EulerOS 2.0 SP2 : sssd (EulerOS-SA-2019-2517)

2019-12-0400:00:00

www.tenable.com

5.7 Medium

AI Score

Confidence

High

JSON

According to the version of the sssd packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.(CVE-2018-16838)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(131670);
  script_version("1.6");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/08");

  script_cve_id("CVE-2018-16838");

  script_name(english:"EulerOS 2.0 SP2 : sssd (EulerOS-SA-2019-2517)");

  script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"According to the version of the sssd packages installed, the EulerOS
installation on the remote host is affected by the following
vulnerability :

  - A flaw was found in sssd Group Policy Objects
    implementation. When the GPO is not readable by SSSD
    due to a too strict permission settings on the server
    side, SSSD will allow all authenticated users to login
    instead of denying access.(CVE-2018-16838)

Note that Tenable Network Security has extracted the preceding
description block directly from the EulerOS security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.");
  # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2019-2517
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?dcf95b4d");
  script_set_attribute(attribute:"solution", value:
"Update the affected sssd package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-16838");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"patch_publication_date", value:"2019/12/04");
  script_set_attribute(attribute:"plugin_publication_date", value:"2019/12/04");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libipa_hbac");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libsss_autofs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libsss_certmap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libsss_idmap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libsss_nss_idmap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libsss_simpleifp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:libsss_sudo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-libipa_hbac");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-libsss_nss_idmap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-sss");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-sss-murmur");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-sssdconfig");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sssd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sssd-ad");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sssd-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sssd-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sssd-common-pac");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sssd-dbus");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sssd-ipa");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sssd-krb5");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sssd-krb5-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sssd-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sssd-libwbclient");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sssd-proxy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:sssd-tools");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Huawei Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2019-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
  script_exclude_keys("Host/EulerOS/uvp_version");

  exit(0);
}

include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0");

sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(2)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2");

uvp = get_kb_item("Host/EulerOS/uvp_version");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP2", "EulerOS UVP " + uvp);

if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);

flag = 0;

pkgs = ["libipa_hbac-1.15.2-50.8.h4",
        "libsss_autofs-1.15.2-50.8.h4",
        "libsss_certmap-1.15.2-50.8.h4",
        "libsss_idmap-1.15.2-50.8.h4",
        "libsss_nss_idmap-1.15.2-50.8.h4",
        "libsss_simpleifp-1.15.2-50.8.h4",
        "libsss_sudo-1.15.2-50.8.h4",
        "python-libipa_hbac-1.15.2-50.8.h4",
        "python-libsss_nss_idmap-1.15.2-50.8.h4",
        "python-sss-1.15.2-50.8.h4",
        "python-sss-murmur-1.15.2-50.8.h4",
        "python-sssdconfig-1.15.2-50.8.h4",
        "sssd-1.15.2-50.8.h4",
        "sssd-ad-1.15.2-50.8.h4",
        "sssd-client-1.15.2-50.8.h4",
        "sssd-common-1.15.2-50.8.h4",
        "sssd-common-pac-1.15.2-50.8.h4",
        "sssd-dbus-1.15.2-50.8.h4",
        "sssd-ipa-1.15.2-50.8.h4",
        "sssd-krb5-1.15.2-50.8.h4",
        "sssd-krb5-common-1.15.2-50.8.h4",
        "sssd-ldap-1.15.2-50.8.h4",
        "sssd-libwbclient-1.15.2-50.8.h4",
        "sssd-proxy-1.15.2-50.8.h4",
        "sssd-tools-1.15.2-50.8.h4"];

foreach (pkg in pkgs)
  if (rpm_check(release:"EulerOS-2.0", sp:"2", reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "sssd");
}

VendorProductVersionCPE
huaweieuleroslibipa_hbacp-cpe:/a:huawei:euleros:libipa_hbac
huaweieuleroslibsss_autofsp-cpe:/a:huawei:euleros:libsss_autofs
huaweieuleroslibsss_certmapp-cpe:/a:huawei:euleros:libsss_certmap
huaweieuleroslibsss_idmapp-cpe:/a:huawei:euleros:libsss_idmap
huaweieuleroslibsss_nss_idmapp-cpe:/a:huawei:euleros:libsss_nss_idmap
huaweieuleroslibsss_simpleifpp-cpe:/a:huawei:euleros:libsss_simpleifp
huaweieuleroslibsss_sudop-cpe:/a:huawei:euleros:libsss_sudo
huaweieulerospython-libipa_hbacp-cpe:/a:huawei:euleros:python-libipa_hbac
huaweieulerospython-libsss_nss_idmapp-cpe:/a:huawei:euleros:python-libsss_nss_idmap
huaweieulerospython-sssp-cpe:/a:huawei:euleros:python-sss

Vendor	Product	Version	CPE
huawei	euleros	libipa_hbac	p-cpe:/a:huawei:euleros:libipa_hbac
huawei	euleros	libsss_autofs	p-cpe:/a:huawei:euleros:libsss_autofs
huawei	euleros	libsss_certmap	p-cpe:/a:huawei:euleros:libsss_certmap
huawei	euleros	libsss_idmap	p-cpe:/a:huawei:euleros:libsss_idmap
huawei	euleros	libsss_nss_idmap	p-cpe:/a:huawei:euleros:libsss_nss_idmap
huawei	euleros	libsss_simpleifp	p-cpe:/a:huawei:euleros:libsss_simpleifp
huawei	euleros	libsss_sudo	p-cpe:/a:huawei:euleros:libsss_sudo
huawei	euleros	python-libipa_hbac	p-cpe:/a:huawei:euleros:python-libipa_hbac
huawei	euleros	python-libsss_nss_idmap	p-cpe:/a:huawei:euleros:python-libsss_nss_idmap
huawei	euleros	python-sss	p-cpe:/a:huawei:euleros:python-sss