The sysstat package in CentOS 8 is vulnerable to a size_t overflow issue, potentially leading to Remote Code Execution (RCE)
Reporter | Title | Published | Views | Family All 161 |
---|---|---|---|---|
![]() | CVE-2022-39377 affecting package sysstat for versions less than 12.7.1-1 | 9 Dec 202200:19 | – | cbl_mariner |
![]() | CVE-2022-39377 affecting package sysstat 12.3.3-2 | 30 Nov 202019:30 | – | cbl_mariner |
![]() | CVE-2022-39377 sysstat Incorrect Buffer Size calculation on 32-bit systems results in RCE via buffer overflow | 8 Nov 202200:00 | – | cvelist |
![]() | CVE-2023-33204 | 18 May 202300:00 | – | cvelist |
![]() | [SECURITY] Fedora 36 Update: sysstat-12.5.6-2.fc36 | 18 Nov 202200:45 | – | fedora |
![]() | [SECURITY] Fedora 35 Update: sysstat-12.5.6-2.fc35 | 18 Nov 202201:06 | – | fedora |
![]() | [SECURITY] Fedora 37 Update: sysstat-12.6.0-4.fc37 | 18 Nov 202201:17 | – | fedora |
![]() | Updated sysstat packages fix security vulnerability | 19 Nov 202201:50 | – | mageia |
![]() | Updated sysstat packages fix security vulnerability | 19 Jun 202319:29 | – | mageia |
![]() | Moderate: sysstat security and bug fix update | 9 May 202300:00 | – | osv |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Red Hat Security Advisory RHSA-2023:2800. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(175877);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/05/16");
script_cve_id("CVE-2022-39377");
script_xref(name:"RHSA", value:"2023:2800");
script_name(english:"CentOS 8 : sysstat (CESA-2023:2800)");
script_set_attribute(attribute:"synopsis", value:
"The remote CentOS host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the
CESA-2023:2800 advisory.
- sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in
versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in
sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic
multiplication, allowing for an overflow in the size allocated for the buffer representing system
activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version
12.7.1. (CVE-2022-39377)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2023:2800");
script_set_attribute(attribute:"solution", value:
"Update the affected sysstat package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-39377");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/11/08");
script_set_attribute(attribute:"patch_publication_date", value:"2023/05/16");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/05/16");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:8-stream");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:sysstat");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CentOS Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/CentOS/release');
if (isnull(os_release) || 'CentOS' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS');
var os_ver = pregmatch(pattern: "CentOS(?: Stream)?(?: Linux)? release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');
os_ver = os_ver[1];
if ('CentOS Stream' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);
if (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);
var pkgs = [
{'reference':'sysstat-11.7.3-9.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'sysstat-11.7.3-9.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'CentOS-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (reference && _release) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'sysstat');
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo