Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALAS-2020-1423.NASL
HistoryMay 13, 2020 - 12:00 a.m.

Amazon Linux 2 : ipa (ALAS-2020-1423)

2020-05-1300:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14

7.8 High

AI Score

Confidence

High

JSON

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way the internal function ber_scanf() was used in some components of the IPA server, which parsed kerberos key data. An unauthenticated attacker who could trigger parsing of the krb principal key could cause the IPA server to crash or in some conditions, cause arbitrary code to be executed on the server hosting the IPA server.
(CVE-2019-14867)

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way that FreeIPA’s batch processing API logged operations. This included passing user passwords in clear text on FreeIPA masters. Batch processing of commands with passwords as arguments or options is not performed by default in FreeIPA but is possible by third-party components. An attacker having access to system logs on FreeIPA masters could use this flaw to produce log file content with passwords exposed. (CVE-2019-10195)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2020-1423.
#

include('compat.inc');

if (description)
{
  script_id(136528);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/12");

  script_cve_id("CVE-2019-10195", "CVE-2019-14867");
  script_xref(name:"ALAS", value:"2020-1423");

  script_name(english:"Amazon Linux 2 : ipa (ALAS-2020-1423)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x
versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way
the internal function ber_scanf() was used in some components of the
IPA server, which parsed kerberos key data. An unauthenticated
attacker who could trigger parsing of the krb principal key could
cause the IPA server to crash or in some conditions, cause arbitrary
code to be executed on the server hosting the IPA server.
(CVE-2019-14867)

A flaw was found in IPA, all 4.6.x versions before 4.6.7, all 4.7.x
versions before 4.7.4 and all 4.8.x versions before 4.8.3, in the way
that FreeIPA's batch processing API logged operations. This included
passing user passwords in clear text on FreeIPA masters. Batch
processing of commands with passwords as arguments or options is not
performed by default in FreeIPA but is possible by third-party
components. An attacker having access to system logs on FreeIPA
masters could use this flaw to produce log file content with passwords
exposed. (CVE-2019-10195)");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2020-1423.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update ipa' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14867");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/11/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/05/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/05/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ipa-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ipa-client-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ipa-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ipa-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ipa-python-compat");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ipa-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ipa-server-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ipa-server-dns");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ipa-server-trust-ad");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python2-ipaclient");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python2-ipalib");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python2-ipaserver");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"AL2", reference:"ipa-client-4.6.5-11.amzn2.4.7")) flag++;
if (rpm_check(release:"AL2", reference:"ipa-client-common-4.6.5-11.amzn2.4.7")) flag++;
if (rpm_check(release:"AL2", reference:"ipa-common-4.6.5-11.amzn2.4.7")) flag++;
if (rpm_check(release:"AL2", reference:"ipa-debuginfo-4.6.5-11.amzn2.4.7")) flag++;
if (rpm_check(release:"AL2", reference:"ipa-python-compat-4.6.5-11.amzn2.4.7")) flag++;
if (rpm_check(release:"AL2", reference:"ipa-server-4.6.5-11.amzn2.4.7")) flag++;
if (rpm_check(release:"AL2", reference:"ipa-server-common-4.6.5-11.amzn2.4.7")) flag++;
if (rpm_check(release:"AL2", reference:"ipa-server-dns-4.6.5-11.amzn2.4.7")) flag++;
if (rpm_check(release:"AL2", reference:"ipa-server-trust-ad-4.6.5-11.amzn2.4.7")) flag++;
if (rpm_check(release:"AL2", reference:"python2-ipaclient-4.6.5-11.amzn2.4.7")) flag++;
if (rpm_check(release:"AL2", reference:"python2-ipalib-4.6.5-11.amzn2.4.7")) flag++;
if (rpm_check(release:"AL2", reference:"python2-ipaserver-4.6.5-11.amzn2.4.7")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ipa-client / ipa-client-common / ipa-common / ipa-debuginfo / etc");
}
VendorProductVersionCPE
amazonlinuxipa-clientp-cpe:/a:amazon:linux:ipa-client
amazonlinuxipa-client-commonp-cpe:/a:amazon:linux:ipa-client-common
amazonlinuxipa-commonp-cpe:/a:amazon:linux:ipa-common
amazonlinuxipa-debuginfop-cpe:/a:amazon:linux:ipa-debuginfo
amazonlinuxipa-python-compatp-cpe:/a:amazon:linux:ipa-python-compat
amazonlinuxipa-serverp-cpe:/a:amazon:linux:ipa-server
amazonlinuxipa-server-commonp-cpe:/a:amazon:linux:ipa-server-common
amazonlinuxipa-server-dnsp-cpe:/a:amazon:linux:ipa-server-dns
amazonlinuxipa-server-trust-adp-cpe:/a:amazon:linux:ipa-server-trust-ad
amazonlinuxpython2-ipaclientp-cpe:/a:amazon:linux:python2-ipaclient
Rows per page:
1-10 of 131

Related

amazon 1
nessus 10
fedora 2
openvas 5
oraclelinux 1
rocky 1
redhat 2
altlinux 1
osv 7
ubuntucve 2
debiancve 2
github 2
redhatcve 2
cve 2
symantec 2
veracode 2
prion 2
amazon
amazon
Important: ipa
2020-05-08 20:44:00
nessus
nessus
RHEL 8 : idm:DL1 (RHSA-2020:1269)
2020-04-01 00:00:00
NewStart CGSL CORE 5.05 / MAIN 5.05 : ipa Multiple Vulnerabilities (NS-SA-2020-0111)
2020-12-09 00:00:00
Oracle Linux 7 : ipa (ELSA-2020-0378)
2020-02-06 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: freeipa-4.8.3-1.fc31
2019-12-05 01:43:06
[SECURITY] Fedora 30 Update: freeipa-4.8.3-1.fc30
2019-12-05 01:12:57
openvas
openvas
Fedora Update for freeipa FEDORA-2019-8e9093da55
2019-12-08 00:00:00
Huawei EulerOS: Security Advisory for ipa (EulerOS-SA-2020-1391)
2020-04-16 00:00:00
Fedora Update for freeipa FEDORA-2019-c64e1612f5
2020-01-09 00:00:00
oraclelinux
oraclelinux
ipa security and bug fix update
2020-02-05 00:00:00
rocky
rocky
DL1 bug fix update
2019-12-17 09:19:15
redhat
redhat
(RHSA-2020:0378) Important: ipa security and bug fix update
2020-02-04 17:47:43
(RHSA-2020:1269) Important: idm:DL1 security update
2020-04-01 09:11:17
altlinux
altlinux
Security fix for the ALT Linux 8 package freeipa version 4.3.3-alt20
2019-11-28 00:00:00
osv
osv
idm:DL1 bug fix update
2019-12-17 09:19:15
PYSEC-2019-28
2019-11-27 09:15:00
Code injection in FreeIPA
2021-12-06 18:17:38
ubuntucve
ubuntucve
CVE-2019-14867
2019-11-27 00:00:00
CVE-2019-10195
2019-11-27 00:00:00
debiancve
debiancve
CVE-2019-14867
2019-11-27 09:15:00
CVE-2019-10195
2019-11-27 08:15:00
github
github
Code injection in FreeIPA
2021-12-06 18:17:38
FreeIPA logs passwords embedded in commands in calls using batch
2022-05-24 17:02:16
redhatcve
redhatcve
CVE-2019-14867
2020-04-01 14:07:58
CVE-2019-10195
2019-11-27 03:17:54
cve
cve
CVE-2019-14867
2019-11-27 09:15:00
CVE-2019-10195
2019-11-27 08:15:00
symantec
symantec
FreeIPA CVE-2019-14867 Denial of Service Vulnerability
2019-11-26 00:00:00
FreeIPA CVE-2019-10195 Information Disclosure Vulnerability
2019-11-26 00:00:00
veracode
veracode
Arbitrary Code Execution
2021-12-08 04:56:10
Insertion Of Sensitive Information Into Log File
2024-04-30 08:42:46
prion
prion
Design/Logic Flaw
2019-11-27 09:15:00
Command injection
2019-11-27 08:15:00

7.8 High

AI Score

Confidence

High

JSON
Related for AL2_ALAS-2020-1423.NASL
amazon1nessus10fedora2openvas5oraclelinux1rocky1redhat2altlinux1osv7ubuntucve2debiancve2github2redhatcve2cve2symantec2veracode2prion2