Lucene search

K
nessusThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2020-1340.NASL
HistoryFeb 10, 2020 - 12:00 a.m.

Amazon Linux AMI : python-pip (ALAS-2020-1340)

2020-02-1000:00:00
This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
21

In the urllib3 library through 1.24.1 for Python, CRLF injection is possible if the attacker controls the request parameter.
(CVE-2019-11236)

The urllib3 library before 1.24.2 for Python mishandles certain cases where the desired set of CA certificates is different from the OS store of CA certificates, which results in SSL connections succeeding in situations where a verification failure is the correct outcome.
This is related to use of the ssl_context, ca_certs, or ca_certs_dir argument. (CVE-2019-11324)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1340.
#

include("compat.inc");

if (description)
{
  script_id(133559);
  script_version("1.2");
  script_cvs_date("Date: 2020/02/12");

  script_cve_id("CVE-2019-11236", "CVE-2019-11324");
  script_xref(name:"ALAS", value:"2020-1340");

  script_name(english:"Amazon Linux AMI : python-pip (ALAS-2020-1340)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Amazon Linux AMI host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"In the urllib3 library through 1.24.1 for Python, CRLF injection is
possible if the attacker controls the request parameter.
(CVE-2019-11236)

The urllib3 library before 1.24.2 for Python mishandles certain cases
where the desired set of CA certificates is different from the OS
store of CA certificates, which results in SSL connections succeeding
in situations where a verification failure is the correct outcome.
This is related to use of the ssl_context, ca_certs, or ca_certs_dir
argument. (CVE-2019-11324)"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://alas.aws.amazon.com/ALAS-2020-1340.html"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Run 'yum update python-pip' to update your system."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python26-pip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python27-pip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python34-pip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python35-pip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:python36-pip");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/02/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/02/10");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Amazon Linux Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"python26-pip-9.0.3-1.27.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"python27-pip-9.0.3-1.27.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"python34-pip-9.0.3-1.27.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"python35-pip-9.0.3-1.27.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"python36-pip-9.0.3-1.27.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python26-pip / python27-pip / python34-pip / python35-pip / etc");
}
Related for ALA_ALAS-2020-1340.NASL