#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Alibaba Cloud Linux Security Advisory ALINUX3-SA-2021:0060.
##
include('compat.inc');
if (description)
{
script_id(236611);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2025/05/14");
script_cve_id(
"CVE-2019-14809",
"CVE-2020-14040",
"CVE-2020-28362",
"CVE-2020-28366",
"CVE-2020-28367",
"CVE-2021-3114",
"CVE-2021-27918",
"CVE-2021-31525",
"CVE-2021-33196",
"CVE-2021-34558"
);
script_name(english:"Alibaba Cloud Linux 3 : 0060: go-toolset:rhel8 (ALINUX3-SA-2021:0060)");
script_set_attribute(attribute:"synopsis", value:
"The remote Alibaba Cloud Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced
in the ALINUX3-SA-2021:0060 advisory.
Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities:
CVE-2019-14809:
net/url in Go before 1.11.13 and 1.12.x before 1.12.8 mishandles malformed hosts in URLs, leading to an
authorization bypass in some applications. This is related to a Host field with a suffix appearing in
neither Hostname() nor Port(), and is related to a non-numeric port number. For example, an attacker can
compose a crafted javascript:// URL that results in a hostname of google.com.
CVE-2020-14040:
The x/text package before 0.3.3 for Go has a vulnerability in encoding/unicode that could lead to the
UTF-16 decoder entering an infinite loop, causing the program to crash or run out of memory. An attacker
could provide a single byte to a UTF16 decoder instantiated with UseBOM or ExpectBOM to trigger an
infinite loop if the String function on the Decoder is called, or the Decoder is passed to
golang.org/x/text/transform.String.
CVE-2020-28362:
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. A flaw was found in the math/big
package of Go's standard library that causes a denial of service. Applications written in Go that use
math/big via cryptographic packages, including crypto/rsa and crypto/x509, are vulnerable and can
potentially cause panic via a crafted certificate chain. The highest threat from this vulnerability is to
system availability.
CVE-2020-28366:
Go before 1.14.12 and 1.15.x before 1.15.5 allows Code Injection. An input validation vulnerability was
found in Go. From a generated go file (from the cgo tool), it is possible to modify symbols within that
object file and specify code. This flaw allows an attacker to create a repository that includes malicious
pre-built object files that could execute arbitrary code when downloaded and run via `go get` or `go
build` while building a Go project. The highest threat from this vulnerability is to confidentiality,
integrity, as well as system availability.
CVE-2020-28367:
Go before 1.14.12 and 1.15.x before 1.15.5 allows Argument Injection. An input validation vulnerability
was found in Go. If cgo is specified in a Go file, it is possible to bypass the validation of arguments to
the gcc compiler. This flaw allows an attacker to create a malicious repository that can execute arbitrary
code when downloaded and run via `go get` or `go build` while building a Go project. The highest threat
from this vulnerability is to confidentiality and integrity as well as system availability.
CVE-2021-3114:
In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs,
related to an underflow of the lowest limb during the final complete reduction in the P-224 field. A flaw
detected in golang: crypto/elliptic, in which P-224 keys as generated can return incorrect inputs,
reducing the strength of the cryptography. The highest threat from this vulnerability is confidentiality
and integrity.
CVE-2021-27918:
encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader
(for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode,
DecodeElement, or Skip method.
CVE-2021-31525:
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of
service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each
be affected in some configurations.
CVE-2021-33196:
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's
header) can cause a NewReader or OpenReader panic.
CVE-2021-34558:
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an
X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS
server to cause a TLS client to panic.
Tenable has extracted the preceding description block directly from the Alibaba Cloud Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"http://mirrors.aliyun.com/alinux/3/cve/alinux3-sa-20210060.xml");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14809");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/13");
script_set_attribute(attribute:"patch_publication_date", value:"2021/08/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2025/05/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:go-toolset");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:golang");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:golang-bin");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:golang-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:golang-misc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:golang-race");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:golang-src");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:golang-tests");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alibabacloud:alibaba_cloud_linux_3");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Alibaba Cloud Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Alibaba/release", "Host/Alibaba/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/Alibaba/release');
if (isnull(os_release) || 'Alibaba Cloud Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Alibaba Cloud Linux');
var os_ver = pregmatch(pattern: "Alibaba Cloud Linux release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Alibaba Cloud Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Alibaba Cloud Linux 3.x', 'Alibaba Cloud Linux ' + os_ver);
if (!get_kb_item('Host/Alibaba/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Alibaba Cloud Linux', cpu);
var pkgs = [
{'reference':'go-toolset-1.15.14-1.1.al8', 'cpu':'aarch64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'go-toolset-1.15.14-1.1.al8', 'cpu':'x86_64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'golang-1.15.14-1.1.al8', 'cpu':'aarch64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'golang-1.15.14-1.1.al8', 'cpu':'x86_64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'golang-bin-1.15.14-1.1.al8', 'cpu':'aarch64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'golang-bin-1.15.14-1.1.al8', 'cpu':'x86_64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'golang-docs-1.15.14-1.1.al8', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'golang-misc-1.15.14-1.1.al8', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'golang-race-1.15.14-1.1.al8', 'cpu':'x86_64', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'golang-src-1.15.14-1.1.al8', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
{'reference':'golang-tests-1.15.14-1.1.al8', 'release':'3', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'Alibaba Linux ' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'go-toolset / golang / golang-bin / golang-docs / golang-misc / etc');
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation