Lucene search

K
nessusThis script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2020-1396.NASL
HistoryJul 20, 2020 - 12:00 a.m.

Amazon Linux AMI : microcode_ctl (ALAS-2020-1396)

2020-07-2000:00:00
This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.4%

A new domain bypass transient execution attack known as Special Register Buffer Data Sampling (SRBDS) has been found. This flaw allows data values from special internal registers to be leaked by an attacker able to execute code on any core of the CPU. An unprivileged, local attacker can use this flaw to infer values returned by affected instructions known to be commonly used during cryptographic operations that rely on uniqueness, secrecy, or both. Incomplete cleanup from specific special register read operations in some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0543)

Cleanup errors in some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access.
(CVE-2020-0548)

Cleanup errors in some data cache evictions for some Intel® Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2020-0549)

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1396.
#

include('compat.inc');

if (description)
{
  script_id(138638);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/29");

  script_cve_id("CVE-2020-0543", "CVE-2020-0548", "CVE-2020-0549");
  script_xref(name:"ALAS", value:"2020-1396");

  script_name(english:"Amazon Linux AMI : microcode_ctl (ALAS-2020-1396)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux AMI host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"A new domain bypass transient execution attack known as Special
Register Buffer Data Sampling (SRBDS) has been found. This flaw allows
data values from special internal registers to be leaked by an
attacker able to execute code on any core of the CPU. An unprivileged,
local attacker can use this flaw to infer values returned by affected
instructions known to be commonly used during cryptographic operations
that rely on uniqueness, secrecy, or both. Incomplete cleanup from
specific special register read operations in some Intel(R) Processors
may allow an authenticated user to potentially enable information
disclosure via local access. (CVE-2020-0543)

Cleanup errors in some Intel(R) Processors may allow an authenticated
user to potentially enable information disclosure via local access.
(CVE-2020-0548)

Cleanup errors in some data cache evictions for some Intel(R)
Processors may allow an authenticated user to potentially enable
information disclosure via local access. (CVE-2020-0549)");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2020-1396.html");
  script_set_attribute(attribute:"solution", value:
"Run 'yum update microcode_ctl' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-0549");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/01/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/07/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:microcode_ctl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:microcode_ctl-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2020-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (rpm_check(release:"ALA", reference:"microcode_ctl-2.1-47.39.amzn1")) flag++;
if (rpm_check(release:"ALA", reference:"microcode_ctl-debuginfo-2.1-47.39.amzn1")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
  else security_note(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "microcode_ctl / microcode_ctl-debuginfo");
}
VendorProductVersionCPE
amazonlinuxmicrocode_ctlp-cpe:/a:amazon:linux:microcode_ctl
amazonlinuxmicrocode_ctl-debuginfop-cpe:/a:amazon:linux:microcode_ctl-debuginfo
amazonlinuxcpe:/o:amazon:linux

2.1 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:N/A:N

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

6.4 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.4%