Lucene search
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALAS-2021-1620.NASLHistoryMar 19, 2021 - 12:00 a.m.
Amazon Linux 2 : cloud-init (ALAS-2021-1620)
2021-03-1900:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.4 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
The version of cloud-init installed on the remote host is prior to 19.3-43. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2021-1620 advisory.
- A vulnerability was discovered in cloud-init which can improperly disclose randomly generated passwords as part of the chpasswd module. The fix prevents the generated password from being written to a world- readable log file on the local disk. (CVE-2021-3429)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2021-1620.
##
include('compat.inc');
if (description)
{
script_id(147907);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/09");
script_cve_id("CVE-2021-3429");
script_xref(name:"ALAS", value:"2021-1620");
script_name(english:"Amazon Linux 2 : cloud-init (ALAS-2021-1620)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The version of cloud-init installed on the remote host is prior to 19.3-43. It is, therefore, affected by a
vulnerability as referenced in the ALAS2-2021-1620 advisory.
- A vulnerability was discovered in cloud-init which can improperly disclose randomly generated passwords as
part of the chpasswd module. The fix prevents the generated password from being written to a world-
readable log file on the local disk. (CVE-2021-3429)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2021-1620.html");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2021-3429");
script_set_attribute(attribute:"solution", value:
"Run 'yum update cloud-init' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3429");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/03/18");
script_set_attribute(attribute:"patch_publication_date", value:"2021/03/18");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/03/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cloud-init");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
pkgs = [
{'reference':'cloud-init-19.3-43.amzn2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}
];
flag = 0;
foreach package_array ( pkgs ) {
reference = NULL;
release = NULL;
cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
allowmaj = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = package_array['release'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (reference && release) {
if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cloud-init");
}Related
debian
debian
[SECURITY] [DLA 2601-1] cloud-init security update
2021-03-20 02:39:36
nessus
nessus
Rocky Linux 8 : cloud-init (RLSA-2021:3081)
2022-02-09 00:00:00
Debian DLA-2601-1 : cloud-init security update
2021-03-22 00:00:00
CentOS 8 : cloud-init (CESA-2021:3081)
2021-08-16 00:00:00
mageia
mageia
Updated cloud-init packages fix security vulnerability
2021-10-29 22:32:22
openvas
openvas
Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2021-2705)
2021-11-12 00:00:00
Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2022-1058)
2022-02-13 00:00:00
Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2021-2624)
2021-11-03 00:00:00
redhat
redhat
(RHSA-2021:3081) Moderate: cloud-init security update
2021-08-10 12:01:15
(RHSA-2021:3371) Moderate: cloud-init security update
2021-08-31 08:21:52
(RHSA-2021:3177) Moderate: cloud-init security update
2021-08-17 07:53:21
cve
cve
CVE-2021-3429
2023-04-19 22:15:10
nvd
nvd
CVE-2021-3429
2023-04-19 22:15:10
almalinux
almalinux
Moderate: cloud-init security update
2021-08-10 12:01:15
prion
prion
Default credentials
2023-04-19 22:15:00
amazon
amazon
Medium: cloud-init
2021-03-18 18:06:00
Medium: cloud-init
2021-03-18 17:22:00
rocky
rocky
cloud-init security update
2021-08-10 12:01:15
cvelist
cvelist
CVE-2021-3429 sensitive data exposure in cloud-init logs
2023-04-19 21:42:02
alpinelinux
alpinelinux
CVE-2021-3429
2023-04-19 22:15:10
osv
osv
cloud-init - security update
2021-03-20 00:00:00
CVE-2021-3429
2023-04-19 22:15:10
Moderate: cloud-init security update
2021-08-10 12:01:15
redhatcve
redhatcve
CVE-2021-3429
2021-04-02 13:48:49
ubuntucve
ubuntucve
CVE-2021-3429
2023-04-19 00:00:00
oraclelinux
oraclelinux
cloud-init security update
2021-08-12 00:00:00
debiancve
debiancve
CVE-2021-3429
2023-04-19 22:15:10
rosalinux
rosalinux
Advisory ROSA-SA-2024-2410
2024-05-02 07:56:56
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
5.4 Medium
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
5.1%
Related for AL2_ALAS-2021-1620.NASL