Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.AL2023_ALAS2023-2023-143.NASLHistoryMar 23, 2023 - 12:00 a.m.
Amazon Linux 2023 : docker (ALAS2023-2023-143)
2023-03-2300:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
34
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-143 advisory.
- Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade, this problem can be worked around by not using the
USER $USERNAMEDockerfile instruction. Instead by callingENTRYPOINT [su, -, user]the supplementary groups will be set up properly. (CVE-2022-36109)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2023 Security Advisory ALAS2023-2023-143.
##
include('compat.inc');
if (description)
{
script_id(173346);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/03/23");
script_cve_id("CVE-2022-36109");
script_name(english:"Amazon Linux 2023 : docker (ALAS2023-2023-143)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2023 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2023-143 advisory.
- Moby is an open-source project created by Docker to enable software containerization. A bug was found in
Moby (Docker Engine) where supplementary groups are not set up properly. If an attacker has direct access
to a container and manipulates their supplementary group access, they may be able to use supplementary
group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive
information or gaining the ability to execute code in that container. This bug is fixed in Moby (Docker
Engine) 20.10.18. Running containers should be stopped and restarted for the permissions to be fixed. For
users unable to upgrade, this problem can be worked around by not using the `USER $USERNAME` Dockerfile
instruction. Instead by calling `ENTRYPOINT [su, -, user]` the supplementary groups will be set up
properly. (CVE-2022-36109)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2023/ALAS-2023-143.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-36109.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
script_set_attribute(attribute:"solution", value:
"Run 'dnf update --releasever=2023.0.20230322 docker' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-36109");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/09/09");
script_set_attribute(attribute:"patch_publication_date", value:"2023/03/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/23");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:docker");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:docker-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:docker-debugsource");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2023");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "-2023")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux 2023", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var pkgs = [
{'reference':'docker-20.10.17-1.amzn2023.0.6', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'docker-20.10.17-1.amzn2023.0.6', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'docker-debuginfo-20.10.17-1.amzn2023.0.6', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'docker-debuginfo-20.10.17-1.amzn2023.0.6', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'docker-debugsource-20.10.17-1.amzn2023.0.6', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
{'reference':'docker-debugsource-20.10.17-1.amzn2023.0.6', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "docker / docker-debuginfo / docker-debugsource");
}Related
fedora
fedora
[SECURITY] Fedora 36 Update: moby-engine-20.10.18-1.fc36
2022-09-15 01:57:00
[SECURITY] Fedora 37 Update: moby-engine-20.10.18-1.fc37
2022-09-16 00:18:25
[SECURITY] Fedora 37 Update: containerd-1.6.8-2.fc37
2022-09-16 00:18:25
openvas
openvas
Fedora: Security Advisory for containerd (FEDORA-2022-8298607490)
2022-09-16 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:0795-1)
2023-03-28 00:00:00
Fedora: Security Advisory for moby-engine (FEDORA-2022-8298607490)
2022-09-16 00:00:00
veracode
veracode
Information Disclosure
2022-09-12 11:25:08
prion
prion
Information disclosure
2022-09-09 18:15:00
redhatcve
redhatcve
CVE-2022-36109
2022-09-15 21:14:14
github
github
cve
cve
CVE-2022-36109
2022-09-09 18:15:00
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : docker (SUSE-SU-2023:0795-1)
2023-03-18 00:00:00
SUSE SLES12 Security Update : docker (SUSE-SU-2023:1625-1)
2023-03-29 00:00:00
NewStart CGSL MAIN 5.04 : docker-ce Vulnerability (NS-SA-2023-0109)
2023-12-27 00:00:00
ibm
ibm
alpinelinux
alpinelinux
CVE-2022-36109
2022-09-09 18:15:00
ubuntucve
ubuntucve
CVE-2022-36109
2022-09-09 00:00:00
debiancve
debiancve
CVE-2022-36109
2022-09-09 18:15:00
mageia
mageia
Updated docker packages fix security vulnerability
2023-01-24 10:58:24
osv
osv
Moby supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions
2022-09-16 21:00:46
CVE-2022-36109
2022-09-09 18:15:10
CVE-2022-2995
2022-09-19 20:15:12
Related for AL2023_ALAS2023-2023-143.NASL