Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALAS-2018-1134.NASL
HistoryDec 20, 2018 - 12:00 a.m.

Amazon Linux 2 : libvirt (ALAS-2018-1134)

2018-12-2000:00:00
This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
JSON

util/virlog.c in libvirt does not properly determine the hostname on LXC container startup, which allows local guest OS users to bypass an intended container protection mechanism and execute arbitrary commands via a crafted NSS module.(CVE-2018-6764)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2018-1134.
#

include("compat.inc");

if (description)
{
  script_id(119788);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/27");

  script_cve_id("CVE-2018-6764");
  script_xref(name:"ALAS", value:"2018-1134");

  script_name(english:"Amazon Linux 2 : libvirt (ALAS-2018-1134)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux 2 host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"util/virlog.c in libvirt does not properly determine the hostname on
LXC container startup, which allows local guest OS users to bypass an
intended container protection mechanism and execute arbitrary commands
via a crafted NSS module.(CVE-2018-6764)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/AL2/ALAS-2018-1134.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update libvirt' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-admin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-bash-completion");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-config-network");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-config-nwfilter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-interface");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-lxc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-network");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-nodedev");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-nwfilter");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-qemu");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-secret");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-storage");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-storage-core");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-storage-disk");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-storage-gluster");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-storage-iscsi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-storage-logical");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-storage-mpath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-storage-rbd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-driver-storage-scsi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-kvm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-daemon-lxc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-libs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-lock-sanlock");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-login-shell");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:libvirt-nss");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/23");
  script_set_attribute(attribute:"patch_publication_date", value:"2018/12/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/20");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"AL2", reference:"libvirt-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", reference:"libvirt-admin-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", reference:"libvirt-bash-completion-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", reference:"libvirt-client-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", reference:"libvirt-daemon-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", reference:"libvirt-daemon-config-network-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", reference:"libvirt-daemon-config-nwfilter-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", reference:"libvirt-daemon-driver-interface-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", reference:"libvirt-daemon-driver-lxc-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", reference:"libvirt-daemon-driver-network-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", reference:"libvirt-daemon-driver-nodedev-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", reference:"libvirt-daemon-driver-nwfilter-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-qemu-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", reference:"libvirt-daemon-driver-secret-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", reference:"libvirt-daemon-driver-storage-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", reference:"libvirt-daemon-driver-storage-core-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", reference:"libvirt-daemon-driver-storage-disk-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-gluster-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", reference:"libvirt-daemon-driver-storage-iscsi-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", reference:"libvirt-daemon-driver-storage-logical-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", reference:"libvirt-daemon-driver-storage-mpath-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-driver-storage-rbd-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", reference:"libvirt-daemon-driver-storage-scsi-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-daemon-kvm-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", reference:"libvirt-daemon-lxc-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", reference:"libvirt-debuginfo-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", reference:"libvirt-devel-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", reference:"libvirt-docs-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", reference:"libvirt-libs-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", cpu:"x86_64", reference:"libvirt-lock-sanlock-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", reference:"libvirt-login-shell-4.5.0-10.amzn2.3.1")) flag++;
if (rpm_check(release:"AL2", reference:"libvirt-nss-4.5.0-10.amzn2.3.1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libvirt / libvirt-admin / libvirt-bash-completion / libvirt-client / etc");
}
VendorProductVersionCPE
amazonlinuxlibvirt-daemon-driver-storage-scsip-cpe:/a:amazon:linux:libvirt-daemon-driver-storage-scsi
amazonlinuxlibvirt-daemon-kvmp-cpe:/a:amazon:linux:libvirt-daemon-kvm
amazonlinuxlibvirt-daemon-lxcp-cpe:/a:amazon:linux:libvirt-daemon-lxc
amazonlinuxlibvirt-debuginfop-cpe:/a:amazon:linux:libvirt-debuginfo
amazonlinuxlibvirt-develp-cpe:/a:amazon:linux:libvirt-devel
amazonlinuxlibvirt-docsp-cpe:/a:amazon:linux:libvirt-docs
amazonlinuxlibvirt-libsp-cpe:/a:amazon:linux:libvirt-libs
amazonlinuxlibvirt-lock-sanlockp-cpe:/a:amazon:linux:libvirt-lock-sanlock
amazonlinuxlibvirt-login-shellp-cpe:/a:amazon:linux:libvirt-login-shell
amazonlinuxlibvirt-nssp-cpe:/a:amazon:linux:libvirt-nss
Rows per page:
1-10 of 331

Related

nessus 18
openvas 16
redhat 1
prion 1
oraclelinux 1
debiancve 1
centos 1
cvelist 1
redhatcve 1
ubuntucve 1
veracode 1
amazon 1
cve 1
fedora 2
gentoo 1
suse 3
debian 1
mageia 1
ubuntu 1
osv 1
nessus
nessus
Oracle Linux 7 : libvirt (ELSA-2018-3113)
2018-11-07 00:00:00
EulerOS 2.0 SP3 : libvirt (EulerOS-SA-2019-1314)
2019-05-01 00:00:00
EulerOS 2.0 SP5 : libvirt (EulerOS-SA-2019-1144)
2019-04-02 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2019-1118)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2019-1314)
2020-01-23 00:00:00
Huawei EulerOS: Security Advisory for libvirt (EulerOS-SA-2019-1144)
2020-01-23 00:00:00
redhat
redhat
(RHSA-2018:3113) Moderate: libvirt security, bug fix, and enhancement update
2018-10-30 04:19:54
prion
prion
Design/Logic Flaw
2018-02-23 17:29:00
oraclelinux
oraclelinux
libvirt security, bug fix, and enhancement update
2018-11-05 00:00:00
debiancve
debiancve
CVE-2018-6764
2018-02-23 17:29:00
centos
centos
libvirt security update
2018-12-14 16:36:40
cvelist
cvelist
CVE-2018-6764
2018-02-23 17:00:00
redhatcve
redhatcve
CVE-2018-6764
2018-02-07 04:48:56
ubuntucve
ubuntucve
CVE-2018-6764
2018-02-07 00:00:00
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:26:55
amazon
amazon
Medium: libvirt
2018-12-18 19:07:00
cve
cve
CVE-2018-6764
2018-02-23 17:29:00
fedora
fedora
[SECURITY] Fedora 27 Update: libvirt-3.7.0-4.fc27
2018-03-01 16:24:36
[SECURITY] Fedora 27 Update: libvirt-3.7.0-6.fc27
2018-08-01 17:55:42
gentoo
gentoo
libvirt: Multiple vulnerabilities
2018-04-08 00:00:00
suse
suse
Security update for libvirt (important)
2018-04-11 12:11:26
Security update for libvirt (important)
2018-04-13 00:09:16
Security update for libvirt (important)
2018-04-03 21:08:15
debian
debian
[SECURITY] [DSA 4137-1] libvirt security update
2018-03-14 21:50:54
mageia
mageia
Updated libvirt packages fix security vulnerabilities
2018-03-02 00:27:52
ubuntu
ubuntu
libvirt vulnerabilities
2018-02-20 00:00:00
osv
osv
CVE-2018-6764
2018-02-23 17:29:00
JSON
Related for AL2_ALAS-2018-1134.NASL
nessus18openvas16redhat1prion1oraclelinux1debiancve1centos1cvelist1redhatcve1ubuntucve1veracode1amazon1cve1fedora2gentoo1suse3debian1mageia1ubuntu1osv1