4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
5.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.1%
Setup in Amazon Linux 2 added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security assumptions made by pam_shells and some daemons which allow access based on a user’s shell being listed in /etc/shells. Under some circumstances, users which had their shell changed to /sbin/nologin could still access the system.
(CVE-2018-1113)
Please note: this update removes the /sbin/nologin
and /usr/sbin/nologin
login shells from the /etc/shells
file due to security reasons. Consequently, when the configuration of the Very Secure File Transfer Protocol Daemon, vsftpd, is modified to enable the chroot_local_user
, FTP logins are impossible.
To work around this problem, add /sbin/nologin
or /usr/sbin/nologin
, respectively, to the /etc/shells
file. As a result, a login shell for users that are allowed to use FTP, but not SSH, is available again. However, note that this workaround exposes
vsftpd to the security risk described in this advisory.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2019-1158.
#
include('compat.inc');
if (description)
{
script_id(122159);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/20");
script_cve_id("CVE-2018-1113");
script_xref(name:"ALAS", value:"2019-1158");
script_name(english:"Amazon Linux 2 : setup (ALAS-2019-1158)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"Setup in Amazon Linux 2 added /sbin/nologin and /usr/sbin/nologin to
/etc/shells. This violates security assumptions made by pam_shells and
some daemons which allow access based on a user's shell being listed
in /etc/shells. Under some circumstances, users which had their shell
changed to /sbin/nologin could still access the system.
(CVE-2018-1113)
Please note: this update removes the `/sbin/nologin` and
`/usr/sbin/nologin` login shells from the `/etc/shells` file due to
security reasons. Consequently, when the configuration of the Very
Secure File Transfer Protocol Daemon, *vsftpd*, is modified to enable
the `chroot_local_user`, FTP logins are impossible.
To work around this problem, add `/sbin/nologin` or
`/usr/sbin/nologin`, respectively, to the `/etc/shells` file. As a
result, a login shell for users that are allowed to use FTP, but not
SSH, is available again. However, note that this workaround exposes
*vsftpd* to the security risk described in this advisory.");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2019-1158.html");
script_set_attribute(attribute:"solution", value:
"Run 'yum update setup' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1113");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/03");
script_set_attribute(attribute:"patch_publication_date", value:"2019/02/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/02/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:setup");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (rpm_check(release:"AL2", reference:"setup-2.8.71-10.amzn2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "setup");
}
4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
5.3 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
5.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.1%