Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALAS-2022-1816.NASL
HistoryJul 15, 2022 - 12:00 a.m.

Amazon Linux 2 : rust (ALAS-2022-1816)

2022-07-1500:00:00
This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
54
JSON

The version of rust installed on the remote host is prior to 1.56.1-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2022-1816 advisory.

  • In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its length is checked. (CVE-2020-36323)

  • In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls
    __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. (CVE-2021-28876)

  • In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked() more than once for the same index (under certain conditions) when next_back() and next() are used together. This bug could lead to a memory safety violation due to an unmet safety requirement for the TrustedRandomAccess trait. (CVE-2021-28878)

  • In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again.
    (CVE-2021-28879)

  • In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if freeing the element panics. (CVE-2021-31162)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2022-1816.
##

include('compat.inc');

if (description)
{
  script_id(163234);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/17");

  script_cve_id(
    "CVE-2020-36323",
    "CVE-2021-28876",
    "CVE-2021-28878",
    "CVE-2021-28879",
    "CVE-2021-31162"
  );

  script_name(english:"Amazon Linux 2 : rust (ALAS-2022-1816)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The version of rust installed on the remote host is prior to 1.56.1-1. It is, therefore, affected by multiple
vulnerabilities as referenced in the ALAS2-2022-1816 advisory.

  - In the standard library in Rust before 1.52.0, there is an optimization for joining strings that can cause
    uninitialized bytes to be exposed (or the program to crash) if the borrowed string changes after its
    length is checked. (CVE-2020-36323)

  - In the standard library in Rust before 1.52.0, the Zip implementation has a panic safety issue. It calls
    __iterator_get_unchecked() more than once for the same index when the underlying iterator panics (in
    certain conditions). This bug could lead to a memory safety violation due to an unmet safety requirement
    for the TrustedRandomAccess trait. (CVE-2021-28876)

  - In the standard library in Rust before 1.52.0, the Zip implementation calls __iterator_get_unchecked()
    more than once for the same index (under certain conditions) when next_back() and next() are used
    together. This bug could lead to a memory safety violation due to an unmet safety requirement for the
    TrustedRandomAccess trait. (CVE-2021-28878)

  - In the standard library in Rust before 1.52.0, the Zip implementation can report an incorrect size due to
    an integer overflow. This bug can lead to a buffer overflow when a consumed Zip iterator is used again.
    (CVE-2021-28879)

  - In the standard library in Rust before 1.52.0, a double free can occur in the Vec::from_iter function if
    freeing the element panics. (CVE-2021-31162)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2022-1816.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2020-36323.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2021-28876.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2021-28878.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2021-28879.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2021-31162.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update rust' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-31162");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/04/11");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/07/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/07/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cargo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:cargo-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:clippy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rls");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rust");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rust-analysis");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rust-debugger-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rust-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rust-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rust-gdb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rust-src");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rust-std-static");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:rustfmt");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
var os_ver = os_ver[1];
if (os_ver != "2")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var pkgs = [
    {'reference':'cargo-1.56.1-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'cargo-1.56.1-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'cargo-doc-1.56.1-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clippy-1.56.1-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'clippy-1.56.1-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rls-1.56.1-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rls-1.56.1-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rust-1.56.1-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rust-1.56.1-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rust-analysis-1.56.1-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rust-analysis-1.56.1-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rust-debugger-common-1.56.1-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rust-debuginfo-1.56.1-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rust-debuginfo-1.56.1-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rust-doc-1.56.1-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rust-doc-1.56.1-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rust-gdb-1.56.1-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rust-src-1.56.1-1.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rust-std-static-1.56.1-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rust-std-static-1.56.1-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rustfmt-1.56.1-1.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rustfmt-1.56.1-1.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var release = NULL;
  var sp = NULL;
  var cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {
    if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cargo / cargo-doc / clippy / etc");
}
VendorProductVersionCPE
amazonlinuxcargop-cpe:/a:amazon:linux:cargo
amazonlinuxcargo-docp-cpe:/a:amazon:linux:cargo-doc
amazonlinuxclippyp-cpe:/a:amazon:linux:clippy
amazonlinuxrlsp-cpe:/a:amazon:linux:rls
amazonlinuxrustp-cpe:/a:amazon:linux:rust
amazonlinuxrust-analysisp-cpe:/a:amazon:linux:rust-analysis
amazonlinuxrust-debugger-commonp-cpe:/a:amazon:linux:rust-debugger-common
amazonlinuxrust-debuginfop-cpe:/a:amazon:linux:rust-debuginfo
amazonlinuxrust-docp-cpe:/a:amazon:linux:rust-doc
amazonlinuxrust-gdbp-cpe:/a:amazon:linux:rust-gdb
Rows per page:
1-10 of 141

Related

openvas 4
fedora 3
mageia 1
amazon 1
nessus 10
osv 6
redhat 2
almalinux 1
rocky 1
oraclelinux 1
photon 12
redhatcve 5
veracode 5
cbl_mariner 5
debiancve 5
prion 5
ubuntucve 5
cve 5
alpinelinux 5
gentoo 1
openvas
openvas
Fedora: Security Advisory for rust (FEDORA-2021-b1ba54add6)
2021-04-27 00:00:00
Mageia: Security Advisory (MGASA-2021-0251)
2022-01-28 00:00:00
Fedora: Security Advisory for rust (FEDORA-2021-d0ba1901ca)
2021-04-25 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: rust-1.51.0-3.fc34
2021-04-24 20:27:01
[SECURITY] Fedora 33 Update: rust-1.51.0-3.fc33
2021-04-27 01:00:15
[SECURITY] Fedora 32 Update: rust-1.51.0-3.fc32
2021-04-27 01:13:51
mageia
mageia
Updated rust packages fix security vulnerabilities
2021-06-14 00:32:39
amazon
amazon
Medium: rust
2022-07-06 03:15:00
nessus
nessus
RHEL 8 : rust-toolset:rhel8 (RHSA-2021:3063)
2021-08-11 00:00:00
CentOS 8 : rust-toolset:rhel8 (CESA-2021:3063)
2021-08-16 00:00:00
Photon OS 4.0: Rust PHSA-2021-4.0-0017
2021-05-05 00:00:00
osv
osv
Moderate: rust-toolset:rhel8 security, bug fix, and enhancement update
2021-08-10 11:59:11
CVE-2021-28878
2021-04-11 20:15:12
CVE-2020-36323
2021-04-14 07:15:12
redhat
redhat
(RHSA-2021:3042) Moderate: rust-toolset-1.52 and rust-toolset-1.52-rust security and enhancement update
2021-08-10 07:06:59
(RHSA-2021:3063) Moderate: rust-toolset:rhel8 security, bug fix, and enhancement update
2021-08-10 11:59:11
almalinux
almalinux
Moderate: rust-toolset:rhel8 security, bug fix, and enhancement update
2021-08-10 11:59:11
rocky
rocky
rust-toolset:rhel8 security, bug fix, and enhancement update
2021-08-10 11:59:11
oraclelinux
oraclelinux
rust-toolset:ol8 security, bug fix, and enhancement update
2021-08-12 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2021-0017
2021-05-04 00:00:00
Critical Photon OS Security Update - PHSA-2021-0228
2021-04-30 00:00:00
Critical Photon OS Security Update - PHSA-2021-3.0-0228
2021-04-30 00:00:00
redhatcve
redhatcve
CVE-2021-28878
2021-04-16 20:01:26
CVE-2020-36323
2021-04-16 14:31:24
CVE-2021-31162
2021-04-16 14:31:58
veracode
veracode
Business Logic Flaws
2021-10-11 05:04:15
Denial Of Service (DoS)
2021-05-06 09:12:51
Business Logic Flaws
2021-10-11 05:04:11
cbl_mariner
cbl_mariner
CVE-2020-36323 affecting package rust 1.47.0-3
2021-05-06 23:58:25
CVE-2021-28876 affecting package rust 1.47.0-3
2021-05-06 23:58:25
CVE-2021-31162 affecting package rust 1.47.0-1
2022-03-19 16:41:23
debiancve
debiancve
CVE-2021-28876
2021-04-11 20:15:00
CVE-2021-31162
2021-04-14 07:15:00
CVE-2020-36323
2021-04-14 07:15:00
prion
prion
Design/Logic Flaw
2021-04-11 20:15:00
Double free
2021-04-14 07:15:00
Design/Logic Flaw
2021-04-11 20:15:00
ubuntucve
ubuntucve
CVE-2021-28876
2021-04-11 00:00:00
CVE-2021-28878
2021-04-11 00:00:00
CVE-2020-36323
2021-04-14 00:00:00
cve
cve
CVE-2021-28878
2021-04-11 20:15:00
CVE-2021-31162
2021-04-14 07:15:00
CVE-2020-36323
2021-04-14 07:15:00
alpinelinux
alpinelinux
CVE-2021-31162
2021-04-14 07:15:00
CVE-2021-28878
2021-04-11 20:15:00
CVE-2020-36323
2021-04-14 07:15:00
gentoo
gentoo
Rust: Multiple Vulnerabilities
2022-10-16 00:00:00
JSON
Related for AL2_ALAS-2022-1816.NASL
openvas4fedora3mageia1amazon1nessus10osv6redhat2almalinux1rocky1oraclelinux1photon12redhatcve5veracode5cbl_mariner5debiancve5prion5ubuntucve5cve5alpinelinux5gentoo1