The version of containerd on the host is vulnerable to memory consumption denial of service issu
Reporter | Title | Published | Views | Family All 100 |
---|---|---|---|---|
Tenable Nessus | EulerOS 2.0 SP11 : containerd (EulerOS-SA-2023-1421) | 7 Mar 202300:00 | โ | nessus |
Tenable Nessus | Photon OS 4.0: Containerd PHSA-2022-4.0-0195 | 23 Jul 202400:00 | โ | nessus |
Tenable Nessus | EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2023-2190) | 9 Jun 202300:00 | โ | nessus |
Tenable Nessus | Amazon Linux 2 : containerd (ALASNITRO-ENCLAVES-2022-020) | 10 Jun 202200:00 | โ | nessus |
Tenable Nessus | Amazon Linux 2022 : (ALAS2022-2022-088) | 6 Sep 202200:00 | โ | nessus |
Tenable Nessus | EulerOS 2.0 SP11 : containerd (EulerOS-SA-2023-1406) | 7 Mar 202300:00 | โ | nessus |
Tenable Nessus | EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-2414) | 8 Oct 202200:00 | โ | nessus |
Tenable Nessus | EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-2427) | 8 Oct 202200:00 | โ | nessus |
Tenable Nessus | Amazon Linux 2 : containerd (ALASDOCKER-2022-019) | 10 Jun 202200:00 | โ | nessus |
Tenable Nessus | Photon OS 3.0: Containerd PHSA-2022-3.0-0402 | 24 Jul 202400:00 | โ | nessus |
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux AMI Security Advisory ALAS-2022-1600.
##
include('compat.inc');
if (description)
{
script_id(161997);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/06/17");
script_cve_id("CVE-2022-31030");
script_name(english:"Amazon Linux AMI : containerd (ALAS-2022-1600)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux AMI host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The version of containerd installed on the remote host is prior to 1.4.13-3. It is, therefore, affected by a
vulnerability as referenced in the ALAS-2022-1600 advisory.
- containerd is an open source container runtime. A bug was found in the containerd's CRI implementation
where programs inside a container can cause the containerd daemon to consume memory without bound during
invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the
computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to
use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing
processes via an exec facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should
update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted
images and commands are used. (CVE-2022-31030)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2022-1600.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-31030.html");
script_set_attribute(attribute:"solution", value:
"Run 'yum update containerd' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-31030");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/06/06");
script_set_attribute(attribute:"patch_publication_date", value:"2022/06/06");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/06/10");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:containerd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:containerd-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:containerd-stress");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item("Host/AmazonLinux/release");
if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
var os_ver = os_ver[1];
if (os_ver != "A")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var pkgs = [
{'reference':'containerd-1.4.13-3.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'containerd-debuginfo-1.4.13-3.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},
{'reference':'containerd-stress-1.4.13-3.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var release = NULL;
var sp = NULL;
var cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {
if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "containerd / containerd-debuginfo / containerd-stress");
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo