Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ALMA_LINUX_ALSA-2023-2487.NASLHistoryMay 14, 2023 - 12:00 a.m.
AlmaLinux 9 : fwupd (ALSA-2023:2487)
2023-05-1400:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
16
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2023:2487 advisory.
-
When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file. (CVE-2022-3287)
-
A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
(CVE-2022-34301) -
A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre- boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader. Access to the EFI System Partition is required for booting using external media.
(CVE-2022-34302) -
A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader.
Access to the EFI System Partition is required for booting using external media. (CVE-2022-34303)
Note that Nessus has not tested for these issues but has instead relied only on the applicationโs self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# AlmaLinux Security Advisory ALSA-2023:2487.
##
include('compat.inc');
if (description)
{
script_id(175616);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/05/14");
script_cve_id(
"CVE-2022-3287",
"CVE-2022-34301",
"CVE-2022-34302",
"CVE-2022-34303"
);
script_xref(name:"ALSA", value:"2023:2487");
script_name(english:"AlmaLinux 9 : fwupd (ALSA-2023:2487)");
script_set_attribute(attribute:"synopsis", value:
"The remote AlmaLinux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ALSA-2023:2487 advisory.
- When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to
/etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same
configuration file. (CVE-2022-3287)
- A flaw was found in CryptoPro Secure Disk bootloaders before 2022-06-01. An attacker may use this
bootloader to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code
in the pre-boot stage, an attacker simply needs to replace the existing signed bootloader currently in use
with this bootloader. Access to the EFI System Partition is required for booting using external media.
(CVE-2022-34301)
- A flaw was found in New Horizon Datasys bootloaders before 2022-06-01. An attacker may use this bootloader
to bypass or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-
boot stage, an attacker simply needs to replace the existing signed bootloader currently in use with this
bootloader. Access to the EFI System Partition is required for booting using external media.
(CVE-2022-34302)
- A flaw was found in Eurosoft bootloaders before 2022-06-01. An attacker may use this bootloader to bypass
or tamper with Secure Boot protections. In order to load and execute arbitrary code in the pre-boot stage,
an attacker simply needs to replace the existing signed bootloader currently in use with this bootloader.
Access to the EFI System Partition is required for booting using external media. (CVE-2022-34303)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://errata.almalinux.org/9/ALSA-2023-2487.html");
script_set_attribute(attribute:"solution", value:
"Update the affected fwupd, fwupd-devel and / or fwupd-plugin-flashrom packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-3287");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-34303");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(256, 494, 552);
script_set_attribute(attribute:"vuln_publication_date", value:"2022/08/09");
script_set_attribute(attribute:"patch_publication_date", value:"2023/05/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:fwupd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:fwupd-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alma:linux:fwupd-plugin-flashrom");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::appstream");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::baseos");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::crb");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::highavailability");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::nfv");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::realtime");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::resilientstorage");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::sap");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::sap_hana");
script_set_attribute(attribute:"cpe", value:"cpe:/o:alma:linux:9::supplementary");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Alma Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AlmaLinux/release", "Host/AlmaLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/AlmaLinux/release');
if (isnull(os_release) || 'AlmaLinux' >!< os_release) audit(AUDIT_OS_NOT, 'AlmaLinux');
var os_ver = pregmatch(pattern: "AlmaLinux release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');
os_ver = os_ver[1];
if (! preg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 9.x', 'AlmaLinux ' + os_ver);
if (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);
var pkgs = [
{'reference':'fwupd-1.8.10-2.el9.alma', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'fwupd-1.8.10-2.el9.alma', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'fwupd-devel-1.8.10-2.el9.alma', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'fwupd-devel-1.8.10-2.el9.alma', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'fwupd-plugin-flashrom-1.8.10-2.el9.alma', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'fwupd-plugin-flashrom-1.8.10-2.el9.alma', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'Alma-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'fwupd / fwupd-devel / fwupd-plugin-flashrom');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| alma | linux | fwupd | p-cpe:/a:alma:linux:fwupd |
| alma | linux | fwupd-devel | p-cpe:/a:alma:linux:fwupd-devel |
| alma | linux | fwupd-plugin-flashrom | p-cpe:/a:alma:linux:fwupd-plugin-flashrom |
| alma | linux | 9 | cpe:/o:alma:linux:9 |
| alma | linux | 9 | cpe:/o:alma:linux:9::appstream |
| alma | linux | 9 | cpe:/o:alma:linux:9::baseos |
| alma | linux | 9 | cpe:/o:alma:linux:9::crb |
| alma | linux | 9 | cpe:/o:alma:linux:9::highavailability |
| alma | linux | 9 | cpe:/o:alma:linux:9::nfv |
| alma | linux | 9 | cpe:/o:alma:linux:9::realtime |
Related
nessus
nessus
RHEL 9 : fwupd (RHSA-2023:2487)
2023-05-12 00:00:00
Oracle Linux 9 : fwupd (ELSA-2023-2487)
2023-05-15 00:00:00
RHEL 8 : fwupd (RHSA-2024:1106)
2024-03-05 00:00:00
osv
osv
Moderate: fwupd security and bug fix update
2023-05-09 00:00:00
CVE-2022-3287
2022-09-28 20:15:18
Moderate: fwupd security update
2023-11-28 22:42:52
redhat
redhat
(RHSA-2023:2487) Moderate: fwupd security and bug fix update
2023-05-09 05:12:08
(RHSA-2024:1403) Moderate: fwupd security update
2024-03-19 16:35:06
(RHSA-2023:7189) Moderate: fwupd security update
2023-11-14 08:47:29
oraclelinux
oraclelinux
fwupd security and bug fix update
2023-05-15 00:00:00
fwupd security update
2023-11-17 00:00:00
almalinux
almalinux
Moderate: fwupd security and bug fix update
2023-05-09 00:00:00
Moderate: fwupd security update
2023-11-14 00:00:00
cert
cert
Signed third party UEFI bootloaders are vulnerable to Secure Boot bypass
2022-08-11 00:00:00
thn
thn
mskb
mskb
KB5012170: Security update for Secure Boot DBX
2022-08-09 07:00:00
August 9, 2022โKB5016627 (OS Build 20348.887)
2022-10-11 07:00:00
August 9, 2022โKB5016629 (OS Build 22000.856)
2022-10-11 07:00:00
intel
intel
Intelยฎ NUC Firmware Advisory
2023-11-14 00:00:00
qualysblog
qualysblog
mscve
mscve
CERT/CC: CVE-2022-34302 New Horizon Data Systems Inc Boot Loader Bypass
2022-08-09 07:00:00
CERT/CC: CVE-20220-34303 Crypto Pro Boot Loader Bypass
2022-08-09 07:00:00
CERT/CC: CVE-2022-34301 Eurosoft Boot Loader Bypass
2022-08-09 07:00:00
prion
prion
Input validation
2022-08-26 18:15:00
Input validation
2022-08-26 18:15:00
Input validation
2022-08-26 18:15:00
cve
cve
redhatcve
redhatcve
alpinelinux
alpinelinux
CVE-2022-3287
2022-09-28 20:15:00
cnvd
cnvd
fwupd information disclosure vulnerability
2022-09-30 00:00:00
veracode
veracode
Information Disclosure
2022-10-11 13:16:39
rocky
rocky
fwupd security update
2023-11-28 22:42:52
debiancve
debiancve
CVE-2022-3287
2022-09-28 20:15:00
ubuntucve
ubuntucve
CVE-2022-3287
2022-09-28 00:00:00
avleonov
avleonov
kaspersky
kaspersky
KLA12603 Multiple vulnerabilities in Microsoft Products (ESU)
2022-08-09 00:00:00
KLA12602 Multiple vulnerabilities in Microsoft Windows
2022-08-09 00:00:00
openvas
openvas
Microsoft Windows Multiple Vulnerabilities (KB5016629)
2023-08-08 00:00:00
Microsoft Windows Multiple Vulnerabilities (KB5016616)
2022-08-10 00:00:00
rapid7blog
rapid7blog
Patch Tuesday - August 2022
2022-08-09 19:34:51
Related for ALMA_LINUX_ALSA-2023-2487.NASL