CentOS 7 : etcd (RHSA-2021:1407)

🗓️ 09 Oct 2024 00:00:00Reported by TenableType

The CentOS 7 host is affected by multiple vulnerabilities in etcd package as referenced in RHSA-2021:1407 advisory

Reporter	Title	Published	Views	Family All 137
IBM Security Bulletins	Security Bulletin: IBM API Connect is vulnerable to denial of service (DoS) via etcd (CVE-2020-15106 CVE-2020-15112 CVE-2020-15113)	2 Feb 202113:37	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities affect IBM® Db2® On Openshift and IBM® Db2® and Db2 Warehouse® on Cloud Pak for Data	29 Jun 202217:05	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in go.etcd.io/etcd package affects IBM Watson Machine Learning Accelerator on Cloud Pak for Data	6 Dec 202316:17	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Private is vulnerable to etcd vulnerabilities (CVE-2020-15106, CVE-2020-15112, CVE-2020-15113)	26 Feb 202114:21	–	ibm
IBM Security Bulletins	Security Bulletin: Open Source Dependency Vulnerability	15 May 202318:36	–	ibm
ALT Linux	Security fix for the ALT Linux 10 package etcd version 3.4.13-alt1	5 Sep 202000:00	–	altlinux
ATTACKERKB	CVE-2020-15112	5 Aug 202020:15	–	attackerkb
ATTACKERKB	CVE-2020-15106	5 Aug 202019:15	–	attackerkb
CBLMariner	CVE-2020-15106 affecting package etcd for versions less than 3.5.0-3	9 Apr 202206:52	–	cbl_mariner
CBLMariner	CVE-2020-15112 affecting package etcd for versions less than 3.5.0-3	9 Apr 202206:52	–	cbl_mariner

Source	Link
access	www.access.redhat.com/errata/RHSA-2021:1407
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2021:1407.
##

include('compat.inc');

if (description)
{
  script_id(208622);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/10/09");

  script_cve_id("CVE-2020-15106", "CVE-2020-15112");
  script_xref(name:"RHSA", value:"2021:1407");

  script_name(english:"CentOS 7 : etcd (RHSA-2021:1407)");

  script_set_attribute(attribute:"synopsis", value:
"The remote CentOS Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the
RHSA-2021:1407 advisory.

  - In etcd before versions 3.3.23 and 3.4.10, a large slice causes panic in decodeRecord method. The size of
    a record is stored in the length field of a WAL file and no additional validation is done on this data.
    Therefore, it is possible to forge an extremely large frame size that can unintentionally panic at the
    expense of any RAFT participant trying to decode the WAL. (CVE-2020-15106)

  - In etcd before versions 3.3.23 and 3.4.10, it is possible to have an entry index greater then the number
    of entries in the ReadAll method in wal/wal.go. This could cause issues when WAL entries are being read
    during consensus as an arbitrary etcd consensus participant could go down from a runtime panic when
    reading the entry. (CVE-2020-15112)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2021:1407");
  script_set_attribute(attribute:"solution", value:
"Update the affected etcd package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-15112");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_set_attribute(attribute:"vendor_severity", value:"Moderate");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/08/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/04/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/10/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:etcd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:7");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CentOS Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/CentOS/release');
if (isnull(os_release) || 'CentOS' >!< os_release) audit(AUDIT_OS_NOT, 'CentOS');
var os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);

if (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);

var pkgs = [
    {'reference':'etcd-3.2.32-1.el7_9', 'cpu':'ppc64le', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'etcd-3.2.32-1.el7_9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (reference && _release) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'etcd');
}

09 Oct 2024 00:00Current

7.5High risk

Vulners AI Score7.5

CVSS 24

CVSS 3.16.5

EPSS0.00149