Lucene search
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.ALA_ALAS-2022-1583.NASLHistoryApr 29, 2022 - 12:00 a.m.
Amazon Linux AMI : golang (ALAS-2022-1583)
2022-04-2900:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22
7.4 High
AI Score
Confidence
High
The version of golang installed on the remote host is prior to 1.16.15-1.37. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2022-1583 advisory.
-
archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon attempted use of the Reader.Open API for a ZIP archive in which …/ occurs at the beginning of any filename. (CVE-2021-27919)
-
Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function invocation from a WASM module, when GOARCH=wasm GOOS=js is used. (CVE-2021-38297)
-
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
(CVE-2021-41771) -
Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP archive containing an invalid name or an empty filename field. (CVE-2021-41772)
-
net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the header canonicalization cache via HTTP/2 requests. (CVE-2021-44716)
-
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file- descriptor exhaustion. (CVE-2021-44717)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2022-1583.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(160332);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/08");
script_cve_id(
"CVE-2021-27919",
"CVE-2021-38297",
"CVE-2021-41771",
"CVE-2021-41772",
"CVE-2021-44716",
"CVE-2021-44717"
);
script_xref(name:"IAVB", value:"2021-B-0069-S");
script_xref(name:"ALAS", value:"2022-1583");
script_name(english:"Amazon Linux AMI : golang (ALAS-2022-1583)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux AMI host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The version of golang installed on the remote host is prior to 1.16.15-1.37. It is, therefore, affected by multiple
vulnerabilities as referenced in the ALAS-2022-1583 advisory.
- archive/zip in Go 1.16.x before 1.16.1 allows attackers to cause a denial of service (panic) upon
attempted use of the Reader.Open API for a ZIP archive in which ../ occurs at the beginning of any
filename. (CVE-2021-27919)
- Go before 1.16.9 and 1.17.x before 1.17.2 has a Buffer Overflow via large arguments in a function
invocation from a WASM module, when GOARCH=wasm GOOS=js is used. (CVE-2021-38297)
- ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3
Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
(CVE-2021-41771)
- Go before 1.16.10 and 1.17.x before 1.17.3 allows an archive/zip Reader.Open panic via a crafted ZIP
archive containing an invalid name or an empty filename field. (CVE-2021-41772)
- net/http in Go before 1.16.12 and 1.17.x before 1.17.5 allows uncontrolled memory consumption in the
header canonicalization cache via HTTP/2 requests. (CVE-2021-44716)
- Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or
unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-
descriptor exhaustion. (CVE-2021-44717)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2022-1583.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2021-27919.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2021-38297.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2021-41771.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2021-41772.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2021-44716.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2021-44717.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
script_set_attribute(attribute:"solution", value:
"Run 'yum update golang' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-38297");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/10/18");
script_set_attribute(attribute:"patch_publication_date", value:"2022/04/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/04/29");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:golang");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:golang-bin");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:golang-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:golang-misc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:golang-race");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:golang-shared");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:golang-src");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:golang-tests");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "A")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var pkgs = [
{'reference':'golang-1.16.15-1.37.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'golang-1.16.15-1.37.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'golang-bin-1.16.15-1.37.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'golang-bin-1.16.15-1.37.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'golang-docs-1.16.15-1.37.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'golang-misc-1.16.15-1.37.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'golang-race-1.16.15-1.37.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'golang-shared-1.16.15-1.37.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'golang-shared-1.16.15-1.37.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'golang-src-1.16.15-1.37.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'golang-tests-1.16.15-1.37.amzn1', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "golang / golang-bin / golang-docs / etc");
}| Vendor | Product | Version | CPE |
|---|---|---|---|
| amazon | linux | cpe:/o:amazon:linux | |
| amazon | linux | golang | p-cpe:/a:amazon:linux:golang |
| amazon | linux | golang-bin | p-cpe:/a:amazon:linux:golang-bin |
| amazon | linux | golang-docs | p-cpe:/a:amazon:linux:golang-docs |
| amazon | linux | golang-misc | p-cpe:/a:amazon:linux:golang-misc |
| amazon | linux | golang-src | p-cpe:/a:amazon:linux:golang-src |
| amazon | linux | golang-tests | p-cpe:/a:amazon:linux:golang-tests |
| amazon | linux | golang-race | p-cpe:/a:amazon:linux:golang-race |
| amazon | linux | golang-shared | p-cpe:/a:amazon:linux:golang-shared |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27919
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38297
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41771
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41772
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44716
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44717
alas.aws.amazon.com/ALAS-2022-1583.html
alas.aws.amazon.com/cve/html/CVE-2021-27919.html
alas.aws.amazon.com/cve/html/CVE-2021-38297.html
alas.aws.amazon.com/cve/html/CVE-2021-41771.html
alas.aws.amazon.com/cve/html/CVE-2021-41772.html
alas.aws.amazon.com/cve/html/CVE-2021-44716.html
alas.aws.amazon.com/cve/html/CVE-2021-44717.html
alas.aws.amazon.com/faqs.html
Related
amazon
amazon
Important: golang
2022-04-25 15:59:00
Important: golang
2022-07-06 03:11:00
Important: golang
2022-04-25 03:47:00
nessus
nessus
Amazon Linux 2 : golang (ALAS-2022-1776)
2022-04-27 00:00:00
RHEL 7 : go-toolset-1.16 and go-toolset-1.16-golang (RHSA-2021:5176)
2021-12-16 00:00:00
openSUSE 15 Security Update : go1.17 (openSUSE-SU-2021:3833-1)
2021-12-02 00:00:00
openvas
openvas
Fedora: Security Advisory for golang (FEDORA-2021-2ef35beebf)
2021-12-20 00:00:00
Fedora: Security Advisory for golang (FEDORA-2021-2b2dd1b5a7)
2021-12-20 00:00:00
openSUSE: Security Advisory for go1.17 (openSUSE-SU-2021:3833-1)
2021-12-02 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: golang-1.16.11-1.fc35
2021-12-16 01:18:21
[SECURITY] Fedora 34 Update: golang-1.16.11-1.fc34
2021-12-16 01:14:10
[SECURITY] Fedora 34 Update: golang-1.16.12-1.fc34
2021-12-30 01:43:52
redhat
redhat
(RHSA-2021:5176) Important: go-toolset-1.16 and go-toolset-1.16-golang security and bug fix update
2021-12-16 10:37:14
(RHSA-2022:1745) Low: Release of OpenShift Serverless Client kn 1.22.0
2022-05-09 07:42:21
(RHSA-2022:1056) Moderate: Release of OpenShift Serverless Client kn 1.21.0
2022-03-24 15:02:11
suse
suse
Security update for go1.16 (moderate)
2021-12-06 00:00:00
Security update for go1.17 (moderate)
2021-12-01 00:00:00
Security update for go1.17 (moderate)
2021-12-23 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2021-11-04 00:00:00
go -- multiple vulnerabilities
2021-12-08 00:00:00
mageia
mageia
Updated golang packages fix security vulnerability
2021-12-03 21:45:31
Updated golang packages fix security vulnerability
2021-12-26 03:14:13
ibm
ibm
oraclelinux
oraclelinux
go-toolset:ol8 security and bug fix update
2021-12-16 00:00:00
go-toolset:ol8 security and bug fix update
2022-05-17 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.17.5-alt1
2021-12-09 00:00:00
Security fix for the ALT Linux 10 package golang version 1.17.3-alt1
2021-11-04 00:00:00
Security fix for the ALT Linux 10 package golang version 1.17.2-alt1
2021-10-11 00:00:00
osv
osv
Important: go-toolset:rhel8 security and bug fix update
2021-12-15 16:11:05
Important: go-toolset:rhel8 security and bug fix update
2021-12-15 16:11:05
golang-1.7 - security update
2022-01-21 00:00:00
almalinux
almalinux
Important: go-toolset:rhel8 security and bug fix update
2021-12-15 16:11:05
Moderate: go-toolset:rhel8 security and bug fix update
2022-05-10 06:29:31
rocky
rocky
go-toolset:rhel8 security and bug fix update
2021-12-15 16:11:05
go-toolset:rhel8 security and bug fix update
2022-05-10 06:29:31
ics
ics
Siemens Brownfield Connectivity Gateway
2023-02-16 12:00:00
debian
debian
[SECURITY] [DLA 2891-1] golang-1.8 security update
2022-01-21 22:02:40
[SECURITY] [DLA 2892-1] golang-1.7 security update
2022-01-21 22:02:47
[SECURITY] [DLA 3395-1] golang-1.11 security update
2023-04-19 21:42:48
photon
photon
Important Photon OS Security Update - PHSA-2021-3.0-0334
2021-11-21 00:00:00
Critical Photon OS Security Update - PHSA-2021-0130
2021-11-29 00:00:00
Critical Photon OS Security Update - PHSA-2021-4.0-0130
2021-11-28 00:00:00
veracode
veracode
Denial Of Service (DoS)
2021-03-11 03:11:01
Denial Of Service (DoS)
2021-10-11 04:53:12
Invalid I/O Calculation
2021-12-14 20:52:34
prion
prion
Buffer overflow
2021-10-18 06:15:00
Design/Logic Flaw
2021-03-11 00:15:00
Code injection
2021-11-08 06:15:00
alpinelinux
alpinelinux
githubexploit
githubexploit
Exploit for Classic Buffer Overflow in Golang Go
2023-11-15 20:52:36
Exploit for Classic Buffer Overflow in Golang Go
2024-04-04 01:17:05
ubuntucve
ubuntucve
debiancve
debiancve
redhatcve
redhatcve
cbl_mariner
cbl_mariner
CVE-2021-41772 affecting package golang 1.17.1-2
2022-04-26 19:57:46
CVE-2021-41772 affecting package golang 1.16.9-1
2021-12-17 20:09:37
CVE-2021-38297 affecting package golang 1.17.1-2
2022-04-26 19:57:46
cnvd
cnvd
Google Go buffer error vulnerability
2021-10-24 00:00:00
cve
cve