internet of things devices](<https://threatpost.com/hacker-leaks-more-than-500k-telnet-credentials-for-iot-devices/152015/>) \u2013 and through exploiting three vulnerabilities. These vulnerabilities include a remote code execution flaw (CVE-2019-16920) [in D-Link devices](<https://threatpost.com/d-link-routers-zero-day-flaws/162064/>); a remote code execution vulnerability in Liferay enterprise portal software (for which no CVE is available); and a flaw (CVE-2019-19781) in Citrix Application Delivery Controller.\n\nResearchers said that the code structure of Gafgyt_tor\u2019s main function \u2013 which adds the Tor proxy function to provide the IP server\u2019s address \u2013 shows widespread changes.\n\n\u201cThe original initConnection() function, which is responsible for establishing the C2 connection, is gone, replaced by a large section of code responsible for establishing the Tor connection,\u201d they said.\n\n## **New Tor Capabilities, Commands**\n\nWithin this large section of code exists tor_socket_init, a function that is responsible for initializing a list of proxy nodes with IP addresses and a port. Researchers said that over 100 Tor proxies can be built in in this way \u2013 and new samples are continually updating the proxy list.\n\n[](<https://media.threatpost.com/wp-content/uploads/sites/103/2021/03/05101946/ver1_ver2_cmp_cfg.en_.png>)\n\nThe new versus old code structure for the Gafgyt variant. Credit: NetLab 360\n\n\u201cAfter initializing the proxy list, the sample will select a random node from the list to enable Tor communication via tor_retrieve_addr and tor_retrieve_port,\u201d said researchers.\n\nAfter it establishes a connection with the C2, the botnet requests wvp3te7pkfczmnnl.onion through the darknet, from which it then awaits commands.\n\n\u201cThe core function of Gafgyt_tor is still DDoS attacks and scanning, so it mostly follows the common Gafgyt directive,\u201d said researchers. They noted, a new directive called LDSERVER has been added to the botnet, which allows the C2 to quickly specify servers from which the payloads are downloaded. This allows attackers to quickly switch courses should an attacker-owned download server be identified and blocked, said researchers.\n\n\u201cThis directive means that C2 can dynamically switch download servers, so that it can quickly switch to a new download server to continue propagation if the current one is blocked,\u201d said researchers,\n\n## **Links to Freak Threat Actor, Other Botnets**\n\nResearchers said that the variant shares the same origin with the Gafgyt samples distributed by a threat group that NetLab 360 researchers call the keksec group, and that other researchers [call the Freak threat actor](<https://research.checkpoint.com/2021/freakout-leveraging-newest-vulnerabilities-for-creating-a-botnet/>). They said, the keksec group reuses code and IP addresses between various other bot families, including the Tsunami botnet as well as the Necro botnet family uncovered in January.\n\n\u201cWe think that Gafgyt_tor and Necro are very likely operated by the same group of people, who have a pool of IP addresses and multiple botnet source codes, and have the ability of continuous development,\u201d said researchers. \u201cIn actual operation, they form different families of botnets, but reuse infrastructure such as IP address.\u201d\n\n## **Other Gafgyt Botnet Variants**\n\nGafgyt.tor is only the latest variant of the popular botnet to come to light. In 2019, researchers warned of a [new Gafgyt variant adding vulnerable IoT devices](<https://threatpost.com/valve-source-engine-fortnite-servers-crippled-by-gafgyt-variant/149719/>) to its botnet arsenal and using them to cripple gaming servers worldwide.\n\nIn 2018, researchers said they discovered new variants for the Mirai and [Gafgyt IoT botnets ](<https://threatpost.com/mirai-gafgyt-botnets-return-to-target-infamous-apache-struts-sonicwall-flaws/137309/>)targeting well-known vulnerabilities in Apache Struts and SonicWall; as well as a separate attack actively launching two IoT/Linux botnet [campaigns](<https://threatpost.com/d-link-dasan-routers-under-attack-in-yet-another-assault/134255/>), exploiting the [CVE-2018-10562 and CVE-2018-10561 bugs in Dasan routers](<https://threatpost.com/millions-of-home-fiber-routers-vulnerable-to-complete-takeover/131593/>).\n\nMore recently, last year a botnet called [Hoaxcalls emerged](<https://threatpost.com/hoaxcalls-botnet-symantec-secure-web-gateways/155806/>), as a variant of the Gafgyt family. The botnet, which can be marshalled for large-scale distributed denial-of-service (DDoS) campaigns, is spreading [via an unpatched vulnerability](<https://threatpost.com/fast-moving-ddos-botnet-unpatched-zyxel-rce-bug/155059/>) impacting the ZyXEL Cloud CNM SecuManager.\n\n**_Check out our free _****_[upcoming live webinar events](<https://threatpost.com/category/webinars/>)_****_ \u2013 unique, dynamic discussions with cybersecurity experts and the Threatpost community:_** \n\u00b7 March 24: **Economics of 0-Day Disclosures: The Good, Bad and Ugly** ([Learn more and register!](<https://threatpost.com/webinars/economics-of-0-day-disclosures-the-good-bad-and-ugly/>)) \n\u00b7 April 21: **Underground Markets: A Tour of the Dark Economy** ([Learn more and register!](<https://threatpost.com/webinars/underground-markets-a-tour-of-the-dark-economy/>))\n", "modified": "2021-03-05T15:55:41", "published": "2021-03-05T15:55:41", "id": "THREATPOST:B7F31FCDC8936516C077D39FEF9235AA", "href": "https://threatpost.com/d-link-iot-tor-gafgyt-variant/164529/", "type": "threatpost", "title": "D-Link, IoT Devices Under Attack By Tor-Based Gafgyt Variant", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}], "cve": [{"lastseen": "2021-03-06T16:42:12", "description": "An issue was discovered in the Linux kernel through 5.11.3, as used with Xen PV. A certain part of the netback driver lacks necessary treatment of errors such as failed memory allocations (as a result of changes to the handling of grant mapping errors). A host OS denial of service may occur during misbehavior of a networking frontend driver. NOTE: this issue exists because of an incomplete fix for CVE-2021-26931.", "edition": 1, "cvss3": {}, "published": "2021-03-05T18:15:00", "title": "CVE-2021-28038", "type": "cve", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2021-28038"], "modified": "2021-03-05T19:15:00", "cpe": [], "id": "CVE-2021-28038", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28038", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}, {"lastseen": "2021-03-06T16:42:12", "description": "An issue was discovered in the Linux kernel 5.9.x through 5.11.3, as used with Xen. In some less-common configurations, an x86 PV guest OS user can crash a Dom0 or driver domain via a large amount of I/O activity. The issue relates to misuse of guest physical addresses when a configuration has CONFIG_XEN_UNPOPULATED_ALLOC but not CONFIG_XEN_BALLOON_MEMORY_HOTPLUG.", "edition": 1, "cvss3": {}, "published": "2021-03-05T18:15:00", "title": "CVE-2021-28039", "type": "cve", "cwe": [], "bulletinFamily": "NVD", "cvss2": {}, "cvelist": ["CVE-2021-28039"], "modified": "2021-03-05T19:15:00", "cpe": [], "id": "CVE-2021-28039", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-28039", "cvss": {"score": 0.0, "vector": "NONE"}, "cpe23": []}], "pentestpartners": [{"lastseen": "2021-03-05T15:28:59", "bulletinFamily": "blog", "cvelist": [], "description": "\n\n### TL;DR\n\n * Electronic flight bags (EFBs) are devices that flight crews use to help with flight management tasks\n * Different airlines use different devices e.g. iPads, netbooks, custom devices\n * Some are carried on by flight crew, others are built-in to the cockpit\n * Some important functions are carried out by some EFBs for some airlines, particularly engine thrust calculations for take off (\u2018perf\u2019)\n\nBefore we go in to the detail, it\u2019s important to understand what an EFB does and how they are used:\n\n### Introduction\n\nElectronic Flight Bags (EFBs) are becoming increasingly common to find on Flight Decks. They have been available for purchase since 2005 when the very first EFB was successfully trialled on flights from Miami. They come in all shapes and sizes - their functions vary significantly depending on the device used, the software installed, specific airline procedures and aircraft type specific procedures.\n\nCommon devices include Apple iPads, Surface Pro tablets, Windows / Linux based laptop computers and custom made devices developed specifically to be used as EFBs. Common functions include calculation of critical data used by the pilots (e.g. takeoff thrust setting) and the storage / display of navigation charts and manuals to the pilots.\n\n\n\nThe benefits of using EFBs are well documented \u2013 one benefit which stands out in particular is fuel saving. By removing heavy paper manuals from the flight deck (as they can now be viewed on an EFB) the weight saving is estimated to be anywhere up to 100kg per flight. The cost saving as a result of the reduced fuel burn due to lighter aircraft weight is estimated in the large airlines to be in the region of several million dollars every year.\n\nThis blog series demonstrates some potential consequences of the manipulation of data by a malicious hacker \u2013 and just how important the testing and assessment of EFB security is. It is important to consider however that airlines and aircraft can vary significantly in their Standard Operating Procedures (SOPs). Some airlines / aircraft will have multiple cross-checks to prevent some of the errors discussed in this blog series. Some airlines / aircraft don\u2019t use cross-checks. The items discussed are not intended as an exhaustive list but highlight some of the possible outcomes as a result of EFB tampering.\n\nThe Garbage In Garbage Out concept is well understood by pilots and is considered to be the main threat when using applications on EFBs - the concept that the actual application could be faulty is almost inconceivable. In particular with regards to aircraft performance applications pilots spend hours rehearsing and practising methods for ensuring entries are correct.\n\nWhat they don\u2019t consider is what if the application is not applying the correct formula for the mathematical calculations being performed \u2013 or alternatively what if the output the pilot sees is not the output the application calculated.\n\nAnother consideration is James Reasons\u2019 Swiss Cheese Model of Accident Causation. This likens an organisations defences to a series of slices of [randomly-holed Swiss Cheese](<https://image.slidesharecdn.com/malaysiaairlinesflightmh370whatwentwrongwebversion-140504092857-phpapp02/95/malaysia-airlines-flight-mh370-what-went-wrong-46-638.jpg?cb=1399299315>).\n\n### Data manipulation\n\nManipulation of data not only helps to align the holes of the swiss cheese \u2013 in some of the situations discussed in this blog series there are few layers of \u201ccheese\u201d there to prevent an incident / accident occurring.\n\nMany of the targets that discussed in this series have both direct and indirect tampering / manipulation methods.\n\nDirect manipulation: The direct and intentional modification of a target to produce a different output / function to that which is expected or intended.\n\nIndirect manipulation: Manipulation of a target by the modification of a different target which consequentially changes the output / function of another target.\n\n**Calculators can\u2019t be faulty, right?**\n\n### Class differences\n\nPreviously there were multiple methods for categorising EFBs, the most common method using the Class 1 / 2 / 3 system. Through 2016 and 2017 these methods were harmonized under ICAO resulting in two classes of EFB, **Installed** and **Portable**.\n\nIf EFB equipment supporting EFB applications is incorporated into aircraft type design (or as an official alteration), it is classed as Installed. If however EFB equipment is not part of the aircraft type design (nor is it an official alteration) then it is classed as Portable \u2013 regardless of how often it is removed from the aircraft. Portable EFBs are considered to be portable electronic devices (PEDs).\n\nWithin both classes, there is a great variety of hardware and software being used. Operating systems can be either standard systems (e.g. Windows or Linux) or custom-written operating systems. For example Austrian Airlines and Lufthansa use the Surface Pro 3 tablet whereas American Airlines and Delta Airlines use Apple iPads.\n\n**Installed EFB**: Can carry Type **A** and **B** applications \nIncorporated into the aircraft type design (or as an official alteration). Subject to normal airworthiness requirements and under design control. Approval is included in the aircraft\u2019s type certificate or in a supplemental type certificate. Software may need to be partitioned so that non-certified applications do not interfere with certified avionics functions.\n\n\n\nImage: Installed EFB\n\n**Portable EFB**: Can carry Type **A** and **B** applications\n\n * Not part of the aircraft type design (nor an official alteration). These devices are considered PEDs. Generally have self-contained power and may rely on data connectivity to achieve full functionality.\n * The term \u201cportable\u201d does not mean the device is regularly removed from the aircraft. In some cases, it\u2019s permanently fixed to the aircraft.\n\n### Applications explained\n\nThere are 3 Application Types: **A**, **B** and **C**.\n\n#### Type A:\n\n * Have a failure condition classification considered to be no safety effect\n * Do not substitute for or replace any paper, system or equipment required by regulations\n * Do not require specific authorisation for use\n\nExamples include:\n\nMinimum equipment lists Configuration Deviation Lists Chart Supplements Aircraft parts manuals Pilot flight and duty-time logs \nCaptain\u2019s Report Trip scheduling Antiterrorism profile data Hazardous materials tables Airline Policy & Procedures Manuals\n\nMinimum equipment lists | Configuration Deviation Lists | Chart Supplements | Aircraft parts manuals | Pilot flight and duty-time logs \n---|---|---|---|--- \nCaptain\u2019s Report | Trip scheduling | Antiterrorism profile data | Hazardous materials tables | Airline Policy & Procedures Manuals \n \n#### Type B:\n\n * Have a failure condition classification considered minor\n * May substitute or replace paper products of information required for dispatch\n * May not substitute for or replace any installed equipment required by regulations\n * Require specific authorization for operational use\n\nExamples include:\n\nManuals including SOPs, Aircraft Flight, Maintenance, Flight Operations etc. Master Flight Plan Power Settings for Reduced Thrust Settings Runway Limiting Performance Calculations Company Standard Operating Procedures \nOperating Information Manuals (Weight & Balance / Limitations etc) Weight & Balance Calculations Flight Planning Software Aeronautical Charts (e.g. Departure / Approach) Non-interactive Electronic Checklists\n\nManuals including SOPs, Aircraft Flight, Maintenance, Flight Operations etc. | Master Flight Plan | Power Settings for Reduced Thrust Settings | Runway Limiting Performance Calculations | Company Standard Operating Procedures \n---|---|---|---|--- \nOperating Information Manuals (Weight & Balance / Limitations etc) | Weight & Balance Calculations | Flight Planning Software | Aeronautical Charts (e.g. Departure / Approach) | Non-interactive Electronic Checklists \n \n#### Type C:\n\nNot considered potential EFB applications. Policy is that any non-Type A or non-Type B application should undergo a full airworthiness approval and thus become a certified avionics function. These can be used as a multi-function display (MFD) and can incorporate other functions such as depicting weather radar / navigation information.\n\nAirlines decide what documentation / processes they want to put on EFBs. This varies from airline to airline and within companies varies significantly between each aircraft type. For example one airline uses the Boeing Electronic Logbook on their longhaul fleet but still use paper technical and cabin logs on their shorthaul fleet.\n\nMany airlines order aircraft from the manufacturer but without the manufacturer installed EFB and instead use their own software on other devices (Apple iPads being a common device).\n\nConnectivity between the EFB and the aircraft varies with many portable EFBs not requiring any connection for their designed functions \u2013 even the power source is often from a battery pack rather than from the aircraft power supply. EFBs towards the more advanced end of the scale will need a connection to the aircraft.\n\nIn the A350 case each pilot has a docking station they can connect their company / personal laptop to. This enables them to use the aircraft fitted keyboard and touchscreens, and it displays the company / personal laptop on the outer screen in front of the pilots. The outer screens are called the Onboard Information System (OIS) and are designed to display EFB applications from stowed laptops.\n\n\n\nImage: OIS EFB Display\n\n### EFB Functions\n\nThese are just a few examples;\n\n * Electronic checklists: Normal, abnormal and emergency checklists\n * Flight briefing / planning: Flight plan storage, completion, modification, and submission\n * Maintenance: Discrepancy signoff logs\n * Mass & balance calculations: Positioning/distribution of cargo, fuel, and passengers\n * Performance calculations: Takeoff, enroute, landing, go-around and emergency performance calculations\n * Reporting: Internal safety reporting\n * Rostering: Flight/duty time records\n * Weather: Airfield and en-route live weather viewing\n\n### EFBs and engine performance calculation (\u2018perf\u2019)\n\nRunning airplane engines at high power causes extra engine wear. This can significantly increase maintenance cost and also uses more fuel than necessary.\n\nIf the takeoff runway is long enough and other factors (air temperature, weight, wind direction, altitude, obstacle clearance etc) are favourable, it\u2019s not necessary to run the engines at full power to take off safely.\n\nThis is achieved in one of two ways: either to \u2018de-rate\u2019 the engine by electronically limiting it, or to input different temperature data, causing the engine to produce less thrust. The latter is known as \u2018flexible temperature\u2019 or FLEX and will be marked as FLX on the throttles of many Airbus craft:\n\n\n\nProducing less thrust is advantageous for engine maintenance, but clearly results in a longer ground roll, slower acceleration and a reduced rate of climb. The thrust calculations are made by the pilots, entered in to the flight management system and cross checked. Historic errors in the calculations have caused incidents, so electronic aids are increasingly employed, usually an electronic flight bag.\n\nData that contributes to the calculations includes the runway length. This is typically contained in a database in the EFB\n\nIt doesn\u2019t take much to realise that incorrect data can cause very serious issues. There are a few reported incidents per year where pilots have calculated incorrect thrust levels. In nearly all cases, the plane takes off very late on the runway, often clearing obstacles by very small margins or resulting in a damaging tail strike. In some cases, crashes have occurred as the airplane overran the runway.\n\nExamples:\n\n**A321, 24/11/2019** \u2013 flex temp of 79C keyed instead of 49C, a result of distraction during checks. Airplane lifted off ~400m from end of runway\n\n**A319, 29/11/2019** \u2013 wrong runway intersection entered, artificially increasing available runway for perf calcs, both pilots made the same error. Airplane lifted off ~300m later than intended.\n\nIn most cases, highly-trained crews recognise the lack of performance and apply increased thrust (\u2018TOGA\u2019) . It doesn\u2019t always end this well though:\n\nHere\u2019s a Royal Maroc 737 flight that very nearly went badly wrong for similar reasons: <https://www.youtube.com/watch?v=Kle80KB_s3I>\n\nWatch as the pilot rotates too early with insufficient thrust, settles back on to the runway and nearly strikes the tail\n\n**Qatar Airways 777, 15/11/2015** \u2013 again misreading information and taking the wrong runway intersection. Airplane struck approach lights, tearing an 18 inch gash in the fuselage\n\n**MK Airlines 747, 14/10/2004** \u2013 crew fatigue may have resulted in incorrect weight data being entered in the EFB. Sadly, the airplane crashed shortly after take off with the loss of the crew.\n\nElectronic flight bags are therefore an increasingly important part of airplane reliability, safety and efficiency.\n\n### What's next?\n\nWe\u2019ve got 3 more blogs to come in this particular series about EFB security. Watch this space\u2026.\n\nThe post [Security Blog](<https://www.pentestpartners.com/security-blog/>) first appeared on [Pen Test Partners](<https://www.pentestpartners.com>).", "modified": "2021-03-05T06:49:02", "published": "2021-03-05T06:49:02", "id": "PENTESTPARTNERS:258F99514946CE4AB80199CE1F72E687", "href": "https://www.pentestpartners.com/security-blog/efb-tampering-introduction-and-class-differences/", "type": "pentestpartners", "title": "EFB Tampering. Introduction and Class Differences", "cvss": {"score": 0.0, "vector": "NONE"}}], "nessus": [{"lastseen": "2021-03-07T05:14:12", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-0735 advisory.\n\n - Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too\n many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file\n descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept\n new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is\n configured, then this lead to an excessive memory usage and cause the system to run out of memory.\n (CVE-2021-22883)\n\n - Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the\n whitelist includes localhost6. When localhost6 is not present in /etc/hosts, it is just an ordinary\n domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or\n can spoof its responses, the DNS rebinding protection can be bypassed by using the localhost6 domain. As\n long as the attacker uses the localhost6 domain, they can still apply the attack described in\n CVE-2018-7160. (CVE-2021-22884)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-05T00:00:00", "title": "Oracle Linux 8 : SUMM: / nodejs:10 (ELSA-2021-0735)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-22884", "CVE-2018-7160", "CVE-2021-22883"], "modified": "2021-03-05T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:nodejs-packaging", "p-cpe:/a:oracle:linux:nodejs-full-i18n", "p-cpe:/a:oracle:linux:nodejs-docs", "p-cpe:/a:oracle:linux:nodejs", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:nodejs-nodemon", "p-cpe:/a:oracle:linux:npm", "p-cpe:/a:oracle:linux:nodejs-devel"], "id": "ORACLELINUX_ELSA-2021-0735.NASL", "href": "https://www.tenable.com/plugins/nessus/147168", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-0735.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147168);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/05\");\n\n script_cve_id(\"CVE-2021-22883\", \"CVE-2021-22884\");\n\n script_name(english:\"Oracle Linux 8 : SUMM: / nodejs:10 (ELSA-2021-0735)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-0735 advisory.\n\n - Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too\n many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file\n descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept\n new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is\n configured, then this lead to an excessive memory usage and cause the system to run out of memory.\n (CVE-2021-22883)\n\n - Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the\n whitelist includes localhost6. When localhost6 is not present in /etc/hosts, it is just an ordinary\n domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or\n can spoof its responses, the DNS rebinding protection can be bypassed by using the localhost6 domain. As\n long as the attacker uses the localhost6 domain, they can still apply the attack described in\n CVE-2018-7160. (CVE-2021-22884)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-0735.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-22884\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nodejs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nodejs-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nodejs-full-i18n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nodejs-nodemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nodejs-packaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:npm\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'nodejs-10.24.0-1.module+el8.3.0+9671+154373c8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-10.24.0-1.module+el8.3.0+9671+154373c8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-devel-10.24.0-1.module+el8.3.0+9671+154373c8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-devel-10.24.0-1.module+el8.3.0+9671+154373c8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-docs-10.24.0-1.module+el8.3.0+9671+154373c8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-full-i18n-10.24.0-1.module+el8.3.0+9671+154373c8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-full-i18n-10.24.0-1.module+el8.3.0+9671+154373c8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-nodemon-1.18.3-1.module+el8.1.0+5392+4d6b561f', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-packaging-17-3.module+el8.1.0+5392+4d6b561f', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'npm-6.14.11-1.10.24.0.1.module+el8.3.0+9671+154373c8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'npm-6.14.11-1.10.24.0.1.module+el8.3.0+9671+154373c8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs / nodejs-devel / nodejs-docs / etc');\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-06T01:05:49", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0736 advisory.\n\n - OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781)\n\n - OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995)\n (CVE-2020-14782)\n\n - OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803)\n\n - IBM JDK: Stack-based buffer overflow when converting from UTF-8 characters to platform encoding\n (CVE-2020-27221)\n\n - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415)\n (CVE-2020-2773)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-05T00:00:00", "title": "RHEL 8 : java-1.8.0-ibm (RHSA-2021:0736)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-27221", "CVE-2020-14803", "CVE-2020-14782", "CVE-2020-14781", "CVE-2020-2773"], "modified": "2021-03-05T00:00:00", "cpe": ["cpe:/a:redhat:enterprise_linux:8::crb", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm", "cpe:/o:redhat:enterprise_linux:8::baseos", "cpe:/a:redhat:enterprise_linux:8::resilientstorage", "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::sap_hana", "cpe:/a:redhat:enterprise_linux:8::sap", "cpe:/a:redhat:enterprise_linux:8::realtime", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-headless", "cpe:/a:redhat:enterprise_linux:8::nfv", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-webstart", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-jdbc", "cpe:/a:redhat:enterprise_linux:8::highavailability", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-src", "cpe:/a:redhat:enterprise_linux:8::supplementary"], "id": "REDHAT-RHSA-2021-0736.NASL", "href": "https://www.tenable.com/plugins/nessus/147142", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0736. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147142);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/05\");\n\n script_cve_id(\n \"CVE-2020-2773\",\n \"CVE-2020-14781\",\n \"CVE-2020-14782\",\n \"CVE-2020-14803\",\n \"CVE-2020-27221\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0736\");\n\n script_name(english:\"RHEL 8 : java-1.8.0-ibm (RHSA-2021:0736)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0736 advisory.\n\n - OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781)\n\n - OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995)\n (CVE-2020-14782)\n\n - OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803)\n\n - IBM JDK: Stack-based buffer overflow when converting from UTF-8 characters to platform encoding\n (CVE-2020-27221)\n\n - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415)\n (CVE-2020-2773)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/119.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/248.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/295.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/319.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/367.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14781\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14803\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27221\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0736\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1823224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1928555\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27221\");\n script_cwe_id(119, 248, 295, 319, 367);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8::baseos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::crb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::highavailability\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::nfv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::realtime\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::resilientstorage\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::sap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::sap_hana\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::supplementary\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-headless\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-src\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-webstart\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'enterprise_linux_8_highavailability': [\n 'rhel-8-for-aarch64-highavailability-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-rpms',\n 'rhel-8-for-aarch64-highavailability-source-rpms',\n 'rhel-8-for-s390x-highavailability-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-rpms',\n 'rhel-8-for-s390x-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-rpms',\n 'rhel-8-for-x86_64-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'enterprise_linux_8_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-rpms',\n 'rhel-8-for-s390x-resilientstorage-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-rpms',\n 'rhel-8-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_8_sap': [\n 'rhel-8-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-rpms',\n 'rhel-8-for-s390x-sap-netweaver-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_8_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-rpms',\n 'rhel-8-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_8_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-rpms',\n 'rhel-8-for-aarch64-supplementary-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-rpms',\n 'rhel-8-for-s390x-supplementary-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-rpms',\n 'rhel-8-for-x86_64-supplementary-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2021:0736');\n}\n\npkgs = [\n {'reference':'java-1.8.0-ibm-1.8.0.6.25-2.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'java-1.8.0-ibm-1.8.0.6.25-2.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'java-1.8.0-ibm-demo-1.8.0.6.25-2.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'java-1.8.0-ibm-demo-1.8.0.6.25-2.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'java-1.8.0-ibm-devel-1.8.0.6.25-2.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'java-1.8.0-ibm-devel-1.8.0.6.25-2.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'java-1.8.0-ibm-headless-1.8.0.6.25-2.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'java-1.8.0-ibm-headless-1.8.0.6.25-2.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'java-1.8.0-ibm-jdbc-1.8.0.6.25-2.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'java-1.8.0-ibm-jdbc-1.8.0.6.25-2.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'java-1.8.0-ibm-plugin-1.8.0.6.25-2.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'java-1.8.0-ibm-src-1.8.0.6.25-2.el8_3', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'java-1.8.0-ibm-src-1.8.0.6.25-2.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'java-1.8.0-ibm-webstart-1.8.0.6.25-2.el8_3', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-1.8.0-ibm / java-1.8.0-ibm-demo / java-1.8.0-ibm-devel / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-06T01:05:48", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0717 advisory.\n\n - OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781)\n\n - OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995)\n (CVE-2020-14782)\n\n - OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803)\n\n - IBM JDK: Stack-based buffer overflow when converting from UTF-8 characters to platform encoding\n (CVE-2020-27221)\n\n - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415)\n (CVE-2020-2773)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-05T00:00:00", "title": "RHEL 7 : java-1.8.0-ibm (RHSA-2021:0717)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-27221", "CVE-2020-14803", "CVE-2020-14782", "CVE-2020-14781", "CVE-2020-2773"], "modified": "2021-03-05T00:00:00", "cpe": ["cpe:/a:redhat:rhel_extras_sap:7", "cpe:/o:redhat:enterprise_linux:7::server", "cpe:/o:redhat:enterprise_linux:7::container", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-devel", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-plugin", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-demo", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm", "cpe:/a:redhat:rhel_extras:7", "cpe:/o:redhat:enterprise_linux:7::containers", "cpe:/a:redhat:rhel_extras_oracle_java:7", "cpe:/o:redhat:enterprise_linux:7::computenode", "cpe:/a:redhat:rhel_extras_rt:7", "cpe:/o:redhat:enterprise_linux:7", "cpe:/a:redhat:rhel_extras_sap_hana:7", "cpe:/o:redhat:enterprise_linux:7::workstation", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-jdbc", "cpe:/o:redhat:enterprise_linux:7::client", "p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-src"], "id": "REDHAT-RHSA-2021-0717.NASL", "href": "https://www.tenable.com/plugins/nessus/147140", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0717. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147140);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/05\");\n\n script_cve_id(\n \"CVE-2020-2773\",\n \"CVE-2020-14781\",\n \"CVE-2020-14782\",\n \"CVE-2020-14803\",\n \"CVE-2020-27221\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0717\");\n\n script_name(english:\"RHEL 7 : java-1.8.0-ibm (RHSA-2021:0717)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0717 advisory.\n\n - OpenJDK: Credentials sent over unencrypted LDAP connection (JNDI, 8237990) (CVE-2020-14781)\n\n - OpenJDK: Certificate blacklist bypass via alternate certificate encodings (Libraries, 8237995)\n (CVE-2020-14782)\n\n - OpenJDK: Race condition in NIO Buffer boundary checks (Libraries, 8244136) (CVE-2020-14803)\n\n - IBM JDK: Stack-based buffer overflow when converting from UTF-8 characters to platform encoding\n (CVE-2020-27221)\n\n - OpenJDK: Unexpected exceptions raised by DOMKeyInfoFactory and DOMXMLSignatureFactory (Security, 8231415)\n (CVE-2020-2773)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/119.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/248.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/295.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/319.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/367.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2773\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14781\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14803\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-27221\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0717\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1823224\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889274\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889290\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889895\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1928555\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27221\");\n script_cwe_id(119, 248, 295, 319, 367);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/04/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7::client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7::computenode\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7::container\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7::containers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7::server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7::workstation\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_extras:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_extras_oracle_java:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_extras_rt:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_extras_sap:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:rhel_extras_sap_hana:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-demo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-jdbc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-plugin\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:java-1.8.0-ibm-src\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_7_client': [\n 'rhel-7-desktop-debug-rpms',\n 'rhel-7-desktop-fastrack-debug-rpms',\n 'rhel-7-desktop-fastrack-rpms',\n 'rhel-7-desktop-fastrack-source-rpms',\n 'rhel-7-desktop-optional-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-debug-rpms',\n 'rhel-7-desktop-optional-fastrack-rpms',\n 'rhel-7-desktop-optional-fastrack-source-rpms',\n 'rhel-7-desktop-optional-rpms',\n 'rhel-7-desktop-optional-source-rpms',\n 'rhel-7-desktop-rpms',\n 'rhel-7-desktop-source-rpms'\n ],\n 'enterprise_linux_7_computenode': [\n 'rhel-7-for-hpc-node-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-fastrack-rpms',\n 'rhel-7-for-hpc-node-fastrack-source-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-debug-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-rpms',\n 'rhel-7-for-hpc-node-optional-fastrack-source-rpms',\n 'rhel-7-hpc-node-debug-rpms',\n 'rhel-7-hpc-node-optional-debug-rpms',\n 'rhel-7-hpc-node-optional-rpms',\n 'rhel-7-hpc-node-optional-source-rpms',\n 'rhel-7-hpc-node-rpms',\n 'rhel-7-hpc-node-source-rpms'\n ],\n 'enterprise_linux_7_server': [\n 'rhel-7-for-system-z-a-debug-rpms',\n 'rhel-7-for-system-z-a-optional-debug-rpms',\n 'rhel-7-for-system-z-a-optional-rpms',\n 'rhel-7-for-system-z-a-optional-source-rpms',\n 'rhel-7-for-system-z-a-rpms',\n 'rhel-7-for-system-z-a-source-rpms',\n 'rhel-7-for-system-z-debug-rpms',\n 'rhel-7-for-system-z-fastrack-debug-rpms',\n 'rhel-7-for-system-z-fastrack-rpms',\n 'rhel-7-for-system-z-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-rpms',\n 'rhel-7-for-system-z-optional-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-rpms',\n 'rhel-7-for-system-z-optional-source-rpms',\n 'rhel-7-for-system-z-rpms',\n 'rhel-7-for-system-z-source-rpms',\n 'rhel-7-server-debug-rpms',\n 'rhel-7-server-fastrack-debug-rpms',\n 'rhel-7-server-fastrack-rpms',\n 'rhel-7-server-fastrack-source-rpms',\n 'rhel-7-server-optional-debug-rpms',\n 'rhel-7-server-optional-fastrack-debug-rpms',\n 'rhel-7-server-optional-fastrack-rpms',\n 'rhel-7-server-optional-fastrack-source-rpms',\n 'rhel-7-server-optional-rpms',\n 'rhel-7-server-optional-source-rpms',\n 'rhel-7-server-rpms',\n 'rhel-7-server-source-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-source-rpms',\n 'rhel-ha-for-rhel-7-server-debug-rpms',\n 'rhel-ha-for-rhel-7-server-rpms',\n 'rhel-ha-for-rhel-7-server-source-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-source-rpms',\n 'rhel-rs-for-rhel-7-server-debug-rpms',\n 'rhel-rs-for-rhel-7-server-rpms',\n 'rhel-rs-for-rhel-7-server-source-rpms'\n ],\n 'enterprise_linux_7_workstation': [\n 'rhel-7-workstation-debug-rpms',\n 'rhel-7-workstation-fastrack-debug-rpms',\n 'rhel-7-workstation-fastrack-rpms',\n 'rhel-7-workstation-fastrack-source-rpms',\n 'rhel-7-workstation-optional-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-debug-rpms',\n 'rhel-7-workstation-optional-fastrack-rpms',\n 'rhel-7-workstation-optional-fastrack-source-rpms',\n 'rhel-7-workstation-optional-rpms',\n 'rhel-7-workstation-optional-source-rpms',\n 'rhel-7-workstation-rpms',\n 'rhel-7-workstation-source-rpms'\n ],\n 'rhel_extras_7': [\n 'rhel-7-desktop-supplementary-rpms',\n 'rhel-7-desktop-supplementary-source-rpms',\n 'rhel-7-for-hpc-node-supplementary-rpms',\n 'rhel-7-for-hpc-node-supplementary-source-rpms',\n 'rhel-7-for-system-z-eus-supplementary-rpms',\n 'rhel-7-for-system-z-eus-supplementary-source-rpms',\n 'rhel-7-for-system-z-supplementary-debug-rpms',\n 'rhel-7-for-system-z-supplementary-rpms',\n 'rhel-7-for-system-z-supplementary-source-rpms',\n 'rhel-7-hpc-node-eus-supplementary-rpms',\n 'rhel-7-server-eus-supplementary-rpms',\n 'rhel-7-server-supplementary-rpms',\n 'rhel-7-server-supplementary-source-rpms',\n 'rhel-7-workstation-supplementary-rpms',\n 'rhel-7-workstation-supplementary-source-rpms'\n ],\n 'rhel_extras_oracle_java_7': [\n 'rhel-7-desktop-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-for-hpc-node-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-hpc-node-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-server-eus-restricted-maintenance-oracle-java-source-rpms',\n 'rhel-7-server-restricted-maintenance-oracle-java-rpms',\n 'rhel-7-workstation-restricted-maintenance-oracle-java-rpms'\n ],\n 'rhel_extras_rt_7': [\n 'rhel-7-server-nfv-debug-rpms',\n 'rhel-7-server-nfv-rpms',\n 'rhel-7-server-nfv-source-rpms',\n 'rhel-7-server-rt-debug-rpms',\n 'rhel-7-server-rt-rpms',\n 'rhel-7-server-rt-source-rpms'\n ],\n 'rhel_extras_sap_7': [\n 'rhel-sap-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-eus-source-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-rpms',\n 'rhel-sap-for-rhel-7-for-system-z-source-rpms',\n 'rhel-sap-for-rhel-7-server-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-for-rhel-7-server-eus-rpms',\n 'rhel-sap-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-for-rhel-7-server-rpms',\n 'rhel-sap-for-rhel-7-server-source-rpms'\n ],\n 'rhel_extras_sap_hana_7': [\n 'rhel-sap-hana-for-rhel-7-server-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-rpms',\n 'rhel-sap-hana-for-rhel-7-server-e4s-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-debug-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-rpms',\n 'rhel-sap-hana-for-rhel-7-server-eus-source-rpms',\n 'rhel-sap-hana-for-rhel-7-server-rpms',\n 'rhel-sap-hana-for-rhel-7-server-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2021:0717');\n}\n\npkgs = [\n {'reference':'java-1.8.0-ibm-1.8.0.6.25-1jpp.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-1.8.0-ibm-1.8.0.6.25-1jpp.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-1.8.0-ibm-demo-1.8.0.6.25-1jpp.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-1.8.0-ibm-demo-1.8.0.6.25-1jpp.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-1.8.0-ibm-devel-1.8.0.6.25-1jpp.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-1.8.0-ibm-devel-1.8.0.6.25-1jpp.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-1.8.0-ibm-jdbc-1.8.0.6.25-1jpp.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-1.8.0-ibm-jdbc-1.8.0.6.25-1jpp.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-1.8.0-ibm-plugin-1.8.0.6.25-1jpp.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-1.8.0-ibm-src-1.8.0.6.25-1jpp.1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']},\n {'reference':'java-1.8.0-ibm-src-1.8.0.6.25-1jpp.1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_7_client', 'enterprise_linux_7_computenode', 'enterprise_linux_7_server', 'enterprise_linux_7_workstation', 'rhel_extras_7', 'rhel_extras_oracle_java_7', 'rhel_extras_rt_7', 'rhel_extras_sap_7', 'rhel_extras_sap_hana_7']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'java-1.8.0-ibm / java-1.8.0-ibm-demo / java-1.8.0-ibm-devel / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-07T06:00:14", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0734 advisory.\n\n - nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion (CVE-2021-22883)\n\n - nodejs: DNS rebinding in --inspect (CVE-2021-22884)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 9.1, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-03-05T00:00:00", "title": "RHEL 8 : nodejs:12 (RHSA-2021:0734)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-22884", "CVE-2021-22883"], "modified": "2021-03-05T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:nodejs-packaging", "cpe:/a:redhat:enterprise_linux:8::crb", "p-cpe:/a:redhat:enterprise_linux:nodejs", "p-cpe:/a:redhat:enterprise_linux:npm", "p-cpe:/a:redhat:enterprise_linux:nodejs-nodemon", "cpe:/o:redhat:enterprise_linux:8::baseos", "p-cpe:/a:redhat:enterprise_linux:nodejs-full-i18n", "cpe:/a:redhat:enterprise_linux:8::resilientstorage", "cpe:/a:redhat:enterprise_linux:8::appstream", "cpe:/a:redhat:enterprise_linux:8::sap_hana", "cpe:/a:redhat:enterprise_linux:8::sap", "cpe:/a:redhat:enterprise_linux:8::realtime", "p-cpe:/a:redhat:enterprise_linux:nodejs-docs", "cpe:/a:redhat:enterprise_linux:8::nfv", "p-cpe:/a:redhat:enterprise_linux:nodejs-devel", "cpe:/o:redhat:enterprise_linux:8", "cpe:/a:redhat:enterprise_linux:8::highavailability", "cpe:/a:redhat:enterprise_linux:8::supplementary"], "id": "REDHAT-RHSA-2021-0734.NASL", "href": "https://www.tenable.com/plugins/nessus/147143", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0734. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147143);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/05\");\n\n script_cve_id(\"CVE-2021-22883\", \"CVE-2021-22884\");\n script_xref(name:\"RHSA\", value:\"2021:0734\");\n script_xref(name:\"IAVB\", value:\"2021-B-0012\");\n\n script_name(english:\"RHEL 8 : nodejs:12 (RHSA-2021:0734)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0734 advisory.\n\n - nodejs: HTTP2 'unknownProtocol' cause DoS by resource exhaustion (CVE-2021-22883)\n\n - nodejs: DNS rebinding in --inspect (CVE-2021-22884)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-22883\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-22884\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0734\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1932014\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1932024\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-22884\");\n script_cwe_id(20, 400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8::baseos\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::appstream\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::crb\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::highavailability\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::nfv\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::realtime\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::resilientstorage\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::sap\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::sap_hana\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:enterprise_linux:8::supplementary\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-full-i18n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-nodemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:nodejs-packaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:npm\");\n script_set_attribute(attribute:\"stig_severity\", value:\"II\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'enterprise_linux_8_highavailability': [\n 'rhel-8-for-aarch64-highavailability-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-rpms',\n 'rhel-8-for-aarch64-highavailability-source-rpms',\n 'rhel-8-for-s390x-highavailability-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-rpms',\n 'rhel-8-for-s390x-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-rpms',\n 'rhel-8-for-x86_64-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'enterprise_linux_8_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-rpms',\n 'rhel-8-for-s390x-resilientstorage-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-rpms',\n 'rhel-8-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_8_sap': [\n 'rhel-8-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-rpms',\n 'rhel-8-for-s390x-sap-netweaver-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_8_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-rpms',\n 'rhel-8-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_8_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-rpms',\n 'rhel-8-for-aarch64-supplementary-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-rpms',\n 'rhel-8-for-s390x-supplementary-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-rpms',\n 'rhel-8-for-x86_64-supplementary-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2021:0734');\n}\n\nmodule_ver = get_kb_item('Host/RedHat/appstream/nodejs');\nif (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:12');\nif ('12' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module nodejs:' + module_ver);\n\nappstreams = {\n 'nodejs:12': [\n {'reference':'nodejs-12.21.0-1.module+el8.3.0+10191+34fb5a07', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'nodejs-12.21.0-1.module+el8.3.0+10191+34fb5a07', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'nodejs-12.21.0-1.module+el8.3.0+10191+34fb5a07', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'nodejs-devel-12.21.0-1.module+el8.3.0+10191+34fb5a07', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'nodejs-devel-12.21.0-1.module+el8.3.0+10191+34fb5a07', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'nodejs-devel-12.21.0-1.module+el8.3.0+10191+34fb5a07', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'nodejs-docs-12.21.0-1.module+el8.3.0+10191+34fb5a07', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'nodejs-full-i18n-12.21.0-1.module+el8.3.0+10191+34fb5a07', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'nodejs-full-i18n-12.21.0-1.module+el8.3.0+10191+34fb5a07', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'nodejs-full-i18n-12.21.0-1.module+el8.3.0+10191+34fb5a07', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'nodejs-nodemon-2.0.3-1.module+el8.3.0+9715+1718613f', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'nodejs-packaging-17-3.module+el8.1.0+3369+37ae6a45', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'npm-6.14.11-1.12.21.0.1.module+el8.3.0+10191+34fb5a07', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'npm-6.14.11-1.12.21.0.1.module+el8.3.0+10191+34fb5a07', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'npm-6.14.11-1.12.21.0.1.module+el8.3.0+10191+34fb5a07', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']}\n ]\n};\n\nflag = 0;\nappstreams_found = 0;\nforeach module (keys(appstreams)) {\n appstream = NULL;\n appstream_name = NULL;\n appstream_version = NULL;\n appstream_split = split(module, sep:':', keep:FALSE);\n if (!empty_or_null(appstream_split)) {\n appstream_name = appstream_split[0];\n appstream_version = appstream_split[1];\n if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);\n }\n if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {\n appstreams_found++;\n foreach package_array ( appstreams[module] ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n }\n}\n\nif (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module nodejs:12');\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get();\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs / nodejs-devel / nodejs-docs / nodejs-full-i18n / etc');\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-07T05:14:12", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-0734 advisory.\n\n - Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too\n many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file\n descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept\n new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is\n configured, then this lead to an excessive memory usage and cause the system to run out of memory.\n (CVE-2021-22883)\n\n - Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the\n whitelist includes localhost6. When localhost6 is not present in /etc/hosts, it is just an ordinary\n domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or\n can spoof its responses, the DNS rebinding protection can be bypassed by using the localhost6 domain. As\n long as the attacker uses the localhost6 domain, they can still apply the attack described in\n CVE-2018-7160. (CVE-2021-22884)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-05T00:00:00", "title": "Oracle Linux 8 : SUMM: / nodejs:12 (ELSA-2021-0734)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-22884", "CVE-2018-7160", "CVE-2021-22883"], "modified": "2021-03-05T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:nodejs-packaging", "p-cpe:/a:oracle:linux:nodejs-full-i18n", "p-cpe:/a:oracle:linux:nodejs-docs", "p-cpe:/a:oracle:linux:nodejs", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:nodejs-nodemon", "p-cpe:/a:oracle:linux:npm", "p-cpe:/a:oracle:linux:nodejs-devel"], "id": "ORACLELINUX_ELSA-2021-0734.NASL", "href": "https://www.tenable.com/plugins/nessus/147167", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-0734.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147167);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/05\");\n\n script_cve_id(\"CVE-2021-22883\", \"CVE-2021-22884\");\n\n script_name(english:\"Oracle Linux 8 : SUMM: / nodejs:12 (ELSA-2021-0734)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-0734 advisory.\n\n - Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to a denial of service attack when too\n many connection attempts with an 'unknownProtocol' are established. This leads to a leak of file\n descriptors. If a file descriptor limit is configured on the system, then the server is unable to accept\n new connections and prevent the process also from opening, e.g. a file. If no file descriptor limit is\n configured, then this lead to an excessive memory usage and cause the system to run out of memory.\n (CVE-2021-22883)\n\n - Node.js before 10.24.0, 12.21.0, 14.16.0, and 15.10.0 is vulnerable to DNS rebinding attacks as the\n whitelist includes localhost6. When localhost6 is not present in /etc/hosts, it is just an ordinary\n domain that is resolved via DNS, i.e., over network. If the attacker controls the victim's DNS server or\n can spoof its responses, the DNS rebinding protection can be bypassed by using the localhost6 domain. As\n long as the attacker uses the localhost6 domain, they can still apply the attack described in\n CVE-2018-7160. (CVE-2021-22884)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-0734.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-22884\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nodejs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nodejs-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nodejs-docs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nodejs-full-i18n\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nodejs-nodemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:nodejs-packaging\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:npm\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'nodejs-12.21.0-1.module+el8.3.0+9672+c7b0544d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-12.21.0-1.module+el8.3.0+9672+c7b0544d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-devel-12.21.0-1.module+el8.3.0+9672+c7b0544d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-devel-12.21.0-1.module+el8.3.0+9672+c7b0544d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-docs-12.21.0-1.module+el8.3.0+9672+c7b0544d', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-full-i18n-12.21.0-1.module+el8.3.0+9672+c7b0544d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-full-i18n-12.21.0-1.module+el8.3.0+9672+c7b0544d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'nodejs-nodemon-2.0.3-1.module+el8.3.0+9643+8c99e187', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'nodejs-packaging-17-3.module+el8.1.0+5393+aaf413e3', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'npm-6.14.11-1.12.21.0.1.module+el8.3.0+9672+c7b0544d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'npm-6.14.11-1.12.21.0.1.module+el8.3.0+9672+c7b0544d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs / nodejs-devel / nodejs-docs / etc');\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-06T00:15:39", "description": "The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-0699 advisory.\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI\n command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a\n Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable\n content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure\n Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability\n is to data confidentiality and integrity, as well as system availability. (CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a\n module used as a dependency without checking if any other dependent module is still loaded leading to a\n use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot\n protections. The highest threat from this vulnerability is to data confidentiality and integrity as well\n as system availability. (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are\n read with very little bounds checking and assumes the USB device is providing sane values. If properly\n exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a\n bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality\n and integrity as well as system availability. (CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied\n command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage,\n without sufficient bounds checking. If the function is called with a command line that references a\n variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack\n frame and control execution which could also circumvent Secure Boot protections. The highest threat from\n this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking\n allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent\n SecureBoot protections after proper triage about grub's memory layout. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past\n the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms\n of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs\n a length calculation on the assumption that expressing a quoted single quote will require 3 characters,\n while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each\n quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as\n well as system availability. (CVE-2021-20233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-05T00:00:00", "title": "Oracle Linux 7 : grub2 (ELSA-2021-0699)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25632", "CVE-2021-20233", "CVE-2020-25647", "CVE-2020-27779", "CVE-2020-27749", "CVE-2020-14372", "CVE-2021-20225"], "modified": "2021-03-05T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:grub2-efi-ia32-modules", "p-cpe:/a:oracle:linux:grub2-pc-modules", "p-cpe:/a:oracle:linux:grub2-efi-x64-cdboot", "p-cpe:/a:oracle:linux:grub2-efi-aa64", "p-cpe:/a:oracle:linux:grub2-tools", "p-cpe:/a:oracle:linux:grub2-tools-minimal", "p-cpe:/a:oracle:linux:grub2-efi-aa64-cdboot", "p-cpe:/a:oracle:linux:grub2-efi-x64", "p-cpe:/a:oracle:linux:grub2-efi-x64-modules", "p-cpe:/a:oracle:linux:grub2-pc", "p-cpe:/a:oracle:linux:grub2-efi-ia32-cdboot", "cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:grub2", "p-cpe:/a:oracle:linux:grub2-common", "p-cpe:/a:oracle:linux:grub2-tools-extra", "p-cpe:/a:oracle:linux:grub2-efi-ia32"], "id": "ORACLELINUX_ELSA-2021-0699.NASL", "href": "https://www.tenable.com/plugins/nessus/147141", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-0699.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147141);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/05\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n\n script_name(english:\"Oracle Linux 7 : grub2 (ELSA-2021-0699)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-0699 advisory.\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI\n command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a\n Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable\n content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure\n Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability\n is to data confidentiality and integrity, as well as system availability. (CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a\n module used as a dependency without checking if any other dependent module is still loaded leading to a\n use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot\n protections. The highest threat from this vulnerability is to data confidentiality and integrity as well\n as system availability. (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are\n read with very little bounds checking and assumes the USB device is providing sane values. If properly\n exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a\n bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality\n and integrity as well as system availability. (CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied\n command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage,\n without sufficient bounds checking. If the function is called with a command line that references a\n variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack\n frame and control execution which could also circumvent Secure Boot protections. The highest threat from\n this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking\n allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent\n SecureBoot protections after proper triage about grub's memory layout. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past\n the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms\n of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs\n a length calculation on the assumption that expressing a quoted single quote will require 3 characters,\n while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each\n quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as\n well as system availability. (CVE-2021-20233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-0699.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27749\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-aa64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-aa64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-tools-minimal\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'grub2-2.02-0.87.0.7.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-2.02-0.87.0.8.el7_9.2', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-common-2.02-0.87.0.7.el7_9.2', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-2.02-0.87.0.8.el7_9.2', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-cdboot-2.02-0.87.0.8.el7_9.2', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-0.87.0.7.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-0.87.0.7.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-0.87.0.7.el7_9.2', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-0.87.0.7.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-0.87.0.7.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-0.87.0.7.el7_9.2', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-0.87.0.7.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-0.87.0.7.el7_9.2', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.87.0.7.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-0.87.0.8.el7_9.2', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.87.0.7.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-0.87.0.8.el7_9.2', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.87.0.7.el7_9.2', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-0.87.0.8.el7_9.2', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grub2 / grub2-common / grub2-efi-aa64 / etc');\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-07T05:14:12", "description": "The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-0696 advisory.\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI\n command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a\n Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable\n content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure\n Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability\n is to data confidentiality and integrity, as well as system availability. (CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a\n module used as a dependency without checking if any other dependent module is still loaded leading to a\n use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot\n protections. The highest threat from this vulnerability is to data confidentiality and integrity as well\n as system availability. (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are\n read with very little bounds checking and assumes the USB device is providing sane values. If properly\n exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a\n bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality\n and integrity as well as system availability. (CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied\n command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage,\n without sufficient bounds checking. If the function is called with a command line that references a\n variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack\n frame and control execution which could also circumvent Secure Boot protections. The highest threat from\n this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking\n allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent\n SecureBoot protections after proper triage about grub's memory layout. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past\n the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms\n of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs\n a length calculation on the assumption that expressing a quoted single quote will require 3 characters,\n while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each\n quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as\n well as system availability. (CVE-2021-20233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 9.8, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-05T00:00:00", "title": "Oracle Linux 8 : SUMM: / grub2 (ELSA-2021-0696)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-25632", "CVE-2021-20233", "CVE-2020-25647", "CVE-2020-27779", "CVE-2020-27749", "CVE-2020-14372", "CVE-2021-20225"], "modified": "2021-03-05T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:grub2-efi-aa64-modules", "p-cpe:/a:oracle:linux:grub2-efi-ia32-modules", "p-cpe:/a:oracle:linux:grub2-pc-modules", "p-cpe:/a:oracle:linux:grub2-efi-x64-cdboot", "p-cpe:/a:oracle:linux:grub2-efi-aa64", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:grub2-tools", "p-cpe:/a:oracle:linux:grub2-tools-minimal", "p-cpe:/a:oracle:linux:grub2-efi-aa64-cdboot", "p-cpe:/a:oracle:linux:grub2-efi-x64", "p-cpe:/a:oracle:linux:grub2-efi-x64-modules", "p-cpe:/a:oracle:linux:grub2-pc", "p-cpe:/a:oracle:linux:grub2-efi-ia32-cdboot", "p-cpe:/a:oracle:linux:grub2-tools-efi", "p-cpe:/a:oracle:linux:grub2-common", "p-cpe:/a:oracle:linux:grub2-tools-extra", "p-cpe:/a:oracle:linux:grub2-efi-ia32"], "id": "ORACLELINUX_ELSA-2021-0696.NASL", "href": "https://www.tenable.com/plugins/nessus/147169", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-0696.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147169);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/05\");\n\n script_cve_id(\n \"CVE-2020-14372\",\n \"CVE-2020-25632\",\n \"CVE-2020-25647\",\n \"CVE-2020-27749\",\n \"CVE-2020-27779\",\n \"CVE-2021-20225\",\n \"CVE-2021-20233\"\n );\n\n script_name(english:\"Oracle Linux 8 : SUMM: / grub2 (ELSA-2021-0696)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the\nELSA-2021-0696 advisory.\n\n - A flaw was found in grub2 in versions prior to 2.06, where it incorrectly enables the usage of the ACPI\n command when Secure Boot is enabled. This flaw allows an attacker with privileged access to craft a\n Secondary System Description Table (SSDT) containing code to overwrite the Linux kernel lockdown variable\n content directly into memory. The table is further loaded and executed by the kernel, defeating its Secure\n Boot lockdown and allowing the attacker to load unsigned code. The highest threat from this vulnerability\n is to data confidentiality and integrity, as well as system availability. (CVE-2020-14372)\n\n - A flaw was found in grub2 in versions prior to 2.06. The rmmod implementation allows the unloading of a\n module used as a dependency without checking if any other dependent module is still loaded leading to a\n use-after-free scenario. This could allow arbitrary code to be executed or a bypass of Secure Boot\n protections. The highest threat from this vulnerability is to data confidentiality and integrity as well\n as system availability. (CVE-2020-25632)\n\n - A flaw was found in grub2 in versions prior to 2.06. During USB device initialization, descriptors are\n read with very little bounds checking and assumes the USB device is providing sane values. If properly\n exploited, an attacker could trigger memory corruption leading to arbitrary code execution allowing a\n bypass of the Secure Boot mechanism. The highest threat from this vulnerability is to data confidentiality\n and integrity as well as system availability. (CVE-2020-25647)\n\n - A flaw was found in grub2 in versions prior to 2.06. Variable names present are expanded in the supplied\n command line into their corresponding variable contents, using a 1kB stack buffer for temporary storage,\n without sufficient bounds checking. If the function is called with a command line that references a\n variable with a sufficiently large payload, it is possible to overflow the stack buffer, corrupt the stack\n frame and control execution which could also circumvent Secure Boot protections. The highest threat from\n this vulnerability is to data confidentiality and integrity as well as system availability.\n (CVE-2020-27749)\n\n - A flaw was found in grub2 in versions prior to 2.06. The cutmem command does not honor secure boot locking\n allowing an privileged attacker to remove address ranges from memory creating an opportunity to circumvent\n SecureBoot protections after proper triage about grub's memory layout. The highest threat from this\n vulnerability is to data confidentiality and integrity as well as system availability. (CVE-2020-27779)\n\n - A flaw was found in grub2 in versions prior to 2.06. The option parser allows an attacker to write past\n the end of a heap-allocated buffer by calling certain commands with a large number of specific short forms\n of options. The highest threat from this vulnerability is to data confidentiality and integrity as well as\n system availability. (CVE-2021-20225)\n\n - A flaw was found in grub2 in versions prior to 2.06. Setparam_prefix() in the menu rendering code performs\n a length calculation on the assumption that expressing a quoted single quote will require 3 characters,\n while it actually requires 4 characters which allows an attacker to corrupt memory by one byte for each\n quote in the input. The highest threat from this vulnerability is to data confidentiality and integrity as\n well as system availability. (CVE-2021-20233)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-0696.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-27749\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-aa64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-aa64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-aa64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-ia32\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-ia32-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-ia32-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-x64\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-x64-cdboot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-efi-x64-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-pc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-pc-modules\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-tools-efi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-tools-extra\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:grub2-tools-minimal\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'grub2-common-2.02-90.0.2.el8_3.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-2.02-90.0.2.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-cdboot-2.02-90.0.2.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-aa64-modules-2.02-90.0.2.el8_3.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-2.02-90.0.2.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-cdboot-2.02-90.0.2.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-ia32-modules-2.02-90.0.2.el8_3.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-2.02-90.0.2.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-cdboot-2.02-90.0.2.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-efi-x64-modules-2.02-90.0.2.el8_3.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-2.02-90.0.2.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-pc-modules-2.02-90.0.2.el8_3.1', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-90.0.2.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-2.02-90.0.2.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-efi-2.02-90.0.2.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-90.0.2.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-extra-2.02-90.0.2.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-90.0.2.el8_3.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'grub2-tools-minimal-2.02-90.0.2.el8_3.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grub2-common / grub2-efi-aa64 / grub2-efi-aa64-cdboot / etc');\n}", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-07T05:14:12", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2021-0705 advisory.\n\n - A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged\n container are not correctly checked. This flaw can be abused by a low-privileged user inside the container\n to access any other file in the container, even if owned by the root user inside the container. It does\n not allow to directly escape the container, though being a privileged container means that a lot of\n security features are disabled when running the container. The highest threat from this vulnerability is\n to data confidentiality and integrity as well as system availability. (CVE-2021-20188)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 7.0, "vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-05T00:00:00", "title": "Oracle Linux 8 : SUMM: / container-tools:1.0 (ELSA-2021-0705)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-20188"], "modified": "2021-03-05T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:crit", "p-cpe:/a:oracle:linux:oci-umount", "p-cpe:/a:oracle:linux:runc", "p-cpe:/a:oracle:linux:criu", "p-cpe:/a:oracle:linux:podman-docker", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:containers-common", "p-cpe:/a:oracle:linux:fuse-overlayfs", "p-cpe:/a:oracle:linux:buildah", "p-cpe:/a:oracle:linux:skopeo", "p-cpe:/a:oracle:linux:containernetworking-plugins", "p-cpe:/a:oracle:linux:podman", "p-cpe:/a:oracle:linux:slirp4netns", "p-cpe:/a:oracle:linux:container-selinux", "p-cpe:/a:oracle:linux:python3-criu", "p-cpe:/a:oracle:linux:oci-systemd-hook"], "id": "ORACLELINUX_ELSA-2021-0705.NASL", "href": "https://www.tenable.com/plugins/nessus/147166", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-0705.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147166);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/05\");\n\n script_cve_id(\"CVE-2021-20188\");\n\n script_name(english:\"Oracle Linux 8 : SUMM: / container-tools:1.0 (ELSA-2021-0705)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2021-0705 advisory.\n\n - A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged\n container are not correctly checked. This flaw can be abused by a low-privileged user inside the container\n to access any other file in the container, even if owned by the root user inside the container. It does\n not allow to directly escape the container, though being a privileged container means that a lot of\n security features are disabled when running the container. The highest threat from this vulnerability is\n to data confidentiality and integrity as well as system availability. (CVE-2021-20188)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-0705.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20188\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:buildah\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:container-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:containernetworking-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:containers-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:crit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:criu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fuse-overlayfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:oci-systemd-hook\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:oci-umount\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:podman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:podman-docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-criu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:runc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:skopeo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:slirp4netns\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'buildah-1.5-8.gite94b4f9.0.1.module+el8.3.0+9668+293abd4d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'buildah-1.5-8.gite94b4f9.0.1.module+el8.3.0+9668+293abd4d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'container-selinux-2.124.0-1.gitf958d0c.module+el8.3.0+9668+293abd4d', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'containernetworking-plugins-0.7.4-4.git9ebe139.module+el8.3.0+9668+293abd4d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containernetworking-plugins-0.7.4-4.git9ebe139.module+el8.3.0+9668+293abd4d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containers-common-0.1.32-6.git1715c90.0.1.module+el8.3.0+9668+293abd4d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'containers-common-0.1.32-6.git1715c90.0.1.module+el8.3.0+9668+293abd4d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'crit-3.12-9.module+el8.3.0+9668+293abd4d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'crit-3.12-9.module+el8.3.0+9668+293abd4d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'criu-3.12-9.module+el8.3.0+9668+293abd4d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'criu-3.12-9.module+el8.3.0+9668+293abd4d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fuse-overlayfs-0.3-5.module+el8.3.0+9668+293abd4d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fuse-overlayfs-0.3-5.module+el8.3.0+9668+293abd4d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.3.0+9668+293abd4d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.3.0+9668+293abd4d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'oci-umount-2.3.4-2.git87f9237.module+el8.3.0+9668+293abd4d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'oci-umount-2.3.4-2.git87f9237.module+el8.3.0+9668+293abd4d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'podman-1.0.0-8.git921f98f.module+el8.3.0+9668+293abd4d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'podman-1.0.0-8.git921f98f.module+el8.3.0+9668+293abd4d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'podman-docker-1.0.0-8.git921f98f.module+el8.3.0+9668+293abd4d', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-criu-3.12-9.module+el8.3.0+9668+293abd4d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-criu-3.12-9.module+el8.3.0+9668+293abd4d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'runc-1.0.0-56.rc5.dev.git2abd837.module+el8.3.0+9668+293abd4d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'runc-1.0.0-56.rc5.dev.git2abd837.module+el8.3.0+9668+293abd4d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'skopeo-0.1.32-6.git1715c90.0.1.module+el8.3.0+9668+293abd4d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'skopeo-0.1.32-6.git1715c90.0.1.module+el8.3.0+9668+293abd4d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'slirp4netns-0.1-5.dev.gitc4e1bc5.module+el8.3.0+9668+293abd4d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'slirp4netns-0.1-5.dev.gitc4e1bc5.module+el8.3.0+9668+293abd4d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'buildah / container-selinux / containernetworking-plugins / etc');\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-03-07T05:14:12", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2021-0706 advisory.\n\n - A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged\n container are not correctly checked. This flaw can be abused by a low-privileged user inside the container\n to access any other file in the container, even if owned by the root user inside the container. It does\n not allow to directly escape the container, though being a privileged container means that a lot of\n security features are disabled when running the container. The highest threat from this vulnerability is\n to data confidentiality and integrity as well as system availability. (CVE-2021-20188)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 1, "cvss3": {"score": 7.0, "vector": "AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "published": "2021-03-05T00:00:00", "title": "Oracle Linux 8 : SUMM: / container-tools:2.0 (ELSA-2021-0706)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2021-20188"], "modified": "2021-03-05T00:00:00", "cpe": ["p-cpe:/a:oracle:linux:crit", "p-cpe:/a:oracle:linux:runc", "p-cpe:/a:oracle:linux:criu", "p-cpe:/a:oracle:linux:podman-docker", "p-cpe:/a:oracle:linux:buildah-tests", "p-cpe:/a:oracle:linux:podman-tests", "cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:containers-common", "p-cpe:/a:oracle:linux:podman-remote", "p-cpe:/a:oracle:linux:fuse-overlayfs", "p-cpe:/a:oracle:linux:conmon", "p-cpe:/a:oracle:linux:buildah", "p-cpe:/a:oracle:linux:skopeo", "p-cpe:/a:oracle:linux:containernetworking-plugins", "p-cpe:/a:oracle:linux:skopeo-tests", "p-cpe:/a:oracle:linux:udica", "p-cpe:/a:oracle:linux:podman", "p-cpe:/a:oracle:linux:slirp4netns", "p-cpe:/a:oracle:linux:python-podman-api", "p-cpe:/a:oracle:linux:container-selinux", "p-cpe:/a:oracle:linux:python3-criu", "p-cpe:/a:oracle:linux:cockpit-podman"], "id": "ORACLELINUX_ELSA-2021-0706.NASL", "href": "https://www.tenable.com/plugins/nessus/147170", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-0706.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147170);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/05\");\n\n script_cve_id(\"CVE-2021-20188\");\n\n script_name(english:\"Oracle Linux 8 : SUMM: / container-tools:2.0 (ELSA-2021-0706)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2021-0706 advisory.\n\n - A flaw was found in podman before 1.7.0. File permissions for non-root users running in a privileged\n container are not correctly checked. This flaw can be abused by a low-privileged user inside the container\n to access any other file in the container, even if owned by the root user inside the container. It does\n not allow to directly escape the container, though being a privileged container means that a lot of\n security features are disabled when running the container. The highest threat from this vulnerability is\n to data confidentiality and integrity as well as system availability. (CVE-2021-20188)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-0706.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-20188\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/02/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:buildah\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:buildah-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cockpit-podman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:conmon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:container-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:containernetworking-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:containers-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:crit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:criu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:fuse-overlayfs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:podman\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:podman-docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:podman-remote\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:podman-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python-podman-api\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-criu\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:runc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:skopeo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:skopeo-tests\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:slirp4netns\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:udica\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\npkgs = [\n {'reference':'buildah-1.11.6-8.0.1.module+el8.3.0+9670+b9fad87d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'buildah-1.11.6-8.0.1.module+el8.3.0+9670+b9fad87d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'buildah-tests-1.11.6-8.0.1.module+el8.3.0+9670+b9fad87d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'buildah-tests-1.11.6-8.0.1.module+el8.3.0+9670+b9fad87d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'cockpit-podman-11-1.module+el8.3.0+9670+b9fad87d', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'conmon-2.0.15-1.module+el8.3.0+9670+b9fad87d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'conmon-2.0.15-1.module+el8.3.0+9670+b9fad87d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'container-selinux-2.130.0-1.module+el8.3.0+9670+b9fad87d', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},\n {'reference':'containernetworking-plugins-0.8.3-4.0.1.module+el8.3.0+9670+b9fad87d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containernetworking-plugins-0.8.3-4.0.1.module+el8.3.0+9670+b9fad87d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containers-common-0.1.41-4.0.1.module+el8.3.0+9670+b9fad87d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'containers-common-0.1.41-4.0.1.module+el8.3.0+9670+b9fad87d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'crit-3.12-9.module+el8.3.0+9670+b9fad87d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'crit-3.12-9.module+el8.3.0+9670+b9fad87d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'criu-3.12-9.module+el8.3.0+9670+b9fad87d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'criu-3.12-9.module+el8.3.0+9670+b9fad87d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fuse-overlayfs-0.7.8-1.module+el8.3.0+9670+b9fad87d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'fuse-overlayfs-0.7.8-1.module+el8.3.0+9670+b9fad87d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'podman-1.6.4-26.0.1.module+el8.3.0+9670+b9fad87d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'podman-1.6.4-26.0.1.module+el8.3.0+9670+b9fad87d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'podman-docker-1.6.4-26.0.1.module+el8.3.0+9670+b9fad87d', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'podman-remote-1.6.4-26.0.1.module+el8.3.0+9670+b9fad87d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'podman-remote-1.6.4-26.0.1.module+el8.3.0+9670+b9fad87d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'podman-tests-1.6.4-26.0.1.module+el8.3.0+9670+b9fad87d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'podman-tests-1.6.4-26.0.1.module+el8.3.0+9670+b9fad87d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.3.0+9670+b9fad87d', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-criu-3.12-9.module+el8.3.0+9670+b9fad87d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-criu-3.12-9.module+el8.3.0+9670+b9fad87d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'runc-1.0.0-64.rc10.module+el8.3.0+9670+b9fad87d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'runc-1.0.0-64.rc10.module+el8.3.0+9670+b9fad87d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'skopeo-0.1.41-4.0.1.module+el8.3.0+9670+b9fad87d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'skopeo-0.1.41-4.0.1.module+el8.3.0+9670+b9fad87d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'skopeo-tests-0.1.41-4.0.1.module+el8.3.0+9670+b9fad87d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'skopeo-tests-0.1.41-4.0.1.module+el8.3.0+9670+b9fad87d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},\n {'reference':'slirp4netns-0.4.2-3.git21fdece.module+el8.3.0+9670+b9fad87d', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'slirp4netns-0.4.2-3.git21fdece.module+el8.3.0+9670+b9fad87d', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'udica-0.2.1-2.module+el8.3.0+9670+b9fad87d', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'buildah / buildah-tests / cockpit-podman / etc');\n}", "cvss": {"score": 6.9, "vector": "AV:L/AC:M/Au:N/C:C/I:C/A:C"}}], "oraclelinux": [{"lastseen": "2021-03-06T11:38:02", "bulletinFamily": "unix", "cvelist": ["CVE-2020-15706", "CVE-2020-25632", "CVE-2021-20233", "CVE-2020-15707", "CVE-2020-25647", "CVE-2020-27779", "CVE-2020-27749", "CVE-2020-14372", "CVE-2021-20225"], "description": "[2.02-90.0.2.el8_3.1]\n- Fix various coverity issues [Orabug: 32530657]\n- Add SBAT metadata to grubx64.efi [Orabug: 32530657]\n- Set proper blsdir if /boot is on btrfs rootfs [Orabug: 32063327]\n- Add CVE-2020-15706, CVE-2020-15707 to the list [Orabug: 31225072]\n- Update signing certificate for efi binaries\n- honor /etc/sysconfig/kernel DEFAULTKERNEL setting for BLS [Orabug: 30643497]\n- set EFIDIR as redhat for additional grub2 tools [Orabug: 29875597]\n- Update upstream references [Orabug: 26388226]\n- Copy symvers.gz to /boot during kernel install [Orabug: 29773086]\n- Insert Unbreakable Enterprise Kernel text into BLS config file [Orabug: 29417955]\n- fix symlink removal scriptlet, to be executed only on removal [Orabug: 19231481]\n- Fix comparison in patch for 18504756\n- Remove symlink to grub environment file during uninstall on EFI platforms [Orabug: 19231481]\n- Put 'with' in menuentry instead of 'using' [Orabug: 18504756]\n- Use different titles for UEK and RHCK kernels [Orabug: 18504756]\n[2.02-90.el8_3.1]\n- Fix another batch of CVEs\n Resolves: CVE-2020-14372\n Resolves: CVE-2020-25632\n Resolves: CVE-2020-25647\n Resolves: CVE-2020-27749\n Resolves: CVE-2020-27779\n Resolves: CVE-2021-20225\n Resolves: CVE-2021-20233", "edition": 1, "modified": "2021-03-05T00:00:00", "published": "2021-03-05T00:00:00", "id": "ELSA-2021-0696", "href": "http://linux.oracle.com/errata/ELSA-2021-0696.html", "title": "SUMM: grub2 security update", "type": "oraclelinux", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-06T11:34:52", "bulletinFamily": "unix", "cvelist": ["CVE-2020-35517"], "description": "qemu-kvm\n[4.2.0-34.el8_3.4]\n- kvm-virtiofsd-extract-lo_do_open-from-lo_open.patch [bz#1919109]\n- kvm-virtiofsd-optionally-return-inode-pointer-from-lo_do.patch [bz#1919109]\n- kvm-virtiofsd-prevent-opening-of-special-files-CVE-2020-.patch [bz#1919109]\n- Resolves: bz#1919109\n (CVE-2020-35517 virt:rhel/qemu-kvm: QEMU: virtiofsd: potential privileged host device access from guest [rhel-8.3.0.z])", "edition": 1, "modified": "2021-03-05T00:00:00", "published": "2021-03-05T00:00:00", "id": "ELSA-2021-0711", "href": "http://linux.oracle.com/errata/ELSA-2021-0711.html", "title": "SUMM: virt:ol and virt-devel:rhel security update", "type": "oraclelinux", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-03-06T11:36:31", "bulletinFamily": "unix", "cvelist": ["CVE-2021-22884", "CVE-2021-22883"], "description": "nodejs\n[1:10.24.0-1]\n- Resolves: RHBZ#1932373, RHBZ#1932426\n- Resolves CVE-2021-22883 and CVE-2021-22884\n- remove -debug-nghttp2 flag (1930775)\n- remove ini patch merged upstream", "edition": 1, "modified": "2021-03-05T00:00:00", "published": "2021-03-05T00:00:00", "id": "ELSA-2021-0735", "href": "http://linux.oracle.com/errata/ELSA-2021-0735.html", "title": "SUMM: nodejs:10 security update", "type": "oraclelinux", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-03-05T07:27:08", "bulletinFamily": "unix", "cvelist": ["CVE-2020-25632", "CVE-2021-20233", "CVE-2020-25647", "CVE-2020-27779", "CVE-2020-27749", "CVE-2020-14372", "CVE-2021-20225"], "description": "[2.02-0.87.0.8.e7.2]\n- Enable common subpackage for aarch64\n- Disable RHEL patch 0183-efinet-retransmit-if-our-device-is-busy.patch to comply with UEFI spec\n- add SBAT metadata for Oracle Linux grub2\n- Use similar format for menu entry in grub environment block\n- config file. [Orabug: 32172943]\n- Fix degradation in multiboot2 code [Orabug: 32069510]\n- Update signing certificate for efi binaries\n- Update upstream references [Orabug: 30138841]\n- Restore symlink to grub environment file, that was removed during grub2-efi update\n if grub2 package is also installed on UEFI machines [Orabug: 27345750]\n- fix symlink removal scriptlet, to be executed only on removal [Orabug: 19231481]\n- Fix comparison in patch for [Orabug: 18504756]\n- Remove symlink to grub environment file during uninstall on EFI platforms [Orabug: 19231481]\n- replace dynamic EFI boot folder path generation with predefined 'redhat' (Alex Burmashev)\n- Put 'with' in menuentry instead of 'using' [Orabug: 18504756]\n- Use different titles for UEK and RHCK kernels [Orabug: 18504756]\n[2.02-0.87.e7.2]\n- Fix another batch of CVEs\n Resolves: CVE-2020-14372\n Resolves: CVE-2020-25632\n Resolves: CVE-2020-25647\n Resolves: CVE-2020-27749\n Resolves: CVE-2020-27779\n Resolves: CVE-2021-20225\n Resolves: CVE-2021-20233\n[2.02-0.87.e7.1]\n- Fix keyboards that report IBM PC AT scan codes\n Resolves: rhbz#1892240", "edition": 2, "modified": "2021-03-05T00:00:00", "published": "2021-03-05T00:00:00", "id": "ELSA-2021-0699", "href": "http://linux.oracle.com/errata/ELSA-2021-0699.html", "title": "grub2 security update", "type": "oraclelinux", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2021-03-06T11:29:03", "bulletinFamily": "unix", "cvelist": ["CVE-2021-22884", "CVE-2021-22883"], "description": "nodejs\n[1:12.21.0-1]\n- Resolves: RHBZ#1932315, RHBZ#1932424\n- remove --debug-nghttp2 option\n- remove ini patch\n- Backport patch to use getauxval", "edition": 1, "modified": "2021-03-05T00:00:00", "published": "2021-03-05T00:00:00", "id": "ELSA-2021-0734", "href": "http://linux.oracle.com/errata/ELSA-2021-0734.html", "title": "SUMM: nodejs:12 security update", "type": "oraclelinux", "cvss": {"score": 0.0, "vector": "NONE"}}]}