EulerOS 2.0 SP5 : docker-engine (EulerOS-SA-2022-1886)

2022-06-17T00:00:00

Description

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a foreign layer), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources. Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected. (CVE-2020-15157) - containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim's API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the 'host' network namespace, for example with docker run --net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container's privilege, regardless of what container runtime is used for running that container. (CVE-2020-15257) - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. (CVE-2021-32760) - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability. A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103) - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. (CVE-2022-24769) Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

{"id": "EULEROS_SA-2022-1886.NASL", "vendorId": null, "type": "nessus", "bulletinFamily": "scanner", "title": "EulerOS 2.0 SP5 : docker-engine (EulerOS-SA-2022-1886)", "description": "According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a foreign layer), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources.\n Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected. (CVE-2020-15157)\n\n - containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows.\n In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim's API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the 'host' network namespace, for example with docker run --net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container's privilege, regardless of what container runtime is used for running that container. (CVE-2020-15257)\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. (CVE-2021-32760)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2022-06-17T00:00:00", "modified": "2023-10-20T00:00:00", "epss": [], "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://www.tenable.com/plugins/nessus/162362", "reporter": "This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["http://www.nessus.org/u?d8229852", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15157", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-32760", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24769", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41103", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15257"], "cvelist": ["CVE-2020-15157", "CVE-2020-15257", "CVE-2021-32760", "CVE-2021-41103", "CVE-2022-24769"], "immutableFields": [], "lastseen": "2023-10-21T16:03:46", "viewCount": 15, "enchantments": {"score": {"value": 7.7, "vector": "NONE"}, "dependencies": {"references": [{"type": "alpinelinux", "idList": ["ALPINE:CVE-2020-15257", "ALPINE:CVE-2021-32760", "ALPINE:CVE-2021-41103", "ALPINE:CVE-2022-24769"]}, {"type": "altlinux", "idList": ["7A477C050DF3F712A5071461488CE37C"]}, {"type": "amazon", "idList": ["ALAS-2020-1455", "ALAS-2021-1523", "ALAS-2021-1540", "ALAS-2021-1555", "ALAS-2022-1582", "ALAS2-2022-1775"]}, {"type": "archlinux", "idList": ["ASA-202012-8", "ASA-202107-70"]}, {"type": "attackerkb", "idList": ["AKB:965E10D2-5365-4768-AD84-6D6B9E878CBF"]}, {"type": "cve", "idList": ["CVE-2020-15157", "CVE-2020-15257", "CVE-2021-32760", "CVE-2021-41103", "CVE-2022-24769"]}, {"type": "debian", "idList": ["DEBIAN:DSA-4865-1:E637E", "DEBIAN:DSA-5002-1:C91D8", "DEBIAN:DSA-5002-1:FE3C9", "DEBIAN:DSA-5162-1:83441"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2020-15157", "DEBIANCVE:CVE-2020-15257", "DEBIANCVE:CVE-2021-32760", "DEBIANCVE:CVE-2021-41103", "DEBIANCVE:CVE-2022-24769"]}, {"type": "fedora", "idList": ["FEDORA:2FB853059E16", "FEDORA:339E83048A0E", "FEDORA:3913A30B133D", "FEDORA:3E17230B6FC0", "FEDORA:439553083D01", "FEDORA:5C9773085FEF", "FEDORA:7D74530758FB", "FEDORA:A109F3097BA5", "FEDORA:B0F3C30BEB9E", "FEDORA:CD65730F8F93", "FEDORA:EA205305E4F5", "FEDORA:EE81630584D8"]}, {"type": "gentoo", "idList": ["GLSA-202105-33"]}, {"type": "github", "idList": ["GHSA-36XW-FX78-C5R4", "GHSA-742W-89GC-8M9C", "GHSA-C2H3-6MXW-7MVQ", "GHSA-C72P-9XMJ-RX3W"]}, {"type": "githubexploit", "idList": ["EEEB5AA5-1DFC-529A-A0F1-D4D66C503664"]}, {"type": "ibm", "idList": ["24B1AE073C3E8B032429754E1E35B7D96539587DDA275F7A13183F44D07B88D2", "286E0BB68EF41C1A09A86D748D63E06B3B1C610591E7391DE1B99AB5E72225F8", "2C376A245D04FD7BF94846A23BF08C4FDD21F3F3EEC473D5D7BC168FC777DE37", "352F9618283C7CC1BC53906B3D16053CDCA2EF2DACE3A32E57418C711B4759E9", "689E3015787595D64C910772E4B780065F2D1224B5672102F4B7600825B3EC77", "72E7AF4810645A74EE755605BEE8DE4EB2B74F3B710D63463C7B5B8748A244E4", "8BA7BFE42522241407F23A0FE292C5AC9612C5927877DC040D3DF3109B616182", "8CF75CE76A214C8E66E3A8881ED4D041C386151E2AD24B89D0E7F34885082D9F", "905E85897A4D9FFEAFECEDC427078EC3A58B542FBD327D908E46D8E939E4B4D0", "A132B986390AF1F9E72FC2BA2D182292BDE9C04B2252C517AB8A39E9F7A25581", "BC833C23BBEB81DC30F26014A70792A9D0E36E4FB4F6F70D589D1606D3780C58", "ECC51A8C423F5EDA50374654A4E746F6D31797DF6F144FAD256C43D958E0F349"]}, {"type": "ics", "idList": ["ICSA-22-167-09"]}, {"type": "kitploit", "idList": ["KITPLOIT:1751489026679880812", "KITPLOIT:8656177976839178440"]}, {"type": "mageia", "idList": ["MGASA-2020-0406", "MGASA-2021-0484", "MGASA-2022-0117", "MGASA-2022-0144"]}, {"type": "nessus", "idList": ["AL2022_ALAS2022-2022-054.NASL", "AL2022_ALAS2022-2022-210.NASL", "AL2022_ALAS2022-2022-237.NASL", "AL2023_ALAS2023-2023-079.NASL", "AL2_ALAS-2022-016.NASL", "AL2_ALAS-2022-018.NASL", "AL2_ALAS-2022-1775.NASL", "AL2_ALASDOCKER-2022-016.NASL", "AL2_ALASDOCKER-2022-018.NASL", "AL2_ALASECS-2022-001.NASL", "AL2_ALASNITRO-ENCLAVES-2022-016.NASL", "AL2_ALASNITRO-ENCLAVES-2022-019.NASL", "ALA_ALAS-2020-1455.NASL", "ALA_ALAS-2021-1523.NASL", "ALA_ALAS-2021-1540.NASL", "ALA_ALAS-2022-1582.NASL", "DEBIAN_DSA-4865.NASL", "DEBIAN_DSA-5002.NASL", "DEBIAN_DSA-5162.NASL", "EULEROS_SA-2021-1245.NASL", "EULEROS_SA-2021-1264.NASL", "EULEROS_SA-2022-1239.NASL", "EULEROS_SA-2022-1251.NASL", "EULEROS_SA-2022-1424.NASL", "EULEROS_SA-2022-1445.NASL", "EULEROS_SA-2022-1482.NASL", "EULEROS_SA-2022-1501.NASL", "EULEROS_SA-2022-1926.NASL", "EULEROS_SA-2022-1963.NASL", "EULEROS_SA-2022-1993.NASL", "EULEROS_SA-2022-2129.NASL", "EULEROS_SA-2022-2154.NASL", "FEDORA_2020-BAEB8DBAEA.NASL", "GENTOO_GLSA-202105-33.NASL", "MARINER_MOBY-CONTAINERD_CVE-2021-41103.NASL", "MARINER_MOBY-RUNC_CVE-2022-24769.NASL", "OPENSUSE-2021-1081.NASL", "OPENSUSE-2021-1404.NASL", "OPENSUSE-2021-2412.NASL", "OPENSUSE-2021-278.NASL", "OPENSUSE-2021-3506.NASL", "OPENSUSE-2022-0334-1.NASL", "OPENSUSE-2022-23018-1.NASL", "ORACLELINUX_ELSA-2020-5900.NASL", "ORACLELINUX_ELSA-2020-5906.NASL", "ORACLELINUX_ELSA-2020-5964.NASL", "ORACLELINUX_ELSA-2020-5966.NASL", "ORACLELINUX_ELSA-2021-15790.NASL", "ORACLELINUX_ELSA-2021-9373.NASL", "PHOTONOS_PHSA-2020-2_0-0292_CONTAINERD.NASL", "PHOTONOS_PHSA-2020-2_0-0301_CONTAINERD.NASL", "PHOTONOS_PHSA-2020-3_0-0155_CONTAINERD.NASL", "PHOTONOS_PHSA-2020-3_0-0168_CONTAINERD.NASL", "PHOTONOS_PHSA-2021-1_0-0414_DOCKER.NASL", "PHOTONOS_PHSA-2021-1_0-0439_DOCKER.NASL", "PHOTONOS_PHSA-2021-2_0-0369_CONTAINERD.NASL", "PHOTONOS_PHSA-2021-2_0-0402_CONTAINERD.NASL", "PHOTONOS_PHSA-2021-3_0-0269_CONTAINERD.NASL", "PHOTONOS_PHSA-2021-3_0-0311_CONTAINERD.NASL", "PHOTONOS_PHSA-2021-4_0-0007_CONTAINERD.NASL", "PHOTONOS_PHSA-2021-4_0-0064_CONTAINERD.NASL", "PHOTONOS_PHSA-2021-4_0-0113_CONTAINERD.NASL", "REDHAT-RHSA-2020-5634.NASL", "SUSE_SU-2021-0435-1.NASL", "SUSE_SU-2021-2412-1.NASL", "SUSE_SU-2021-2413-1.NASL", "SUSE_SU-2021-3336-1.NASL", "SUSE_SU-2021-3506-1.NASL", "SUSE_SU-2022-0213-1.NASL", "SUSE_SU-2022-0334-1.NASL", "SUSE_SU-2022-1507-1.NASL", "SUSE_SU-2022-1689-1.NASL", "SUSE_SU-2022-23018-1.NASL", "SUSE_SU-2022-3312-1.NASL", "UBUNTU_USN-4589-1.NASL", "UBUNTU_USN-4589-2.NASL", "UBUNTU_USN-4653-1.NASL", "UBUNTU_USN-4653-2.NASL", "UBUNTU_USN-5012-1.NASL", "UBUNTU_USN-5100-1.NASL", "UBUNTU_USN-5521-1.NASL", "UBUNTU_USN-5776-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-5900", "ELSA-2020-5906", "ELSA-2020-5964", "ELSA-2020-5966", "ELSA-2021-15790", "ELSA-2021-9373"]}, {"type": "osv", "idList": ["OSV:DSA-5002-1", "OSV:DSA-5162-1", "OSV:GHSA-36XW-FX78-C5R4", "OSV:GHSA-742W-89GC-8M9C", "OSV:GHSA-C2H3-6MXW-7MVQ", "OSV:GHSA-C72P-9XMJ-RX3W"]}, {"type": "photon", "idList": ["PHSA-2020-0155", "PHSA-2020-0168", "PHSA-2020-2.0-0292", "PHSA-2020-2.0-0301", "PHSA-2020-3.0-0155", "PHSA-2020-3.0-0168", "PHSA-2021-0007", "PHSA-2021-0064", "PHSA-2021-0113", "PHSA-2021-0269", "PHSA-2021-0311", "PHSA-2021-0402", "PHSA-2021-0414", "PHSA-2021-0439", "PHSA-2021-1.0-0414", "PHSA-2021-1.0-0439", "PHSA-2021-2.0-0369", "PHSA-2021-2.0-0402", "PHSA-2021-3.0-0269", "PHSA-2021-3.0-0311", "PHSA-2021-4.0-0007", "PHSA-2021-4.0-0064", "PHSA-2021-4.0-0113", "PHSA-2022-0266", "PHSA-2022-4.0-0266", "PHSA-2023-5.0-0041"]}, {"type": "prion", "idList": ["PRION:CVE-2021-32760", "PRION:CVE-2021-41103", "PRION:CVE-2022-24769"]}, {"type": "redhat", "idList": ["RHSA-2020:5633", "RHSA-2020:5634", "RHSA-2020:5635", "RHSA-2022:1357", "RHSA-2022:1363", "RHSA-2022:1370", "RHSA-2022:1622", "RHSA-2022:1699", "RHSA-2022:2183", "RHSA-2022:2265", "RHSA-2022:5673", "RHSA-2022:6517", "RHSA-2023:5952"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-15157", "RH:CVE-2020-15257", "RH:CVE-2021-32760", "RH:CVE-2021-41103", "RH:CVE-2022-24769", "RH:CVE-2022-27649", "RH:CVE-2022-27650", "RH:CVE-2022-27651", "RH:CVE-2022-27652"]}, {"type": "redos", "idList": ["ROS-20220125-12"]}, {"type": "rosalinux", "idList": ["ROSA-SA-2023-2209"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:0278-1", "OPENSUSE-SU-2021:1081-1", "OPENSUSE-SU-2021:1404-1", "OPENSUSE-SU-2021:2412-1", "OPENSUSE-SU-2021:3506-1", "OPENSUSE-SU-2022:0334-1", "OPENSUSE-SU-2022:23018-1", "SUSE-SU-2022:1689-1"]}, {"type": "threatpost", "idList": ["THREATPOST:39625C47309704502299C3CF93814CFA", "THREATPOST:939D3A37125502BC9EE7A2E56EB485A7", "THREATPOST:CCBBEA3067FE857C1A87F48128362DB2"]}, {"type": "ubuntu", "idList": ["USN-4589-1", "USN-4589-2", "USN-4653-1", "USN-4653-2", "USN-5012-1", "USN-5100-1", "USN-5521-1", "USN-5776-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-15157", "UB:CVE-2020-15257", "UB:CVE-2021-32760", "UB:CVE-2021-41103", "UB:CVE-2022-24769"]}, {"type": "veracode", "idList": ["VERACODE:27611", "VERACODE:28056", "VERACODE:32367", "VERACODE:34829"]}]}, "epss": [{"cve": "CVE-2020-15157", "epss": 0.00295, "percentile": 0.64676, "modified": "2023-05-01"}, {"cve": "CVE-2020-15257", "epss": 0.00045, "percentile": 0.12283, "modified": "2023-05-01"}, {"cve": "CVE-2021-32760", "epss": 0.0012, "percentile": 0.44762, "modified": "2023-05-01"}, {"cve": "CVE-2021-41103", "epss": 0.00045, "percentile": 0.12121, "modified": "2023-05-02"}, {"cve": "CVE-2022-24769", "epss": 0.00058, "percentile": 0.22668, "modified": "2023-05-02"}], "vulnersScore": 7.7}, "_state": {"score": 1698846385, "dependencies": 1697916909, "epss": 0}, "_internal": {"score_hash": "e6b787c8cf5593112b50c7b20e5b24be"}, "pluginID": "162362", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162362);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2020-15157\",\n \"CVE-2020-15257\",\n \"CVE-2021-32760\",\n \"CVE-2021-41103\",\n \"CVE-2022-24769\"\n );\n\n script_name(english:\"EulerOS 2.0 SP5 : docker-engine (EulerOS-SA-2022-1886)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is\naffected by the following vulnerabilities :\n\n - In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking\n vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format\n includes a URL for the location of a specific image layer (otherwise known as a foreign layer), the\n default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or\n later, the default containerd resolver will provide its authentication credentials if the server where the\n URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker\n publishes a public image with a manifest that directs one of the layers to be fetched from a web server\n they control and they trick a user or system into pulling the image, they can obtain the credentials used\n for pulling that image. In some cases, this may be the user's username and password for the registry. In\n other cases, this may be the credentials attached to the cloud virtual instance which can grant access to\n other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin\n (which can be used by Kubernetes), the ctr development tool, and other client programs that have\n explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and\n later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using\n cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources.\n Other container runtimes built on top of containerd but not using the default resolver (such as Docker)\n are not affected. (CVE-2020-15157)\n\n - containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows.\n In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host\n network containers. Access controls for the shim's API socket verified that the connecting process had an\n effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would\n allow malicious containers running in the same network namespace as the shim, with an effective UID of 0\n but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This\n vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon\n as they are released. It should be noted that containers started with an old version of containerd-shim\n should be stopped and restarted, as running containers will continue to be vulnerable even after an\n upgrade. If you are not providing the ability for untrusted users to start containers in the same network\n namespace as the shim (typically the 'host' network namespace, for example with docker run --net=host or\n hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this\n issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract\n sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice\n to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The\n containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of\n isolation mechanisms used for a container necessarily increases that container's privilege, regardless of\n what container runtime is used for running that container. (CVE-2020-15257)\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where\n pulling and extracting a specially-crafted container image can result in Unix file permission changes for\n existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner\n of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does\n not directly allow files to be read, modified, or executed without an additional cooperating process. This\n bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from\n trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially\n affected by this bug through policies and profiles that prevent containerd from interacting with specific\n files. (CVE-2021-32760)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug\n was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with\n non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling\n programs with inheritable file capabilities to elevate those capabilities to the permitted set during\n `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise\n unprivileged users and processes can execute those programs and gain the specified file capabilities up to\n the bounding set. Due to this bug, containers which included executable programs with inheritable file\n capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable\n file capabilities up to the container's bounding set. Containers which use Linux users and groups to\n perform privilege separation inside the container are most directly impacted. This bug did not affect the\n container security sandbox as the inheritable set never contained more capabilities than were included in\n the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers\n should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes\n Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a\n workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop\n inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1886\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d8229852\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected docker-engine packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:docker-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:docker-engine-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"docker-engine-18.09.0.101-1.h52.22.9.eulerosv2r7\",\n \"docker-engine-selinux-18.09.0.101-1.h52.22.9.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker-engine\");\n}\n", "naslFamily": "Huawei Local Security Checks", "cpe": ["p-cpe:/a:huawei:euleros:docker-engine", "p-cpe:/a:huawei:euleros:docker-engine-selinux", "cpe:/o:huawei:euleros:2.0"], "solution": "Update the affected docker-engine packages.", "nessusSeverity": "High", "cvssScoreSource": "CVE-2021-41103", "vendor_cvss2": {"score": 7.2, "vector": "CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "vendor_cvss3": {"score": 7.8, "vector": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}, "vpr": {"risk factor": "Medium", "score": "6.7"}, "exploitAvailable": true, "exploitEase": "Exploits are available", "patchPublicationDate": "2022-06-17T00:00:00", "vulnerabilityPublicationDate": "2020-10-16T00:00:00", "exploitableWith": []}

{"nessus": [{"lastseen": "2023-05-17T16:32:19", "description": "According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a foreign layer), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources.\n Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected. (CVE-2020-15157)\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. (CVE-2021-32760)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-06-22T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2022-1926)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15157", "CVE-2021-32760", "CVE-2021-41103", "CVE-2022-24769"], "modified": "2022-06-22T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:docker-engine", "p-cpe:/a:huawei:euleros:docker-engine-selinux", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1926.NASL", "href": "https://www.tenable.com/plugins/nessus/162441", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162441);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/22\");\n\n script_cve_id(\n \"CVE-2020-15157\",\n \"CVE-2021-32760\",\n \"CVE-2021-41103\",\n \"CVE-2022-24769\"\n );\n\n script_name(english:\"EulerOS 2.0 SP8 : docker-engine (EulerOS-SA-2022-1926)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is\naffected by the following vulnerabilities :\n\n - In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking\n vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format\n includes a URL for the location of a specific image layer (otherwise known as a foreign layer), the\n default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or\n later, the default containerd resolver will provide its authentication credentials if the server where the\n URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker\n publishes a public image with a manifest that directs one of the layers to be fetched from a web server\n they control and they trick a user or system into pulling the image, they can obtain the credentials used\n for pulling that image. In some cases, this may be the user's username and password for the registry. In\n other cases, this may be the credentials attached to the cloud virtual instance which can grant access to\n other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin\n (which can be used by Kubernetes), the ctr development tool, and other client programs that have\n explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and\n later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using\n cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources.\n Other container runtimes built on top of containerd but not using the default resolver (such as Docker)\n are not affected. (CVE-2020-15157)\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where\n pulling and extracting a specially-crafted container image can result in Unix file permission changes for\n existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner\n of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does\n not directly allow files to be read, modified, or executed without an additional cooperating process. This\n bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from\n trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially\n affected by this bug through policies and profiles that prevent containerd from interacting with specific\n files. (CVE-2021-32760)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug\n was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with\n non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling\n programs with inheritable file capabilities to elevate those capabilities to the permitted set during\n `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise\n unprivileged users and processes can execute those programs and gain the specified file capabilities up to\n the bounding set. Due to this bug, containers which included executable programs with inheritable file\n capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable\n file capabilities up to the container's bounding set. Containers which use Linux users and groups to\n perform privilege separation inside the container are most directly impacted. This bug did not affect the\n container security sandbox as the inheritable set never contained more capabilities than were included in\n the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers\n should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes\n Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a\n workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop\n inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1926\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d4654544\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected docker-engine packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:docker-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:docker-engine-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"docker-engine-18.09.0.101-1.h52.22.10.eulerosv2r8\",\n \"docker-engine-selinux-18.09.0.101-1.h52.22.10.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker-engine\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:44:21", "description": "According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a foreign layer), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources.\n Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected. (CVE-2020-15157)\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. (CVE-2021-32760)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-04-20T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-1501)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15157", "CVE-2021-32760"], "modified": "2022-04-20T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:docker-engine", "p-cpe:/a:huawei:euleros:docker-engine-selinux", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1501.NASL", "href": "https://www.tenable.com/plugins/nessus/160004", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160004);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/20\");\n\n script_cve_id(\"CVE-2020-15157\", \"CVE-2021-32760\");\n\n script_name(english:\"EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-1501)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is\naffected by the following vulnerabilities :\n\n - In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking\n vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format\n includes a URL for the location of a specific image layer (otherwise known as a foreign layer), the\n default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or\n later, the default containerd resolver will provide its authentication credentials if the server where the\n URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker\n publishes a public image with a manifest that directs one of the layers to be fetched from a web server\n they control and they trick a user or system into pulling the image, they can obtain the credentials used\n for pulling that image. In some cases, this may be the user's username and password for the registry. In\n other cases, this may be the credentials attached to the cloud virtual instance which can grant access to\n other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin\n (which can be used by Kubernetes), the ctr development tool, and other client programs that have\n explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and\n later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using\n cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources.\n Other container runtimes built on top of containerd but not using the default resolver (such as Docker)\n are not affected. (CVE-2020-15157)\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where\n pulling and extracting a specially-crafted container image can result in Unix file permission changes for\n existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner\n of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does\n not directly allow files to be read, modified, or executed without an additional cooperating process. This\n bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from\n trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially\n affected by this bug through policies and profiles that prevent containerd from interacting with specific\n files. (CVE-2021-32760)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1501\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d066788c\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected docker-engine packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-32760\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:docker-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:docker-engine-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"docker-engine-18.09.0.200-200.h41.25.14.eulerosv2r10\",\n \"docker-engine-selinux-18.09.0.200-200.h41.25.14.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker-engine\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:44:22", "description": "According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a foreign layer), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources.\n Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected. (CVE-2020-15157)\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. (CVE-2021-32760)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-04-21T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-1482)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15157", "CVE-2021-32760"], "modified": "2022-04-21T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:docker-engine", "p-cpe:/a:huawei:euleros:docker-engine-selinux", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1482.NASL", "href": "https://www.tenable.com/plugins/nessus/160042", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160042);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/21\");\n\n script_cve_id(\"CVE-2020-15157\", \"CVE-2021-32760\");\n\n script_name(english:\"EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-1482)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is\naffected by the following vulnerabilities :\n\n - In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking\n vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format\n includes a URL for the location of a specific image layer (otherwise known as a foreign layer), the\n default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or\n later, the default containerd resolver will provide its authentication credentials if the server where the\n URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker\n publishes a public image with a manifest that directs one of the layers to be fetched from a web server\n they control and they trick a user or system into pulling the image, they can obtain the credentials used\n for pulling that image. In some cases, this may be the user's username and password for the registry. In\n other cases, this may be the credentials attached to the cloud virtual instance which can grant access to\n other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin\n (which can be used by Kubernetes), the ctr development tool, and other client programs that have\n explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and\n later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using\n cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources.\n Other container runtimes built on top of containerd but not using the default resolver (such as Docker)\n are not affected. (CVE-2020-15157)\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where\n pulling and extracting a specially-crafted container image can result in Unix file permission changes for\n existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner\n of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does\n not directly allow files to be read, modified, or executed without an additional cooperating process. This\n bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from\n trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially\n affected by this bug through policies and profiles that prevent containerd from interacting with specific\n files. (CVE-2021-32760)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1482\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8be201f3\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected docker-engine packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-32760\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:docker-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:docker-engine-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"docker-engine-18.09.0.200-200.h41.25.14.eulerosv2r10\",\n \"docker-engine-selinux-18.09.0.200-200.h41.25.14.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker-engine\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:44:18", "description": "According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a foreign layer), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources.\n Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected. (CVE-2020-15157)\n\n - In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using '--userns-remap', if the root user in the remapped namespace has access to the host filesystem they can modify files under '/var/lib/docker/<remapping>' that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user. (CVE-2021-21284)\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. (CVE-2021-32760)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-04-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : docker-engine (EulerOS-SA-2022-1424)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15157", "CVE-2021-21284", "CVE-2021-32760"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:docker-engine", "p-cpe:/a:huawei:euleros:docker-engine-selinux", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1424.NASL", "href": "https://www.tenable.com/plugins/nessus/159804", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159804);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\"CVE-2020-15157\", \"CVE-2021-21284\", \"CVE-2021-32760\");\n\n script_name(english:\"EulerOS 2.0 SP9 : docker-engine (EulerOS-SA-2022-1424)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is\naffected by the following vulnerabilities :\n\n - In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking\n vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format\n includes a URL for the location of a specific image layer (otherwise known as a foreign layer), the\n default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or\n later, the default containerd resolver will provide its authentication credentials if the server where the\n URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker\n publishes a public image with a manifest that directs one of the layers to be fetched from a web server\n they control and they trick a user or system into pulling the image, they can obtain the credentials used\n for pulling that image. In some cases, this may be the user's username and password for the registry. In\n other cases, this may be the credentials attached to the cloud virtual instance which can grant access to\n other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin\n (which can be used by Kubernetes), the ctr development tool, and other client programs that have\n explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and\n later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using\n cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources.\n Other container runtimes built on top of containerd but not using the default resolver (such as Docker)\n are not affected. (CVE-2020-15157)\n\n - In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in\n which access to remapped root allows privilege escalation to real root. When using '--userns-remap', if\n the root user in the remapped namespace has access to the host filesystem they can modify files under\n '/var/lib/docker/<remapping>' that cause writing files with extended privileges. Versions 20.10.3 and\n 19.03.15 contain patches that prevent privilege escalation from remapped user. (CVE-2021-21284)\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where\n pulling and extracting a specially-crafted container image can result in Unix file permission changes for\n existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner\n of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does\n not directly allow files to be read, modified, or executed without an additional cooperating process. This\n bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from\n trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially\n affected by this bug through policies and profiles that prevent containerd from interacting with specific\n files. (CVE-2021-32760)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1424\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9df58b92\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected docker-engine packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-32760\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21284\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:docker-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:docker-engine-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"docker-engine-18.09.0.129-1.h55.25.11.eulerosv2r9\",\n \"docker-engine-selinux-18.09.0.129-1.h55.25.11.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker-engine\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:43:42", "description": "According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a foreign layer), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources.\n Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected. (CVE-2020-15157)\n\n - In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in which access to remapped root allows privilege escalation to real root. When using '--userns-remap', if the root user in the remapped namespace has access to the host filesystem they can modify files under '/var/lib/docker/<remapping>' that cause writing files with extended privileges. Versions 20.10.3 and 19.03.15 contain patches that prevent privilege escalation from remapped user. (CVE-2021-21284)\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. (CVE-2021-32760)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-04-18T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : docker-engine (EulerOS-SA-2022-1445)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15157", "CVE-2021-21284", "CVE-2021-32760"], "modified": "2022-05-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:docker-engine", "p-cpe:/a:huawei:euleros:docker-engine-selinux", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1445.NASL", "href": "https://www.tenable.com/plugins/nessus/159808", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159808);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/06\");\n\n script_cve_id(\"CVE-2020-15157\", \"CVE-2021-21284\", \"CVE-2021-32760\");\n\n script_name(english:\"EulerOS 2.0 SP9 : docker-engine (EulerOS-SA-2022-1445)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is\naffected by the following vulnerabilities :\n\n - In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking\n vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format\n includes a URL for the location of a specific image layer (otherwise known as a foreign layer), the\n default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or\n later, the default containerd resolver will provide its authentication credentials if the server where the\n URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker\n publishes a public image with a manifest that directs one of the layers to be fetched from a web server\n they control and they trick a user or system into pulling the image, they can obtain the credentials used\n for pulling that image. In some cases, this may be the user's username and password for the registry. In\n other cases, this may be the credentials attached to the cloud virtual instance which can grant access to\n other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin\n (which can be used by Kubernetes), the ctr development tool, and other client programs that have\n explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and\n later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using\n cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources.\n Other container runtimes built on top of containerd but not using the default resolver (such as Docker)\n are not affected. (CVE-2020-15157)\n\n - In Docker before versions 9.03.15, 20.10.3 there is a vulnerability involving the --userns-remap option in\n which access to remapped root allows privilege escalation to real root. When using '--userns-remap', if\n the root user in the remapped namespace has access to the host filesystem they can modify files under\n '/var/lib/docker/<remapping>' that cause writing files with extended privileges. Versions 20.10.3 and\n 19.03.15 contain patches that prevent privilege escalation from remapped user. (CVE-2021-21284)\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where\n pulling and extracting a specially-crafted container image can result in Unix file permission changes for\n existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner\n of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does\n not directly allow files to be read, modified, or executed without an additional cooperating process. This\n bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from\n trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially\n affected by this bug through policies and profiles that prevent containerd from interacting with specific\n files. (CVE-2021-32760)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1445\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f8fa829b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected docker-engine packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-32760\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21284\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:docker-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:docker-engine-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"docker-engine-18.09.0.129-1.h55.25.11.eulerosv2r9\",\n \"docker-engine-selinux-18.09.0.129-1.h55.25.11.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker-engine\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:10", "description": "Multiple security issues were discovered in Docker, a Linux container runtime, which could result in denial of service, an information leak or privilege escalation.", "cvss3": {}, "published": "2021-03-01T00:00:00", "type": "nessus", "title": "Debian DSA-4865-1 : docker.io - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15157", "CVE-2020-15257", "CVE-2021-21284", "CVE-2021-21285"], "modified": "2022-05-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:docker.io", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4865.NASL", "href": "https://www.tenable.com/plugins/nessus/146922", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4865. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(146922);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/11\");\n\n script_cve_id(\"CVE-2020-15157\", \"CVE-2020-15257\", \"CVE-2021-21284\", \"CVE-2021-21285\");\n script_xref(name:\"DSA\", value:\"4865\");\n\n script_name(english:\"Debian DSA-4865-1 : docker.io - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security issues were discovered in Docker, a Linux container\nruntime, which could result in denial of service, an information leak\nor privilege escalation.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/docker.io\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/docker.io\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2021/dsa-4865\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the docker.io packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 18.09.1+dfsg1-7.1+deb10u3.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15257\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:docker.io\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/01\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"docker-doc\", reference:\"18.09.1+dfsg1-7.1+deb10u3\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"docker.io\", reference:\"18.09.1+dfsg1-7.1+deb10u3\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"golang-docker-dev\", reference:\"18.09.1+dfsg1-7.1+deb10u3\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"golang-github-docker-docker-dev\", reference:\"18.09.1+dfsg1-7.1+deb10u3\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"vim-syntax-docker\", reference:\"18.09.1+dfsg1-7.1+deb10u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T16:40:19", "description": "The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-5521-1 advisory.\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. (CVE-2021-32760)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\n - containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd's CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information.\n Kubernetes and crictl can both be configured to use containerd's CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.\n (CVE-2022-23648)\n\n - containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing processes via an exec facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used. (CVE-2022-31030)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-10-20T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM : containerd vulnerabilities (USN-5521-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-32760", "CVE-2021-41103", "CVE-2022-23648", "CVE-2022-31030"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:esm", "p-cpe:/a:canonical:ubuntu_linux:containerd"], "id": "UBUNTU_USN-5521-1.NASL", "href": "https://www.tenable.com/plugins/nessus/183540", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5521-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(183540);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\n \"CVE-2021-32760\",\n \"CVE-2021-41103\",\n \"CVE-2022-23648\",\n \"CVE-2022-31030\"\n );\n script_xref(name:\"USN\", value:\"5521-1\");\n\n script_name(english:\"Ubuntu 16.04 ESM : containerd vulnerabilities (USN-5521-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 ESM host has a package installed that is affected by multiple vulnerabilities as referenced in\nthe USN-5521-1 advisory.\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where\n pulling and extracting a specially-crafted container image can result in Unix file permission changes for\n existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner\n of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does\n not directly allow files to be read, modified, or executed without an additional cooperating process. This\n bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from\n trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially\n affected by this bug through policies and profiles that prevent containerd from interacting with specific\n files. (CVE-2021-32760)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\n - containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in\n containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd's CRI\n implementation on Linux with a specially-crafted image configuration could gain access to read-only copies\n of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container\n setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information.\n Kubernetes and crictl can both be configured to use containerd's CRI implementation. This bug has been\n fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.\n (CVE-2022-23648)\n\n - containerd is an open source container runtime. A bug was found in the containerd's CRI implementation\n where programs inside a container can cause the containerd daemon to consume memory without bound during\n invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the\n computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to\n use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing\n processes via an exec facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should\n update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted\n images and commands are used. (CVE-2022-31030)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5521-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected containerd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:containerd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2023 Canonical, Inc. / NASL script (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'containerd', 'pkgver': '1.2.6-0ubuntu1~16.04.6+esm2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:31", "description": "The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5900 advisory.\n\n - In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a foreign layer), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources.\n Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected. (CVE-2020-15157)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-28T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : docker-engine / docker-cli (ELSA-2020-5900)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15157"], "modified": "2023-05-03T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:docker-cli", "p-cpe:/a:oracle:linux:docker-engine"], "id": "ORACLELINUX_ELSA-2020-5900.NASL", "href": "https://www.tenable.com/plugins/nessus/142024", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5900.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142024);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/03\");\n\n script_cve_id(\"CVE-2020-15157\");\n\n script_name(english:\"Oracle Linux 7 : docker-engine / docker-cli (ELSA-2020-5900)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2020-5900 advisory.\n\n - In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking\n vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format\n includes a URL for the location of a specific image layer (otherwise known as a foreign layer), the\n default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or\n later, the default containerd resolver will provide its authentication credentials if the server where the\n URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker\n publishes a public image with a manifest that directs one of the layers to be fetched from a web server\n they control and they trick a user or system into pulling the image, they can obtain the credentials used\n for pulling that image. In some cases, this may be the user's username and password for the registry. In\n other cases, this may be the credentials attached to the cloud virtual instance which can grant access to\n other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin\n (which can be used by Kubernetes), the ctr development tool, and other client programs that have\n explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and\n later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using\n cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources.\n Other container runtimes built on top of containerd but not using the default resolver (such as Docker)\n are not affected. (CVE-2020-15157)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5900.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected docker-cli and / or docker-engine packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15157\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:docker-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:docker-engine\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'docker-cli-19.03.11.ol-6.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'docker-cli-19.03.11.ol-6.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'docker-engine-19.03.11.ol-6.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'docker-engine-19.03.11.ol-6.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'docker-cli / docker-engine');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:23:55", "description": "An update of the containerd package has been released.", "cvss3": {}, "published": "2020-10-23T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Containerd PHSA-2020-2.0-0292", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15157"], "modified": "2021-03-18T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:containerd", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2020-2_0-0292_CONTAINERD.NASL", "href": "https://www.tenable.com/plugins/nessus/141858", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-2.0-0292. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141858);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/18\");\n\n script_cve_id(\"CVE-2020-15157\");\n\n script_name(english:\"Photon OS 2.0: Containerd PHSA-2020-2.0-0292\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the containerd package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-292.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15157\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 2.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'containerd-1.2.14-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'containerd-doc-1.2.14-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'containerd-extras-1.2.14-1.ph2')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-27T15:02:04", "description": "The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4589-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-16T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS : containerd vulnerability (USN-4589-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15157"], "modified": "2023-10-23T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:containerd"], "id": "UBUNTU_USN-4589-1.NASL", "href": "https://www.tenable.com/plugins/nessus/141479", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4589-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141479);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/23\");\n\n script_cve_id(\"CVE-2020-15157\");\n script_xref(name:\"USN\", value:\"4589-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS : containerd vulnerability (USN-4589-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the\nUSN-4589-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's\nself-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4589-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected containerd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15157\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:containerd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'containerd', 'pkgver': '1.2.6-0ubuntu1~16.04.4'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T16:12:10", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by a vulnerability as referenced in the USN-4653-2 advisory.\n\n - containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows.\n In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shims API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the host network namespace, for example with docker run --net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container's privilege, regardless of what container runtime is used for running that container. (CVE-2020-15257)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-01-14T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : containerd vulnerability (USN-4653-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15257"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:containerd"], "id": "UBUNTU_USN-4653-2.NASL", "href": "https://www.tenable.com/plugins/nessus/145013", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4653-2. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(145013);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\"CVE-2020-15257\");\n script_xref(name:\"USN\", value:\"4653-2\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : containerd vulnerability (USN-4653-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by a\nvulnerability as referenced in the USN-4653-2 advisory.\n\n - containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows.\n In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host\n network containers. Access controls for the shims API socket verified that the connecting process had an\n effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would\n allow malicious containers running in the same network namespace as the shim, with an effective UID of 0\n but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This\n vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon\n as they are released. It should be noted that containers started with an old version of containerd-shim\n should be stopped and restarted, as running containers will continue to be vulnerable even after an\n upgrade. If you are not providing the ability for untrusted users to start containers in the same network\n namespace as the shim (typically the host network namespace, for example with docker run --net=host or\n hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this\n issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract\n sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice\n to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The\n containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of\n isolation mechanisms used for a container necessarily increases that container's privilege, regardless of\n what container runtime is used for running that container. (CVE-2020-15257)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4653-2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected containerd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15257\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/01/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/01/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:containerd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release || '18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'containerd', 'pkgver': '1.2.6-0ubuntu1~16.04.6'},\n {'osver': '18.04', 'pkgname': 'containerd', 'pkgver': '1.3.3-0ubuntu1~18.04.4'},\n {'osver': '20.04', 'pkgname': 'containerd', 'pkgver': '1.3.3-0ubuntu2.2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:27", "description": "The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the ALAS-2020-1455 advisory.\n\n - Access controls for the shim's API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. (CVE-2020-15257)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-30T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : containerd (ALAS-2020-1455)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15257"], "modified": "2021-01-27T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:containerd", "p-cpe:/a:amazon:linux:containerd-debuginfo", "p-cpe:/a:amazon:linux:containerd-stress", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2020-1455.NASL", "href": "https://www.tenable.com/plugins/nessus/143367", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n# \n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2020-1455.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143367);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/27\");\n\n script_cve_id(\"CVE-2020-15257\");\n script_xref(name:\"ALAS\", value:\"2020-1455\");\n\n script_name(english:\"Amazon Linux AMI : containerd (ALAS-2020-1455)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by a\nvulnerability as referenced in the ALAS-2020-1455 advisory.\n\n - Access controls for the shim's API socket verified that the connecting process had an effective UID of 0,\n but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious\n containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise\n reduced privileges, to cause new processes to be run with elevated privileges. (CVE-2020-15257)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2020-1455.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-15257\");\n script_set_attribute(attribute:\"solution\", value:\n\"\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15257\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-stress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'containerd-1.4.1-2.6.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'containerd-debuginfo-1.4.1-2.6.amzn1', 'cpu':'x86_64', 'release':'ALA'},\n {'reference':'containerd-stress-1.4.1-2.6.amzn1', 'cpu':'x86_64', 'release':'ALA'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"containerd / containerd-debuginfo / containerd-stress\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:59", "description": "According to the version of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim's API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released.\n It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the 'host' network namespace, for example with docker run --net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container's privilege, regardless of what container runtime is used for running that container.(CVE-2020-15257)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-02-05T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : kata-containers (EulerOS-SA-2021-1264)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15257"], "modified": "2021-04-19T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kata-containers", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1264.NASL", "href": "https://www.tenable.com/plugins/nessus/146231", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146231);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/19\");\n\n script_cve_id(\n \"CVE-2020-15257\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : kata-containers (EulerOS-SA-2021-1264)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the kata-containers package installed,\nthe EulerOS installation on the remote host is affected by the\nfollowing vulnerability :\n\n - containerd is an industry-standard container runtime\n and is available as a daemon for Linux and Windows. In\n containerd before versions 1.3.9 and 1.4.3, the\n containerd-shim API is improperly exposed to host\n network containers. Access controls for the shim's API\n socket verified that the connecting process had an\n effective UID of 0, but did not otherwise restrict\n access to the abstract Unix domain socket. This would\n allow malicious containers running in the same network\n namespace as the shim, with an effective UID of 0 but\n otherwise reduced privileges, to cause new processes to\n be run with elevated privileges. This vulnerability has\n been fixed in containerd 1.3.9 and 1.4.3. Users should\n update to these versions as soon as they are released.\n It should be noted that containers started with an old\n version of containerd-shim should be stopped and\n restarted, as running containers will continue to be\n vulnerable even after an upgrade. If you are not\n providing the ability for untrusted users to start\n containers in the same network namespace as the shim\n (typically the 'host' network namespace, for example\n with docker run --net=host or hostNetwork: true in a\n Kubernetes pod) and run with an effective UID of 0, you\n are not vulnerable to this issue. If you are running\n containers with a vulnerable configuration, you can\n deny access to all abstract sockets with AppArmor by\n adding a line similar to deny unix addr=@**, to your\n policy. It is best practice to run containers with a\n reduced set of privileges, with a non-zero UID, and\n with isolated namespaces. The containerd maintainers\n strongly advise against sharing namespaces with the\n host. Reducing the set of isolation mechanisms used for\n a container necessarily increases that container's\n privilege, regardless of what container runtime is used\n for running that container.(CVE-2020-15257)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1264\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?38fcb0c2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kata-containers package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kata-containers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"kata-containers-v1.11.1-6.h13.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kata-containers\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:09", "description": "An update of the containerd package has been released.", "cvss3": {}, "published": "2020-12-03T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Containerd PHSA-2020-2.0-0301", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15257"], "modified": "2021-01-27T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:containerd", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2020-2_0-0301_CONTAINERD.NASL", "href": "https://www.tenable.com/plugins/nessus/143446", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-2.0-0301. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143446);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/27\");\n\n script_cve_id(\"CVE-2020-15257\");\n\n script_name(english:\"Photon OS 2.0: Containerd PHSA-2020-2.0-0301\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the containerd package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-301.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15257\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 2.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'containerd-1.3.7-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'containerd-doc-1.3.7-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'containerd-extras-1.3.7-1.ph2')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-27T19:45:28", "description": "The version of containerd installed on the remote host is prior to 1.4.1-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2023-030 advisory.\n\n - containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows.\n In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim's API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the host network namespace, for example with docker run --net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container's privilege, regardless of what container runtime is used for running that container. (CVE-2020-15257)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-11-16T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : containerd (ALASECS-2023-030)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15257"], "modified": "2023-11-17T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:containerd", "p-cpe:/a:amazon:linux:containerd-debuginfo", "p-cpe:/a:amazon:linux:containerd-stress", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASECS-2023-030.NASL", "href": "https://www.tenable.com/plugins/nessus/185923", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASECS-2023-030.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(185923);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/17\");\n\n script_cve_id(\"CVE-2020-15257\");\n\n script_name(english:\"Amazon Linux 2 : containerd (ALASECS-2023-030)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of containerd installed on the remote host is prior to 1.4.1-2. It is, therefore, affected by a\nvulnerability as referenced in the ALAS2ECS-2023-030 advisory.\n\n - containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows.\n In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host\n network containers. Access controls for the shim's API socket verified that the connecting process had an\n effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would\n allow malicious containers running in the same network namespace as the shim, with an effective UID of 0\n but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This\n vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon\n as they are released. It should be noted that containers started with an old version of containerd-shim\n should be stopped and restarted, as running containers will continue to be vulnerable even after an\n upgrade. If you are not providing the ability for untrusted users to start containers in the same network\n namespace as the shim (typically the host network namespace, for example with docker run --net=host or\n hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this\n issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract\n sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice\n to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The\n containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of\n isolation mechanisms used for a container necessarily increases that container's privilege, regardless of\n what container runtime is used for running that container. (CVE-2020-15257)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASECS-2023-030.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2020-15257.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update containerd' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15257\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-stress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'containerd-1.4.1-2.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-1.4.1-2.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.1-2.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.1-2.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.1-2.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.1-2.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"containerd / containerd-debuginfo / containerd-stress\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-15T16:23:25", "description": "The version of containerd installed on the remote host is prior to 1.4.13-2. The version of docker installed on the remote host is prior to 20.10.13-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO- ENCLAVES-2022-019 advisory.\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-10T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : containerd, docker (ALASNITRO-ENCLAVES-2022-019)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-24769"], "modified": "2023-08-14T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:containerd", "p-cpe:/a:amazon:linux:containerd-debuginfo", "p-cpe:/a:amazon:linux:containerd-stress", "p-cpe:/a:amazon:linux:docker", "p-cpe:/a:amazon:linux:docker-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASNITRO-ENCLAVES-2022-019.NASL", "href": "https://www.tenable.com/plugins/nessus/162010", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASNITRO-ENCLAVES-2022-019.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162010);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/14\");\n\n script_cve_id(\"CVE-2022-24769\");\n\n script_name(english:\"Amazon Linux 2 : containerd, docker (ALASNITRO-ENCLAVES-2022-019)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of containerd installed on the remote host is prior to 1.4.13-2. The version of docker installed on the\nremote host is prior to 20.10.13-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-\nENCLAVES-2022-019 advisory.\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug\n was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with\n non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling\n programs with inheritable file capabilities to elevate those capabilities to the permitted set during\n `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise\n unprivileged users and processes can execute those programs and gain the specified file capabilities up to\n the bounding set. Due to this bug, containers which included executable programs with inheritable file\n capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable\n file capabilities up to the container's bounding set. Containers which use Linux users and groups to\n perform privilege separation inside the container are most directly impacted. This bug did not affect the\n container security sandbox as the inheritable set never contained more capabilities than were included in\n the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers\n should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes\n Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a\n workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop\n inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2022-019.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24769.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update containerd' to update your system.\n Run 'yum update docker' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24769\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-stress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:docker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'containerd-1.4.13-2.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-1.4.13-2.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.13-2.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.13-2.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.13-2.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.13-2.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-20.10.13-2.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-20.10.13-2.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-debuginfo-20.10.13-2.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-debuginfo-20.10.13-2.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"containerd / containerd-debuginfo / containerd-stress / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:44:09", "description": "This plugin has been deprecated following detection of an issue with overlapping filenames. Deprecated by al2_ALASDOCKER-2022-018.nasl (plugin ID 160412)", "cvss3": {}, "published": "2022-04-28T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : docker, containerd (ALAS-2022-018) (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-24769"], "modified": "2022-05-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:containerd", "p-cpe:/a:amazon:linux:containerd-debuginfo", "p-cpe:/a:amazon:linux:containerd-stress", "p-cpe:/a:amazon:linux:docker", "p-cpe:/a:amazon:linux:docker-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2022-018.NASL", "href": "https://www.tenable.com/plugins/nessus/160315", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2022-017.\n#\n# @DEPRECATED@\n#\n# Disabled on 2022/05/02. Deprecated by al2_ALASDOCKER-2022-018.nasl (plugin ID 160412)\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160315);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/02\");\n\n script_cve_id(\"CVE-2022-24769\");\n script_xref(name:\"ALAS\", value:\"2022-018\");\n\n script_name(english:\"Amazon Linux 2 : docker, containerd (ALAS-2022-018) (deprecated)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n \"This plugin has been deprecated following detection of an issue with overlapping filenames. \n Deprecated by al2_ALASDOCKER-2022-018.nasl (plugin ID 160412)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASDOCKER-2022-018.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24769.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"N/A\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24769\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-stress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:docker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\nexit(0, 'This plugin has been deprecated. Use al2_ALASDOCKER-2022-018.nasl (plugin ID 160412) instead.');\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:44:10", "description": "The version of containerd installed on the remote host is prior to 1.4.13-2.1. The version of docker installed on the remote host is prior to 20.10.13-2.1. It is, therefore, affected by a vulnerability as referenced in the ALAS-2022-1582 advisory.\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-29T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : containerd, docker (ALAS-2022-1582)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-24769"], "modified": "2022-04-29T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:containerd", "p-cpe:/a:amazon:linux:containerd-debuginfo", "p-cpe:/a:amazon:linux:containerd-stress", "p-cpe:/a:amazon:linux:docker", "p-cpe:/a:amazon:linux:docker-debuginfo", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2022-1582.NASL", "href": "https://www.tenable.com/plugins/nessus/160334", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2022-1582.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160334);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/29\");\n\n script_cve_id(\"CVE-2022-24769\");\n script_xref(name:\"ALAS\", value:\"2022-1582\");\n\n script_name(english:\"Amazon Linux AMI : containerd, docker (ALAS-2022-1582)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of containerd installed on the remote host is prior to 1.4.13-2.1. The version of docker installed on the\nremote host is prior to 20.10.13-2.1. It is, therefore, affected by a vulnerability as referenced in the ALAS-2022-1582\nadvisory.\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug\n was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with\n non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling\n programs with inheritable file capabilities to elevate those capabilities to the permitted set during\n `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise\n unprivileged users and processes can execute those programs and gain the specified file capabilities up to\n the bounding set. Due to this bug, containers which included executable programs with inheritable file\n capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable\n file capabilities up to the container's bounding set. Containers which use Linux users and groups to\n perform privilege separation inside the container are most directly impacted. This bug did not affect the\n container security sandbox as the inheritable set never contained more capabilities than were included in\n the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers\n should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes\n Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a\n workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop\n inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2022-1582.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24769.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update containerd' to update your system.\n Run 'yum update docker' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24769\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-stress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:docker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'containerd-1.4.13-2.1.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.13-2.1.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.13-2.1.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-20.10.13-2.1.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-debuginfo-20.10.13-2.1.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"containerd / containerd-debuginfo / containerd-stress / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T15:38:52", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by a vulnerability as referenced in the USN-4653-1 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-01T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : containerd vulnerability (USN-4653-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15257"], "modified": "2023-10-21T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:containerd"], "id": "UBUNTU_USN-4653-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143373", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4653-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143373);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/21\");\n\n script_cve_id(\"CVE-2020-15257\");\n script_xref(name:\"USN\", value:\"4653-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : containerd vulnerability (USN-4653-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by a\nvulnerability as referenced in the USN-4653-1 advisory. Note that Nessus has not tested for this issue but has instead\nrelied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4653-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected containerd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15257\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:containerd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release || '18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'containerd', 'pkgver': '1.2.6-0ubuntu1~16.04.5'},\n {'osver': '18.04', 'pkgname': 'containerd', 'pkgver': '1.3.3-0ubuntu1~18.04.3'},\n {'osver': '20.04', 'pkgname': 'containerd', 'pkgver': '1.3.3-0ubuntu2.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:26", "description": "An update of the containerd package has been released.", "cvss3": {}, "published": "2020-12-03T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Containerd PHSA-2020-3.0-0168", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15257"], "modified": "2021-01-27T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:containerd", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2020-3_0-0168_CONTAINERD.NASL", "href": "https://www.tenable.com/plugins/nessus/143448", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-3.0-0168. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143448);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/27\");\n\n script_cve_id(\"CVE-2020-15257\");\n\n script_name(english:\"Photon OS 3.0: Containerd PHSA-2020-3.0-0168\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the containerd package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-168.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15257\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'containerd-1.3.7-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'containerd-doc-1.3.7-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'containerd-extras-1.3.7-1.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:13:45", "description": "Security fix for CVE-2020-15257\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2020-12-10T00:00:00", "type": "nessus", "title": "Fedora 33 : containerd (2020-baeb8dbaea)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15257"], "modified": "2020-12-14T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:containerd", "cpe:/o:fedoraproject:fedora:33"], "id": "FEDORA_2020-BAEB8DBAEA.NASL", "href": "https://www.tenable.com/plugins/nessus/144042", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-baeb8dbaea.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(144042);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/14\");\n\n script_cve_id(\"CVE-2020-15257\");\n script_xref(name:\"FEDORA\", value:\"2020-baeb8dbaea\");\n\n script_name(english:\"Fedora 33 : containerd (2020-baeb8dbaea)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security fix for CVE-2020-15257\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-baeb8dbaea\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected containerd package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/10\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 33\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC33\", reference:\"containerd-1.4.3-1.fc33\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"containerd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:33:20", "description": "According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-07-29T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-2129)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-24769"], "modified": "2022-07-29T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:docker-engine", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2129.NASL", "href": "https://www.tenable.com/plugins/nessus/163555", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163555);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/29\");\n\n script_cve_id(\"CVE-2022-24769\");\n\n script_name(english:\"EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-2129)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is\naffected by the following vulnerabilities :\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug\n was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with\n non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling\n programs with inheritable file capabilities to elevate those capabilities to the permitted set during\n `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise\n unprivileged users and processes can execute those programs and gain the specified file capabilities up to\n the bounding set. Due to this bug, containers which included executable programs with inheritable file\n capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable\n file capabilities up to the container's bounding set. Containers which use Linux users and groups to\n perform privilege separation inside the container are most directly impacted. This bug did not affect the\n container security sandbox as the inheritable set never contained more capabilities than were included in\n the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers\n should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes\n Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a\n workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop\n inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2129\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?48438761\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected docker-engine packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24769\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:docker-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"docker-engine-18.09.0.200-200.h48.28.15.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker-engine\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:33:33", "description": "According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-07-29T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-2154)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-24769"], "modified": "2022-07-29T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:docker-engine", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-2154.NASL", "href": "https://www.tenable.com/plugins/nessus/163537", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(163537);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/29\");\n\n script_cve_id(\"CVE-2022-24769\");\n\n script_name(english:\"EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-2154)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is\naffected by the following vulnerabilities :\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug\n was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with\n non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling\n programs with inheritable file capabilities to elevate those capabilities to the permitted set during\n `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise\n unprivileged users and processes can execute those programs and gain the specified file capabilities up to\n the bounding set. Due to this bug, containers which included executable programs with inheritable file\n capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable\n file capabilities up to the container's bounding set. Containers which use Linux users and groups to\n perform privilege separation inside the container are most directly impacted. This bug did not affect the\n container security sandbox as the inheritable set never contained more capabilities than were included in\n the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers\n should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes\n Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a\n workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop\n inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2154\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?a356c5e5\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected docker-engine packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24769\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:docker-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"docker-engine-18.09.0.200-200.h48.28.15.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker-engine\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:32:27", "description": "According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-07-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : docker-engine (EulerOS-SA-2022-1993)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-24769"], "modified": "2022-07-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:docker-engine", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1993.NASL", "href": "https://www.tenable.com/plugins/nessus/162920", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162920);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/08\");\n\n script_cve_id(\"CVE-2022-24769\");\n\n script_name(english:\"EulerOS 2.0 SP9 : docker-engine (EulerOS-SA-2022-1993)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is\naffected by the following vulnerabilities :\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug\n was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with\n non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling\n programs with inheritable file capabilities to elevate those capabilities to the permitted set during\n `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise\n unprivileged users and processes can execute those programs and gain the specified file capabilities up to\n the bounding set. Due to this bug, containers which included executable programs with inheritable file\n capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable\n file capabilities up to the container's bounding set. Containers which use Linux users and groups to\n perform privilege separation inside the container are most directly impacted. This bug did not affect the\n container security sandbox as the inheritable set never contained more capabilities than were included in\n the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers\n should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes\n Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a\n workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop\n inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1993\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6d4c1a78\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected docker-engine packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24769\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:docker-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"docker-engine-18.09.0.129-1.h59.28.13.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker-engine\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-18T14:59:10", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS / 20.10 / 21.04 host has packages installed that are affected by a vulnerability as referenced in the USN-5012-1 advisory.\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the hosts filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. (CVE-2021-32760)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-20T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : containerd vulnerabilities (USN-5012-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-32760"], "modified": "2023-10-16T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:containerd", "p-cpe:/a:canonical:ubuntu_linux:golang-github-containerd-containerd-dev"], "id": "UBUNTU_USN-5012-1.NASL", "href": "https://www.tenable.com/plugins/nessus/151830", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5012-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151830);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\"CVE-2021-32760\");\n script_xref(name:\"USN\", value:\"5012-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : containerd vulnerabilities (USN-5012-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS / 20.10 / 21.04 host has packages installed that are affected by a vulnerability\nas referenced in the USN-5012-1 advisory.\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where\n pulling and extracting a specially-crafted container image can result in Unix file permission changes for\n existing files in the hosts filesystem. Changes to file permissions can deny access to the expected owner\n of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does\n not directly allow files to be read, modified, or executed without an additional cooperating process. This\n bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from\n trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially\n affected by this bug through policies and profiles that prevent containerd from interacting with specific\n files. (CVE-2021-32760)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5012-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected containerd and / or golang-github-containerd-containerd-dev packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-32760\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:golang-github-containerd-containerd-dev\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'containerd', 'pkgver': '1.5.2-0ubuntu1~18.04.2'},\n {'osver': '18.04', 'pkgname': 'golang-github-containerd-containerd-dev', 'pkgver': '1.5.2-0ubuntu1~18.04.2'},\n {'osver': '20.04', 'pkgname': 'containerd', 'pkgver': '1.5.2-0ubuntu1~20.04.2'},\n {'osver': '20.04', 'pkgname': 'golang-github-containerd-containerd-dev', 'pkgver': '1.5.2-0ubuntu1~20.04.2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd / golang-github-containerd-containerd-dev');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:40", "description": "An update of the containerd package has been released.", "cvss3": {}, "published": "2021-07-22T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Containerd PHSA-2021-2.0-0369", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-32760"], "modified": "2021-07-30T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:containerd", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2021-2_0-0369_CONTAINERD.NASL", "href": "https://www.tenable.com/plugins/nessus/151966", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-2.0-0369. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151966);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/30\");\n\n script_cve_id(\"CVE-2021-32760\");\n\n script_name(english:\"Photon OS 2.0: Containerd PHSA-2021-2.0-0369\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the containerd package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-369.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-32760\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 2.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'containerd-1.4.4-2.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'containerd-doc-1.4.4-2.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'containerd-extras-1.4.4-2.ph2')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:40", "description": "An update of the containerd package has been released.", "cvss3": {}, "published": "2021-07-22T00:00:00", "type": "nessus", "title": "Photon OS 4.0: Containerd PHSA-2021-4.0-0064", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-32760"], "modified": "2021-07-30T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:containerd", "cpe:/o:vmware:photonos:4.0"], "id": "PHOTONOS_PHSA-2021-4_0-0064_CONTAINERD.NASL", "href": "https://www.tenable.com/plugins/nessus/151960", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-4.0-0064. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151960);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/30\");\n\n script_cve_id(\"CVE-2021-32760\");\n\n script_name(english:\"Photon OS 4.0: Containerd PHSA-2021-4.0-0064\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the containerd package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-4.0-64.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-32760\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:4.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 4\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 4.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'containerd-1.4.4-5.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'containerd-doc-1.4.4-5.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'containerd-extras-1.4.4-5.ph4')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-27T19:47:31", "description": "The version of containerd installed on the remote host is prior to 1.4.6-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2023-029 advisory.\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. (CVE-2021-32760)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-11-16T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : containerd (ALASECS-2023-029)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-32760"], "modified": "2023-11-16T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:containerd", "p-cpe:/a:amazon:linux:containerd-debuginfo", "p-cpe:/a:amazon:linux:containerd-stress", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASECS-2023-029.NASL", "href": "https://www.tenable.com/plugins/nessus/185927", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASECS-2023-029.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(185927);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/16\");\n\n script_cve_id(\"CVE-2021-32760\");\n\n script_name(english:\"Amazon Linux 2 : containerd (ALASECS-2023-029)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of containerd installed on the remote host is prior to 1.4.6-2. It is, therefore, affected by a\nvulnerability as referenced in the ALAS2ECS-2023-029 advisory.\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where\n pulling and extracting a specially-crafted container image can result in Unix file permission changes for\n existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner\n of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does\n not directly allow files to be read, modified, or executed without an additional cooperating process. This\n bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from\n trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially\n affected by this bug through policies and profiles that prevent containerd from interacting with specific\n files. (CVE-2021-32760)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASECS-2023-029.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-32760.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update containerd' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-32760\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-stress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'containerd-1.4.6-2.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-1.4.6-2.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.6-2.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.6-2.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.6-2.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.6-2.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"containerd / containerd-debuginfo / containerd-stress\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:26", "description": "The version of containerd installed on the remote host is prior to 1.4.6-2.7. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1523 advisory.\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the hosts filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. (CVE-2021-32760)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-22T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : containerd (ALAS-2021-1523)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-32760"], "modified": "2021-07-30T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:containerd", "p-cpe:/a:amazon:linux:containerd-debuginfo", "p-cpe:/a:amazon:linux:containerd-stress", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2021-1523.NASL", "href": "https://www.tenable.com/plugins/nessus/151933", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2021-1523.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151933);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/30\");\n\n script_cve_id(\"CVE-2021-32760\");\n script_xref(name:\"ALAS\", value:\"2021-1523\");\n\n script_name(english:\"Amazon Linux AMI : containerd (ALAS-2021-1523)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of containerd installed on the remote host is prior to 1.4.6-2.7. It is, therefore, affected by a\nvulnerability as referenced in the ALAS-2021-1523 advisory.\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where\n pulling and extracting a specially-crafted container image can result in Unix file permission changes for\n existing files in the hosts filesystem. Changes to file permissions can deny access to the expected owner\n of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does\n not directly allow files to be read, modified, or executed without an additional cooperating process. This\n bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from\n trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially\n affected by this bug through policies and profiles that prevent containerd from interacting with specific\n files. (CVE-2021-32760)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2021-1523.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-32760\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update containerd' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-32760\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-stress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nos_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\npkgs = [\n {'reference':'containerd-1.4.6-2.7.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.6-2.7.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.6-2.7.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"containerd / containerd-debuginfo / containerd-stress\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:31:42", "description": "The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-15790 advisory.\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. (CVE-2021-32760)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-07-07T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : containerd (ELSA-2021-15790)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-32760"], "modified": "2023-05-03T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:containerd", "p-cpe:/a:oracle:linux:docker-cli", "p-cpe:/a:oracle:linux:docker-engine"], "id": "ORACLELINUX_ELSA-2021-15790.NASL", "href": "https://www.tenable.com/plugins/nessus/162816", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-15790.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162816);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/03\");\n\n script_cve_id(\"CVE-2021-32760\");\n\n script_name(english:\"Oracle Linux 7 : containerd (ELSA-2021-15790)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2021-15790 advisory.\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where\n pulling and extracting a specially-crafted container image can result in Unix file permission changes for\n existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner\n of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does\n not directly allow files to be read, modified, or executed without an additional cooperating process. This\n bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from\n trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially\n affected by this bug through policies and profiles that prevent containerd from interacting with specific\n files. (CVE-2021-32760)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-15790.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected containerd, docker-cli and / or docker-engine packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-32760\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:docker-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:docker-engine\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'containerd-1.4.8-1.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-1.4.8-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-cli-19.03.11.ol-13.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'docker-cli-19.03.11.ol-13.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'docker-engine-19.03.11.ol-13.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'docker-engine-19.03.11.ol-13.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd / docker-cli / docker-engine');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-15T18:32:45", "description": "The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:2412-1 advisory.\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. (CVE-2021-32760)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-21T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : containerd (SUSE-SU-2021:2412-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-32760"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:containerd", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-2412-1.NASL", "href": "https://www.tenable.com/plugins/nessus/151885", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2412-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151885);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\"CVE-2021-32760\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2412-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : containerd (SUSE-SU-2021:2412-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-\nSU-2021:2412-1 advisory.\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where\n pulling and extracting a specially-crafted container image can result in Unix file permission changes for\n existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner\n of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does\n not directly allow files to be read, modified, or executed without an additional cooperating process. This\n bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from\n trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially\n affected by this bug through policies and profiles that prevent containerd from interacting with specific\n files. (CVE-2021-32760)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-32760\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-July/009163.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?f412949e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected containerd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-32760\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2/3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'containerd-1.4.4-5.36.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-15.2']},\n {'reference':'containerd-1.4.4-5.36.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:59:01", "description": "An update of the containerd package has been released.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-08T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Containerd PHSA-2021-3.0-0311", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41103"], "modified": "2021-10-19T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:containerd", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2021-3_0-0311_CONTAINERD.NASL", "href": "https://www.tenable.com/plugins/nessus/153945", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-3.0-0311. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153945);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/19\");\n\n script_cve_id(\"CVE-2021-41103\");\n\n script_name(english:\"Photon OS 3.0: Containerd PHSA-2021-3.0-0311\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the containerd package has been released.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-311.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nvar flag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'containerd-1.4.4-6.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'containerd-doc-1.4.4-6.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'containerd-extras-1.4.4-6.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:41", "description": "The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-9373 advisory.\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. (CVE-2021-32760)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-23T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : containerd (ELSA-2021-9373)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-32760"], "modified": "2023-05-03T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:containerd", "p-cpe:/a:oracle:linux:docker-cli", "p-cpe:/a:oracle:linux:docker-engine"], "id": "ORACLELINUX_ELSA-2021-9373.NASL", "href": "https://www.tenable.com/plugins/nessus/152049", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9373.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152049);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/03\");\n\n script_cve_id(\"CVE-2021-32760\");\n\n script_name(english:\"Oracle Linux 7 : containerd (ELSA-2021-9373)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2021-9373 advisory.\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where\n pulling and extracting a specially-crafted container image can result in Unix file permission changes for\n existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner\n of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does\n not directly allow files to be read, modified, or executed without an additional cooperating process. This\n bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from\n trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially\n affected by this bug through policies and profiles that prevent containerd from interacting with specific\n files. (CVE-2021-32760)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9373.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected containerd, docker-cli and / or docker-engine packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-32760\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:docker-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:docker-engine\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\nvar pkgs = [\n {'reference':'containerd-1.4.8-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-cli-19.03.11.ol-13.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'docker-engine-19.03.11.ol-13.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd / docker-cli / docker-engine');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:26:04", "description": "The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-5966 advisory.\n\n - containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows.\n In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim's API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the host network namespace, for example with docker run --net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container's privilege, regardless of what container runtime is used for running that container. (CVE-2020-15257)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-04T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : docker-cli / docker-engine (ELSA-2020-5966)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15257"], "modified": "2023-05-03T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:docker-cli", "p-cpe:/a:oracle:linux:docker-engine"], "id": "ORACLELINUX_ELSA-2020-5966.NASL", "href": "https://www.tenable.com/plugins/nessus/143486", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5966.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143486);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/03\");\n\n script_cve_id(\"CVE-2020-15257\");\n\n script_name(english:\"Oracle Linux 7 : docker-cli / docker-engine (ELSA-2020-5966)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2020-5966 advisory.\n\n - containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows.\n In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host\n network containers. Access controls for the shim's API socket verified that the connecting process had an\n effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would\n allow malicious containers running in the same network namespace as the shim, with an effective UID of 0\n but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This\n vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon\n as they are released. It should be noted that containers started with an old version of containerd-shim\n should be stopped and restarted, as running containers will continue to be vulnerable even after an\n upgrade. If you are not providing the ability for untrusted users to start containers in the same network\n namespace as the shim (typically the host network namespace, for example with docker run --net=host or\n hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this\n issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract\n sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice\n to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The\n containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of\n isolation mechanisms used for a container necessarily increases that container's privilege, regardless of\n what container runtime is used for running that container. (CVE-2020-15257)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5966.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected docker-cli and / or docker-engine packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15257\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:docker-cli\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:docker-engine\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(os_release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'docker-cli-19.03.11.ol-7.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'docker-cli-19.03.11.ol-7.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'docker-engine-19.03.11.ol-7.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'docker-engine-19.03.11.ol-7.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release) {\n if (exists_check) {\n if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'docker-cli / docker-engine');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:13:54", "description": "The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-5964 advisory.\n\n - containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows.\n In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shims API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released. It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the host network namespace, for example with docker run --net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container's privilege, regardless of what container runtime is used for running that container. (CVE-2020-15257)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-12-03T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : containerd (ELSA-2020-5964)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15257"], "modified": "2021-01-27T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:containerd"], "id": "ORACLELINUX_ELSA-2020-5964.NASL", "href": "https://www.tenable.com/plugins/nessus/143451", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5964.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(143451);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/27\");\n\n script_cve_id(\"CVE-2020-15257\");\n\n script_name(english:\"Oracle Linux 7 : containerd (ELSA-2020-5964)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the\nELSA-2020-5964 advisory.\n\n - containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows.\n In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host\n network containers. Access controls for the shims API socket verified that the connecting process had an\n effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would\n allow malicious containers running in the same network namespace as the shim, with an effective UID of 0\n but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This\n vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon\n as they are released. It should be noted that containers started with an old version of containerd-shim\n should be stopped and restarted, as running containers will continue to be vulnerable even after an\n upgrade. If you are not providing the ability for untrusted users to start containers in the same network\n namespace as the shim (typically the host network namespace, for example with docker run --net=host or\n hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this\n issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract\n sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice\n to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The\n containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of\n isolation mechanisms used for a container necessarily increases that container's privilege, regardless of\n what container runtime is used for running that container. (CVE-2020-15257)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5964.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected containerd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15257\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:containerd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\npkgs = [\n {'reference':'containerd-1.3.9-2.el7', 'cpu':'x86_64', 'release':'7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:24:59", "description": "According to the version of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerability :\n\n - containerd is an industry-standard container runtime and is available as a daemon for Linux and Windows. In containerd before versions 1.3.9 and 1.4.3, the containerd-shim API is improperly exposed to host network containers. Access controls for the shim's API socket verified that the connecting process had an effective UID of 0, but did not otherwise restrict access to the abstract Unix domain socket. This would allow malicious containers running in the same network namespace as the shim, with an effective UID of 0 but otherwise reduced privileges, to cause new processes to be run with elevated privileges. This vulnerability has been fixed in containerd 1.3.9 and 1.4.3. Users should update to these versions as soon as they are released.\n It should be noted that containers started with an old version of containerd-shim should be stopped and restarted, as running containers will continue to be vulnerable even after an upgrade. If you are not providing the ability for untrusted users to start containers in the same network namespace as the shim (typically the 'host' network namespace, for example with docker run --net=host or hostNetwork: true in a Kubernetes pod) and run with an effective UID of 0, you are not vulnerable to this issue. If you are running containers with a vulnerable configuration, you can deny access to all abstract sockets with AppArmor by adding a line similar to deny unix addr=@**, to your policy. It is best practice to run containers with a reduced set of privileges, with a non-zero UID, and with isolated namespaces. The containerd maintainers strongly advise against sharing namespaces with the host. Reducing the set of isolation mechanisms used for a container necessarily increases that container's privilege, regardless of what container runtime is used for running that container.(CVE-2020-15257)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-02-05T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : kata-containers (EulerOS-SA-2021-1245)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15257"], "modified": "2021-02-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:kata-containers", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-1245.NASL", "href": "https://www.tenable.com/plugins/nessus/146252", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146252);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/02/09\");\n\n script_cve_id(\n \"CVE-2020-15257\"\n );\n\n script_name(english:\"EulerOS 2.0 SP9 : kata-containers (EulerOS-SA-2021-1245)\");\n script_summary(english:\"Checks the rpm output for the updated package.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the version of the kata-containers package installed,\nthe EulerOS installation on the remote host is affected by the\nfollowing vulnerability :\n\n - containerd is an industry-standard container runtime\n and is available as a daemon for Linux and Windows. In\n containerd before versions 1.3.9 and 1.4.3, the\n containerd-shim API is improperly exposed to host\n network containers. Access controls for the shim's API\n socket verified that the connecting process had an\n effective UID of 0, but did not otherwise restrict\n access to the abstract Unix domain socket. This would\n allow malicious containers running in the same network\n namespace as the shim, with an effective UID of 0 but\n otherwise reduced privileges, to cause new processes to\n be run with elevated privileges. This vulnerability has\n been fixed in containerd 1.3.9 and 1.4.3. Users should\n update to these versions as soon as they are released.\n It should be noted that containers started with an old\n version of containerd-shim should be stopped and\n restarted, as running containers will continue to be\n vulnerable even after an upgrade. If you are not\n providing the ability for untrusted users to start\n containers in the same network namespace as the shim\n (typically the 'host' network namespace, for example\n with docker run --net=host or hostNetwork: true in a\n Kubernetes pod) and run with an effective UID of 0, you\n are not vulnerable to this issue. If you are running\n containers with a vulnerable configuration, you can\n deny access to all abstract sockets with AppArmor by\n adding a line similar to deny unix addr=@**, to your\n policy. It is best practice to run containers with a\n reduced set of privileges, with a non-zero UID, and\n with isolated namespaces. The containerd maintainers\n strongly advise against sharing namespaces with the\n host. Reducing the set of isolation mechanisms used for\n a container necessarily increases that container's\n privilege, regardless of what container runtime is used\n for running that container.(CVE-2020-15257)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-1245\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?15b50a4d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected kata-containers package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:kata-containers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nflag = 0;\n\npkgs = [\"kata-containers-v1.11.1-6.h13.eulerosv2r9\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"kata-containers\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:58:59", "description": "The version of containerd installed on the remote host is prior to 1.4.6-3.9. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1540 advisory.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : containerd (ALAS-2021-1540)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41103"], "modified": "2021-10-19T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:containerd", "p-cpe:/a:amazon:linux:containerd-debuginfo", "p-cpe:/a:amazon:linux:containerd-stress", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2021-1540.NASL", "href": "https://www.tenable.com/plugins/nessus/153864", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2021-1540.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153864);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/19\");\n\n script_cve_id(\"CVE-2021-41103\");\n script_xref(name:\"ALAS\", value:\"2021-1540\");\n\n script_name(english:\"Amazon Linux AMI : containerd (ALAS-2021-1540)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of containerd installed on the remote host is prior to 1.4.6-3.9. It is, therefore, affected by a\nvulnerability as referenced in the ALAS-2021-1540 advisory.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2021-1540.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-41103\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update containerd' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-stress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'containerd-1.4.6-3.9.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.6-3.9.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.6-3.9.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"containerd / containerd-debuginfo / containerd-stress\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-27T19:45:26", "description": "The version of containerd installed on the remote host is prior to 1.4.6-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2023-027 advisory.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-11-16T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : containerd (ALASECS-2023-027)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41103"], "modified": "2023-11-16T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:containerd", "p-cpe:/a:amazon:linux:containerd-debuginfo", "p-cpe:/a:amazon:linux:containerd-stress", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASECS-2023-027.NASL", "href": "https://www.tenable.com/plugins/nessus/185922", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASECS-2023-027.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(185922);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/16\");\n\n script_cve_id(\"CVE-2021-41103\");\n\n script_name(english:\"Amazon Linux 2 : containerd (ALASECS-2023-027)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of containerd installed on the remote host is prior to 1.4.6-3. It is, therefore, affected by a\nvulnerability as referenced in the ALAS2ECS-2023-027 advisory.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASECS-2023-027.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-41103.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update containerd' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-stress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'containerd-1.4.6-3.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-1.4.6-3.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.6-3.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.6-3.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.6-3.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.6-3.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"containerd / containerd-debuginfo / containerd-stress\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:27", "description": "An update of the containerd package has been released.", "cvss3": {}, "published": "2021-07-22T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Containerd PHSA-2021-3.0-0269", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-32760"], "modified": "2021-07-30T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:containerd", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2021-3_0-0269_CONTAINERD.NASL", "href": "https://www.tenable.com/plugins/nessus/151956", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-3.0-0269. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151956);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/30\");\n\n script_cve_id(\"CVE-2021-32760\");\n\n script_name(english:\"Photon OS 3.0: Containerd PHSA-2021-3.0-0269\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the containerd package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-269.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-32760\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'containerd-1.4.4-3.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'containerd-doc-1.4.4-3.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'containerd-extras-1.4.4-3.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:31:27", "description": "An update of the docker package has been released.", "cvss3": {}, "published": "2021-07-22T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Docker PHSA-2021-1.0-0414", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-32760"], "modified": "2021-07-30T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:docker", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2021-1_0-0414_DOCKER.NASL", "href": "https://www.tenable.com/plugins/nessus/151952", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-1.0-0414. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151952);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/30\");\n\n script_cve_id(\"CVE-2021-32760\");\n\n script_name(english:\"Photon OS 1.0: Docker PHSA-2021-1.0-0414\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the docker package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-414.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-32760\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/22\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 1.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'docker-18.09.9-5.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'docker-doc-18.09.9-5.ph1')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'docker');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-15T18:32:45", "description": "The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2021:2413-1 advisory.\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. (CVE-2021-32760)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-21T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : containerd (SUSE-SU-2021:2413-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-32760"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:containerd", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-2413-1.NASL", "href": "https://www.tenable.com/plugins/nessus/151874", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:2413-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151874);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\"CVE-2021-32760\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:2413-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : containerd (SUSE-SU-2021:2413-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-\nSU-2021:2413-1 advisory.\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where\n pulling and extracting a specially-crafted container image can result in Unix file permission changes for\n existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner\n of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does\n not directly allow files to be read, modified, or executed without an additional cooperating process. This\n bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from\n trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially\n affected by this bug through policies and profiles that prevent containerd from interacting with specific\n files. (CVE-2021-32760)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-32760\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-July/009168.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?472f8f1b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected containerd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-32760\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP0/3/4/5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'containerd-1.4.4-16.42.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'containerd-1.4.4-16.42.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'containerd-1.4.4-16.42.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'containerd-1.4.4-16.42.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:11:59", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:2412-1 advisory.\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the hosts filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. (CVE-2021-32760)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-21T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : containerd (openSUSE-SU-2021:2412-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-32760"], "modified": "2022-01-20T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:containerd", "p-cpe:/a:novell:opensuse:containerd-ctr", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-2412.NASL", "href": "https://www.tenable.com/plugins/nessus/151860", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:2412-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(151860);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/20\");\n\n script_cve_id(\"CVE-2021-32760\");\n\n script_name(english:\"openSUSE 15 Security Update : containerd (openSUSE-SU-2021:2412-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the\nopenSUSE-SU-2021:2412-1 advisory.\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where\n pulling and extracting a specially-crafted container image can result in Unix file permission changes for\n existing files in the hosts filesystem. Changes to file permissions can deny access to the expected owner\n of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does\n not directly allow files to be read, modified, or executed without an additional cooperating process. This\n bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from\n trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially\n affected by this bug through policies and profiles that prevent containerd from interacting with specific\n files. (CVE-2021-32760)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188282\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KOVJMTDKAFMTONFNVO7Z327OFE52V7FK/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4b1f99eb\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-32760\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected containerd and / or containerd-ctr packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-32760\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:containerd-ctr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nos_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\npkgs = [\n {'reference':'containerd-1.4.4-5.36.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-ctr-1.4.4-5.36.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd / containerd-ctr');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:11:54", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:1081-1 advisory.\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the hosts filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. (CVE-2021-32760)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-07-24T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : containerd (openSUSE-SU-2021:1081-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-32760"], "modified": "2022-01-20T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:containerd", "p-cpe:/a:novell:opensuse:containerd-ctr", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1081.NASL", "href": "https://www.tenable.com/plugins/nessus/152058", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1081-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(152058);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/01/20\");\n\n script_cve_id(\"CVE-2021-32760\");\n\n script_name(english:\"openSUSE 15 Security Update : containerd (openSUSE-SU-2021:1081-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the\nopenSUSE-SU-2021:1081-1 advisory.\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where\n pulling and extracting a specially-crafted container image can result in Unix file permission changes for\n existing files in the hosts filesystem. Changes to file permissions can deny access to the expected owner\n of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does\n not directly allow files to be read, modified, or executed without an additional cooperating process. This\n bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from\n trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially\n affected by this bug through policies and profiles that prevent containerd from interacting with specific\n files. (CVE-2021-32760)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188282\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/JOFB4OTX7BGTKOBQF2ZTPBP4VJT54IQS/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?67a4141b\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-32760\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected containerd and / or containerd-ctr packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-32760\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/07/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/07/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/07/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:containerd-ctr\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nos_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\npkgs = [\n {'reference':'containerd-1.4.4-lp152.2.9.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-ctr-1.4.4-lp152.2.9.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n cpu = NULL;\n rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd / containerd-ctr');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:38:38", "description": "The version of docker installed on the remote host is prior to 20.10.17-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-237 advisory.\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-12-09T00:00:00", "type": "nessus", "title": "Amazon Linux 2022 : docker (ALAS2022-2022-237)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-24769"], "modified": "2022-12-09T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:docker", "p-cpe:/a:amazon:linux:docker-debuginfo", "p-cpe:/a:amazon:linux:docker-debugsource", "cpe:/o:amazon:linux:2022"], "id": "AL2022_ALAS2022-2022-237.NASL", "href": "https://www.tenable.com/plugins/nessus/168562", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2022 Security Advisory ALAS2022-2022-237.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(168562);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/12/09\");\n\n script_cve_id(\"CVE-2022-24769\");\n\n script_name(english:\"Amazon Linux 2022 : docker (ALAS2022-2022-237)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2022 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of docker installed on the remote host is prior to 20.10.17-1. It is, therefore, affected by a vulnerability\nas referenced in the ALAS2022-2022-237 advisory.\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug\n was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with\n non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling\n programs with inheritable file capabilities to elevate those capabilities to the permitted set during\n `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise\n unprivileged users and processes can execute those programs and gain the specified file capabilities up to\n the bounding set. Due to this bug, containers which included executable programs with inheritable file\n capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable\n file capabilities up to the container's bounding set. Containers which use Linux users and groups to\n perform privilege separation inside the container are most directly impacted. This bug did not affect the\n container security sandbox as the inheritable set never contained more capabilities than were included in\n the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers\n should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes\n Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a\n workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop\n inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2022/ALAS-2022-237.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24769.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update docker' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24769\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/12/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:docker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:docker-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2022\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"-2022\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2022\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'docker-20.10.17-1.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-20.10.17-1.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-debuginfo-20.10.17-1.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-debuginfo-20.10.17-1.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-debugsource-20.10.17-1.amzn2022.0.3', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-debugsource-20.10.17-1.amzn2022.0.3', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker / docker-debuginfo / docker-debugsource\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:44:09", "description": "The version of containerd installed on the remote host is prior to 1.4.13-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1775 advisory.\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-04-27T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : containerd (ALAS-2022-1775)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-24769"], "modified": "2022-04-27T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:containerd", "p-cpe:/a:amazon:linux:containerd-debuginfo", "p-cpe:/a:amazon:linux:containerd-stress", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2022-1775.NASL", "href": "https://www.tenable.com/plugins/nessus/160267", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2022-1775.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160267);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/04/27\");\n\n script_cve_id(\"CVE-2022-24769\");\n script_xref(name:\"ALAS\", value:\"2022-1775\");\n\n script_name(english:\"Amazon Linux 2 : containerd (ALAS-2022-1775)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of containerd installed on the remote host is prior to 1.4.13-2. It is, therefore, affected by a\nvulnerability as referenced in the ALAS2-2022-1775 advisory.\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug\n was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with\n non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling\n programs with inheritable file capabilities to elevate those capabilities to the permitted set during\n `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise\n unprivileged users and processes can execute those programs and gain the specified file capabilities up to\n the bounding set. Due to this bug, containers which included executable programs with inheritable file\n capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable\n file capabilities up to the container's bounding set. Containers which use Linux users and groups to\n perform privilege separation inside the container are most directly impacted. This bug did not affect the\n container security sandbox as the inheritable set never contained more capabilities than were included in\n the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers\n should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes\n Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a\n workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop\n inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2022-1775.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24769.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update containerd' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24769\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/27\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-stress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'containerd-1.4.13-2.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-1.4.13-2.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.13-2.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.13-2.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.13-2.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.13-2.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"containerd / containerd-debuginfo / containerd-stress\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:32:27", "description": "According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-07-08T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : docker-engine (EulerOS-SA-2022-1963)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-24769"], "modified": "2022-07-08T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:docker-engine", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1963.NASL", "href": "https://www.tenable.com/plugins/nessus/162917", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162917);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/07/08\");\n\n script_cve_id(\"CVE-2022-24769\");\n\n script_name(english:\"EulerOS 2.0 SP9 : docker-engine (EulerOS-SA-2022-1963)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the docker-engine package installed, the EulerOS installation on the remote host is\naffected by the following vulnerabilities :\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug\n was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with\n non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling\n programs with inheritable file capabilities to elevate those capabilities to the permitted set during\n `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise\n unprivileged users and processes can execute those programs and gain the specified file capabilities up to\n the bounding set. Due to this bug, containers which included executable programs with inheritable file\n capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable\n file capabilities up to the container's bounding set. Containers which use Linux users and groups to\n perform privilege separation inside the container are most directly impacted. This bug did not affect the\n container security sandbox as the inheritable set never contained more capabilities than were included in\n the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers\n should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes\n Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a\n workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop\n inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1963\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?ffaa6167\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected docker-engine packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24769\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/07/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/07/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:docker-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"docker-engine-18.09.0.129-1.h59.28.13.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker-engine\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-21T15:37:34", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4589-2 advisory.\n\n - In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a foreign layer), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources.\n Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected. (CVE-2020-15157)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-10-19T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Docker vulnerability (USN-4589-2)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15157"], "modified": "2023-10-20T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:lts", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:docker.io"], "id": "UBUNTU_USN-4589-2.NASL", "href": "https://www.tenable.com/plugins/nessus/141538", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4589-2. The text\n# itself is copyright (C) Canonical, Inc. See\n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141538);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/20\");\n\n script_cve_id(\"CVE-2020-15157\");\n script_xref(name:\"USN\", value:\"4589-2\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : Docker vulnerability (USN-4589-2)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as\nreferenced in the USN-4589-2 advisory.\n\n - In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking\n vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format\n includes a URL for the location of a specific image layer (otherwise known as a foreign layer), the\n default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or\n later, the default containerd resolver will provide its authentication credentials if the server where the\n URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker\n publishes a public image with a manifest that directs one of the layers to be fetched from a web server\n they control and they trick a user or system into pulling the image, they can obtain the credentials used\n for pulling that image. In some cases, this may be the user's username and password for the registry. In\n other cases, this may be the credentials attached to the cloud virtual instance which can grant access to\n other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin\n (which can be used by Kubernetes), the ctr development tool, and other client programs that have\n explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and\n later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using\n cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources.\n Other container runtimes built on top of containerd but not using the default resolver (such as Docker)\n are not affected. (CVE-2020-15157)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-4589-2\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected docker.io package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15157\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:docker.io\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2020-2023 Canonical, Inc. / NASL script (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release || '18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'docker.io', 'pkgver': '18.09.7-0ubuntu1~16.04.6'},\n {'osver': '18.04', 'pkgname': 'docker.io', 'pkgver': '19.03.6-0ubuntu1~18.04.2'},\n {'osver': '20.04', 'pkgname': 'docker.io', 'pkgver': '19.03.8-0ubuntu1.20.04.1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'docker.io');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T14:11:21", "description": "An update of the containerd package has been released.", "cvss3": {}, "published": "2020-10-24T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Containerd PHSA-2020-3.0-0155", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15157"], "modified": "2021-03-18T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:containerd", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2020-3_0-0155_CONTAINERD.NASL", "href": "https://www.tenable.com/plugins/nessus/141867", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-3.0-0155. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141867);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/18\");\n\n script_cve_id(\"CVE-2020-15157\");\n\n script_name(english:\"Photon OS 3.0: Containerd PHSA-2020-3.0-0155\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the containerd package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-155.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15157\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'containerd-1.2.14-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'containerd-doc-1.2.14-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'containerd-extras-1.2.14-1.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:25:28", "description": "The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2020-5906 advisory.\n\n - In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format includes a URL for the location of a specific image layer (otherwise known as a foreign layer), the default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or later, the default containerd resolver will provide its authentication credentials if the server where the URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker publishes a public image with a manifest that directs one of the layers to be fetched from a web server they control and they trick a user or system into pulling the image, they can obtain the credentials used for pulling that image. In some cases, this may be the user's username and password for the registry. In other cases, this may be the credentials attached to the cloud virtual instance which can grant access to other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin (which can be used by Kubernetes), the ctr development tool, and other client programs that have explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources.\n Other container runtimes built on top of containerd but not using the default resolver (such as Docker) are not affected. (CVE-2020-15157)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2020-11-03T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : containerd (ELSA-2020-5906)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15157"], "modified": "2021-03-18T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:containerd"], "id": "ORACLELINUX_ELSA-2020-5906.NASL", "href": "https://www.tenable.com/plugins/nessus/142222", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-5906.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142222);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/18\");\n\n script_cve_id(\"CVE-2020-15157\");\n\n script_name(english:\"Oracle Linux 7 : containerd (ELSA-2020-5906)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has a package installed that is affected by a vulnerability as referenced in the\nELSA-2020-5906 advisory.\n\n - In containerd (an industry-standard container runtime) before version 1.2.14 there is a credential leaking\n vulnerability. If a container image manifest in the OCI Image format or Docker Image V2 Schema 2 format\n includes a URL for the location of a specific image layer (otherwise known as a foreign layer), the\n default containerd resolver will follow that URL to attempt to download it. In v1.2.x but not 1.3.0 or\n later, the default containerd resolver will provide its authentication credentials if the server where the\n URL is located presents an HTTP 401 status code along with registry-specific HTTP headers. If an attacker\n publishes a public image with a manifest that directs one of the layers to be fetched from a web server\n they control and they trick a user or system into pulling the image, they can obtain the credentials used\n for pulling that image. In some cases, this may be the user's username and password for the registry. In\n other cases, this may be the credentials attached to the cloud virtual instance which can grant access to\n other cloud resources in the account. The default containerd resolver is used by the cri-containerd plugin\n (which can be used by Kubernetes), the ctr development tool, and other client programs that have\n explicitly linked against it. This vulnerability has been fixed in containerd 1.2.14. containerd 1.3 and\n later are not affected. If you are using containerd 1.3 or later, you are not affected. If you are using\n cri-containerd in the 1.2 series or prior, you should ensure you only pull images from trusted sources.\n Other container runtimes built on top of containerd but not using the default resolver (such as Docker)\n are not affected. (CVE-2020-15157)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-5906.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected containerd package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:H/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15157\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:containerd\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\npkgs = [\n {'reference':'containerd-1.2.14-1.0.1.el7', 'cpu':'x86_64', 'release':'7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd');\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:44:59", "description": "The version of containerd installed on the remote host is prior to 1.4.6-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2022-016 advisory.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-02T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : containerd (ALASDOCKER-2022-016)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41103"], "modified": "2022-05-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:containerd", "p-cpe:/a:amazon:linux:containerd-debuginfo", "p-cpe:/a:amazon:linux:containerd-stress", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASDOCKER-2022-016.NASL", "href": "https://www.tenable.com/plugins/nessus/160406", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASDOCKER-2022-016.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160406);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/02\");\n\n script_cve_id(\"CVE-2021-41103\");\n\n script_name(english:\"Amazon Linux 2 : containerd (ALASDOCKER-2022-016)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of containerd installed on the remote host is prior to 1.4.6-3. It is, therefore, affected by a\nvulnerability as referenced in the ALAS2DOCKER-2022-016 advisory.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASDOCKER-2022-016.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-41103.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update containerd' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-stress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'containerd-1.4.6-3.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-1.4.6-3.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.6-3.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.6-3.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.6-3.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.6-3.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"containerd / containerd-debuginfo / containerd-stress\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-19T15:12:45", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.04 host has packages installed that are affected by a vulnerability as referenced in the USN-5100-1 advisory.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-04T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : containerd vulnerability (USN-5100-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41103"], "modified": "2023-10-16T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:containerd", "p-cpe:/a:canonical:ubuntu_linux:golang-github-containerd-containerd-dev"], "id": "UBUNTU_USN-5100-1.NASL", "href": "https://www.tenable.com/plugins/nessus/153854", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5100-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153854);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\"CVE-2021-41103\");\n script_xref(name:\"USN\", value:\"5100-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : containerd vulnerability (USN-5100-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.04 host has packages installed that are affected by a vulnerability as\nreferenced in the USN-5100-1 advisory.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5100-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected containerd and / or golang-github-containerd-containerd-dev packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:golang-github-containerd-containerd-dev\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'containerd', 'pkgver': '1.5.2-0ubuntu1~18.04.3'},\n {'osver': '18.04', 'pkgname': 'golang-github-containerd-containerd-dev', 'pkgver': '1.5.2-0ubuntu1~18.04.3'},\n {'osver': '20.04', 'pkgname': 'containerd', 'pkgver': '1.5.2-0ubuntu1~20.04.3'},\n {'osver': '20.04', 'pkgname': 'golang-github-containerd-containerd-dev', 'pkgver': '1.5.2-0ubuntu1~20.04.3'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd / golang-github-containerd-containerd-dev');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:42:45", "description": "This plugin has been deprecated following detection of an issue with overlapping filenames. Deprecated by al2_ALASDOCKER-2022-016.nasl (plugin ID 160406)", "cvss3": {}, "published": "2022-03-09T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : containerd (ALAS-2022-016) (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41103"], "modified": "2022-05-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:containerd", "p-cpe:/a:amazon:linux:containerd-debuginfo", "p-cpe:/a:amazon:linux:containerd-stress", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2022-016.NASL", "href": "https://www.tenable.com/plugins/nessus/158725", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2022-016.\n#\n# @DEPRECATED@\n#\n# Disabled on 2022/05/02. Deprecated by al2_ALASDOCKER-2022-016.nasl (plugin ID 160406)\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158725);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/02\");\n\n script_cve_id(\"CVE-2021-41103\");\n script_xref(name:\"ALAS\", value:\"2022-016\");\n\n script_name(english:\"Amazon Linux 2 : containerd (ALAS-2022-016) (deprecated)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"This plugin has been deprecated following detection of an issue with overlapping filenames. \nDeprecated by al2_ALASDOCKER-2022-016.nasl (plugin ID 160406)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASDOCKER-2022-016.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-41103.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"N/A\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-stress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\nexit(0, 'This plugin has been deprecated. Use al2_ALASDOCKER-2022-016.nasl (plugin ID 160406) instead.');\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:35:01", "description": "The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5002 advisory.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-06T00:00:00", "type": "nessus", "title": "Debian DSA-5002-1 : containerd - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41103"], "modified": "2021-11-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:containerd", "p-cpe:/a:debian:debian_linux:golang-github-containerd-containerd-dev", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5002.NASL", "href": "https://www.tenable.com/plugins/nessus/154949", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5002. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154949);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/06\");\n\n script_cve_id(\"CVE-2021-41103\");\n\n script_name(english:\"Debian DSA-5002-1 : containerd - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5002\nadvisory.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/containerd\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2021/dsa-5002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-41103\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/containerd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the containerd packages.\n\nFor the stable distribution (bullseye), this problem has been fixed in version 1.4.5~ds1-2+deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:golang-github-containerd-containerd-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'containerd', 'reference': '1.4.5~ds1-2+deb11u1'},\n {'release': '11.0', 'prefix': 'golang-github-containerd-containerd-dev', 'reference': '1.4.5~ds1-2+deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd / golang-github-containerd-containerd-dev');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:41:14", "description": "According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-02-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-1251)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41103"], "modified": "2022-02-25T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:docker-engine", "p-cpe:/a:huawei:euleros:docker-engine-selinux", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1251.NASL", "href": "https://www.tenable.com/plugins/nessus/158404", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158404);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/25\");\n\n script_cve_id(\"CVE-2021-41103\");\n\n script_name(english:\"EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-1251)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is\naffected by the following vulnerabilities :\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1251\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5ab81ed0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected docker-engine packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:docker-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:docker-engine-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"docker-engine-18.09.0.200-200.h34.23.12.eulerosv2r10\",\n \"docker-engine-selinux-18.09.0.200-200.h34.23.12.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker-engine\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:34:14", "description": "It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-054 advisory.\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-09-06T00:00:00", "type": "nessus", "title": "Amazon Linux 2022 : (ALAS2022-2022-054)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-24769"], "modified": "2022-09-06T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:containerd", "p-cpe:/a:amazon:linux:containerd-debuginfo", "p-cpe:/a:amazon:linux:containerd-debugsource", "p-cpe:/a:amazon:linux:containerd-stress", "p-cpe:/a:amazon:linux:containerd-stress-debuginfo", "p-cpe:/a:amazon:linux:docker", "p-cpe:/a:amazon:linux:docker-debuginfo", "p-cpe:/a:amazon:linux:docker-debugsource", "cpe:/o:amazon:linux:2022"], "id": "AL2022_ALAS2022-2022-054.NASL", "href": "https://www.tenable.com/plugins/nessus/164726", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2022 Security Advisory ALAS2022-2022-054.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(164726);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/09/06\");\n\n script_cve_id(\"CVE-2022-24769\");\n\n script_name(english:\"Amazon Linux 2022 : (ALAS2022-2022-054)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2022 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-054 advisory.\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug\n was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with\n non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling\n programs with inheritable file capabilities to elevate those capabilities to the permitted set during\n `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise\n unprivileged users and processes can execute those programs and gain the specified file capabilities up to\n the bounding set. Due to this bug, containers which included executable programs with inheritable file\n capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable\n file capabilities up to the container's bounding set. Containers which use Linux users and groups to\n perform privilege separation inside the container are most directly impacted. This bug did not affect the\n container security sandbox as the inheritable set never contained more capabilities than were included in\n the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers\n should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes\n Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a\n workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop\n inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2022/ALAS-2022-054.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24769.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'dnf update --releasever=2022.0.20220504 containerd' to update your system.\n Run 'dnf update --releasever=2022.0.20220504 docker' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24769\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/09/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-stress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-stress-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:docker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:docker-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2022\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"-2022\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2022\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'containerd-1.4.13-2.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-1.4.13-2.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-1.4.13-2.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.13-2.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.13-2.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.13-2.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debugsource-1.4.13-2.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debugsource-1.4.13-2.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debugsource-1.4.13-2.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.13-2.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.13-2.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.13-2.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-debuginfo-1.4.13-2.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-debuginfo-1.4.13-2.amzn2022', 'cpu':'i686', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-debuginfo-1.4.13-2.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-20.10.13-2.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-20.10.13-2.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-debuginfo-20.10.13-2.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-debuginfo-20.10.13-2.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-debugsource-20.10.13-2.amzn2022', 'cpu':'aarch64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-debugsource-20.10.13-2.amzn2022', 'cpu':'x86_64', 'release':'AL-2022', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"containerd / containerd-debuginfo / containerd-debugsource / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:59:01", "description": "An update of the containerd package has been released.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-11T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Containerd PHSA-2021-2.0-0402", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41103"], "modified": "2021-10-19T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:containerd", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2021-2_0-0402_CONTAINERD.NASL", "href": "https://www.tenable.com/plugins/nessus/153980", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-2.0-0402. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153980);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/19\");\n\n script_cve_id(\"CVE-2021-41103\");\n\n script_name(english:\"Photon OS 2.0: Containerd PHSA-2021-2.0-0402\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the containerd package has been released.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-402.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 2.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nvar flag = 0;\n\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'containerd-1.4.4-3.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'containerd-doc-1.4.4-3.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'containerd-extras-1.4.4-3.ph2')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:59:01", "description": "An update of the containerd package has been released.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-10T00:00:00", "type": "nessus", "title": "Photon OS 4.0: Containerd PHSA-2021-4.0-0113", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41103"], "modified": "2021-10-19T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:containerd", "cpe:/o:vmware:photonos:4.0"], "id": "PHOTONOS_PHSA-2021-4_0-0113_CONTAINERD.NASL", "href": "https://www.tenable.com/plugins/nessus/153974", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-4.0-0113. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153974);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/19\");\n\n script_cve_id(\"CVE-2021-41103\");\n\n script_name(english:\"Photon OS 4.0: Containerd PHSA-2021-4.0-0113\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the containerd package has been released.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-4.0-113.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:4.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 4\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 4.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nvar flag = 0;\n\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'containerd-1.4.4-6.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'containerd-doc-1.4.4-6.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'containerd-extras-1.4.4-6.ph4')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:46:30", "description": "The version of moby-containerd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-41103 advisory.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-20T00:00:00", "type": "nessus", "title": "CBL Mariner 2.0 Security Update: moby-containerd (CVE-2021-41103)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41103"], "modified": "2023-03-28T00:00:00", "cpe": ["p-cpe:/a:microsoft:cbl-mariner:moby-containerd", "x-cpe:/o:microsoft:cbl-mariner"], "id": "MARINER_MOBY-CONTAINERD_CVE-2021-41103.NASL", "href": "https://www.tenable.com/plugins/nessus/172774", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172774);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/28\");\n\n script_cve_id(\"CVE-2021-41103\");\n\n script_name(english:\"CBL Mariner 2.0 Security Update: moby-containerd (CVE-2021-41103)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CBL Mariner host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of moby-containerd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is,\ntherefore, affected by a vulnerability as referenced in the CVE-2021-41103 advisory.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://nvd.nist.gov/vuln/detail/CVE-2021-41103\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:moby-containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:microsoft:cbl-mariner\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MarinerOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CBLMariner/release\", \"Host/CBLMariner/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CBLMariner/release');\nif (isnull(release) || 'CBL-Mariner' >!< release) audit(AUDIT_OS_NOT, 'CBL-Mariner');\nvar os_ver = pregmatch(pattern: \"CBL-Mariner ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CBL-Mariner');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CBL-Mariner 2.0', 'CBL-Mariner ' + os_ver);\n\nif (!get_kb_item('Host/CBLMariner/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu)\n audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CBL-Mariner', cpu);\n\nvar pkgs = [\n {'reference':'moby-containerd-1.4.4+azure-4.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'moby-containerd-1.4.4+azure-4.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CBLMariner-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'moby-containerd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:41:13", "description": "According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-02-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-1239)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41103"], "modified": "2022-02-25T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:docker-engine", "p-cpe:/a:huawei:euleros:docker-engine-selinux", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1239.NASL", "href": "https://www.tenable.com/plugins/nessus/158427", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158427);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/25\");\n\n script_cve_id(\"CVE-2021-41103\");\n\n script_name(english:\"EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-1239)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is\naffected by the following vulnerabilities :\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1239\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?471a1581\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected docker-engine packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:docker-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:docker-engine-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"docker-engine-18.09.0.200-200.h34.23.12.eulerosv2r10\",\n \"docker-engine-selinux-18.09.0.200-200.h34.23.12.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker-engine\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-15T16:13:06", "description": "The version of containerd installed on the remote host is prior to 1.4.6-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2022-016 advisory.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-11T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : containerd (ALASNITRO-ENCLAVES-2022-016)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41103"], "modified": "2023-08-14T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:containerd", "p-cpe:/a:amazon:linux:containerd-debuginfo", "p-cpe:/a:amazon:linux:containerd-stress", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASNITRO-ENCLAVES-2022-016.NASL", "href": "https://www.tenable.com/plugins/nessus/160975", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASNITRO-ENCLAVES-2022-016.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160975);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/14\");\n\n script_cve_id(\"CVE-2021-41103\");\n\n script_name(english:\"Amazon Linux 2 : containerd (ALASNITRO-ENCLAVES-2022-016)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of containerd installed on the remote host is prior to 1.4.6-3. It is, therefore, affected by a\nvulnerability as referenced in the ALAS2NITRO-ENCLAVES-2022-016 advisory.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2022-016.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-41103.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update containerd' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-stress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'containerd-1.4.6-3.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-1.4.6-3.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.6-3.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.6-3.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.6-3.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.6-3.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"containerd / containerd-debuginfo / containerd-stress\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:46:12", "description": "The version of containerd installed on the remote host is prior to 1.4.13-2. The version of docker installed on the remote host is prior to 20.10.13-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2022-018 advisory.\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-02T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : docker, containerd (ALASDOCKER-2022-018)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-24769"], "modified": "2022-05-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:containerd", "p-cpe:/a:amazon:linux:containerd-debuginfo", "p-cpe:/a:amazon:linux:containerd-stress", "p-cpe:/a:amazon:linux:docker", "p-cpe:/a:amazon:linux:docker-debuginfo", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASDOCKER-2022-018.NASL", "href": "https://www.tenable.com/plugins/nessus/160412", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASDOCKER-2022-018.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160412);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/02\");\n\n script_cve_id(\"CVE-2022-24769\");\n\n script_name(english:\"Amazon Linux 2 : docker, containerd (ALASDOCKER-2022-018)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of containerd installed on the remote host is prior to 1.4.13-2. The version of docker installed on the\nremote host is prior to 20.10.13-2. It is, therefore, affected by a vulnerability as referenced in the\nALAS2DOCKER-2022-018 advisory.\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug\n was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with\n non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling\n programs with inheritable file capabilities to elevate those capabilities to the permitted set during\n `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise\n unprivileged users and processes can execute those programs and gain the specified file capabilities up to\n the bounding set. Due to this bug, containers which included executable programs with inheritable file\n capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable\n file capabilities up to the container's bounding set. Containers which use Linux users and groups to\n perform privilege separation inside the container are most directly impacted. This bug did not affect the\n container security sandbox as the inheritable set never contained more capabilities than were included in\n the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers\n should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes\n Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a\n workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop\n inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASDOCKER-2022-018.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24769.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update docker' to update your system.\n Run 'yum update containerd' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24769\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-stress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:docker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'containerd-1.4.13-2.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-1.4.13-2.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.13-2.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.13-2.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.13-2.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.13-2.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-20.10.13-2.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-20.10.13-2.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-debuginfo-20.10.13-2.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-debuginfo-20.10.13-2.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"containerd / containerd-debuginfo / containerd-stress / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:45:13", "description": "The version of moby-runc installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-24769 advisory.\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-28T00:00:00", "type": "nessus", "title": "CBL Mariner 2.0 Security Update: moby-runc (CVE-2022-24769)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-24769"], "modified": "2023-03-28T00:00:00", "cpe": ["p-cpe:/a:microsoft:cbl-mariner:moby-runc", "p-cpe:/a:microsoft:cbl-mariner:moby-runc-debuginfo", "x-cpe:/o:microsoft:cbl-mariner"], "id": "MARINER_MOBY-RUNC_CVE-2022-24769.NASL", "href": "https://www.tenable.com/plugins/nessus/173574", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(173574);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/28\");\n\n script_cve_id(\"CVE-2022-24769\");\n\n script_name(english:\"CBL Mariner 2.0 Security Update: moby-runc (CVE-2022-24769)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CBL Mariner host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of moby-runc installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore,\naffected by a vulnerability as referenced in the CVE-2022-24769 advisory.\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug\n was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with\n non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling\n programs with inheritable file capabilities to elevate those capabilities to the permitted set during\n `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise\n unprivileged users and processes can execute those programs and gain the specified file capabilities up to\n the bounding set. Due to this bug, containers which included executable programs with inheritable file\n capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable\n file capabilities up to the container's bounding set. Containers which use Linux users and groups to\n perform privilege separation inside the container are most directly impacted. This bug did not affect the\n container security sandbox as the inheritable set never contained more capabilities than were included in\n the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers\n should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes\n Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a\n workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop\n inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://nvd.nist.gov/vuln/detail/CVE-2022-24769\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24769\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:moby-runc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:moby-runc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:microsoft:cbl-mariner\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MarinerOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CBLMariner/release\", \"Host/CBLMariner/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CBLMariner/release');\nif (isnull(release) || 'CBL-Mariner' >!< release) audit(AUDIT_OS_NOT, 'CBL-Mariner');\nvar os_ver = pregmatch(pattern: \"CBL-Mariner ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CBL-Mariner');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CBL-Mariner 2.0', 'CBL-Mariner ' + os_ver);\n\nif (!get_kb_item('Host/CBLMariner/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu)\n audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CBL-Mariner', cpu);\n\nvar pkgs = [\n {'reference':'moby-runc-1.1.2-2.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'moby-runc-1.1.2-2.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'moby-runc-debuginfo-1.1.2-2.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'moby-runc-debuginfo-1.1.2-2.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CBLMariner-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'moby-runc / moby-runc-debuginfo');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-27T19:45:27", "description": "The version of containerd installed on the remote host is prior to 1.4.13-2. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2023-023 advisory.\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-11-16T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : containerd (ALASECS-2023-023)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-24769"], "modified": "2023-11-16T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:containerd", "p-cpe:/a:amazon:linux:containerd-debuginfo", "p-cpe:/a:amazon:linux:containerd-stress", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASECS-2023-023.NASL", "href": "https://www.tenable.com/plugins/nessus/185921", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASECS-2023-023.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(185921);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/16\");\n\n script_cve_id(\"CVE-2022-24769\");\n\n script_name(english:\"Amazon Linux 2 : containerd (ALASECS-2023-023)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of containerd installed on the remote host is prior to 1.4.13-2. It is, therefore, affected by a\nvulnerability as referenced in the ALAS2ECS-2023-023 advisory.\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug\n was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with\n non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling\n programs with inheritable file capabilities to elevate those capabilities to the permitted set during\n `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise\n unprivileged users and processes can execute those programs and gain the specified file capabilities up to\n the bounding set. Due to this bug, containers which included executable programs with inheritable file\n capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable\n file capabilities up to the container's bounding set. Containers which use Linux users and groups to\n perform privilege separation inside the container are most directly impacted. This bug did not affect the\n container security sandbox as the inheritable set never contained more capabilities than were included in\n the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers\n should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes\n Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a\n workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop\n inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASECS-2023-023.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24769.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update containerd' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24769\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-stress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'containerd-1.4.13-2.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-1.4.13-2.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.13-2.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.13-2.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.13-2.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.13-2.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"containerd / containerd-debuginfo / containerd-stress\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:35:45", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3336-1 advisory.\n\n - runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.\n (CVE-2021-30465)\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. (CVE-2021-32760)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.\n (CVE-2021-41091)\n\n - Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.\n (CVE-2021-41092)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-13T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : containerd, docker, runc (SUSE-SU-2021:3336-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30465", "CVE-2021-32760", "CVE-2021-41089", "CVE-2021-41091", "CVE-2021-41092", "CVE-2021-41103"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:containerd", "p-cpe:/a:novell:suse_linux:docker", "p-cpe:/a:novell:suse_linux:runc", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-3336-1.NASL", "href": "https://www.tenable.com/plugins/nessus/154100", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3336-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154100);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-30465\",\n \"CVE-2021-32760\",\n \"CVE-2021-41089\",\n \"CVE-2021-41091\",\n \"CVE-2021-41092\",\n \"CVE-2021-41103\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3336-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : containerd, docker, runc (SUSE-SU-2021:3336-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2021:3336-1 advisory.\n\n - runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the\n vulnerability, an attacker must be able to create multiple containers with a fairly specific mount\n configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.\n (CVE-2021-30465)\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where\n pulling and extracting a specially-crafted container image can result in Unix file permission changes for\n existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner\n of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does\n not directly allow files to be read, modified, or executed without an additional cooperating process. This\n bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from\n trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially\n affected by this bug through policies and profiles that prevent containerd from interacting with specific\n files. (CVE-2021-32760)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container\n can result in Unix file permission changes for existing files in the host's filesystem, widening access to\n others. This bug does not directly allow files to be read, modified, or executed without an additional\n cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this\n version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with\n insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory\n contents and execute programs. When containers included executable programs with extended permission bits\n (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed\n in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running\n containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade\n limit access to the host to trusted users. Limit access to host volumes to trusted containers.\n (CVE-2021-41091)\n\n - Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker\n CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file\n (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed\n would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended\n private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as\n soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries\n in the configuration file reference an installed credential helper that is executable and on the PATH.\n (CVE-2021-41092)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1102408\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191334\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191355\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-32760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41089\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41103\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-October/009566.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?766b520d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected containerd, docker and / or runc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-30465\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:runc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP0/3/4/5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'containerd-1.4.11-16.45.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'containerd-1.4.11-16.45.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'containerd-1.4.11-16.45.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'containerd-1.4.11-16.45.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'docker-20.10.9_ce-98.72.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'docker-20.10.9_ce-98.72.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'docker-20.10.9_ce-98.72.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'docker-20.10.9_ce-98.72.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'runc-1.0.2-16.14.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'runc-1.0.2-16.14.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'runc-1.0.2-16.14.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'runc-1.0.2-16.14.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd / docker / runc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:44:44", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3506-1 advisory.\n\n - runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.\n (CVE-2021-30465)\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. (CVE-2021-32760)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.\n (CVE-2021-41091)\n\n - Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.\n (CVE-2021-41092)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-28T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : containerd, docker, runc (openSUSE-SU-2021:3506-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30465", "CVE-2021-32760", "CVE-2021-41089", "CVE-2021-41091", "CVE-2021-41092", "CVE-2021-41103"], "modified": "2023-11-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:containerd", "p-cpe:/a:novell:opensuse:containerd-ctr", "p-cpe:/a:novell:opensuse:docker", "p-cpe:/a:novell:opensuse:docker-bash-completion", "p-cpe:/a:novell:opensuse:docker-fish-completion", "p-cpe:/a:novell:opensuse:docker-kubic", "p-cpe:/a:novell:opensuse:docker-kubic-bash-completion", "p-cpe:/a:novell:opensuse:docker-kubic-fish-completion", "p-cpe:/a:novell:opensuse:docker-kubic-kubeadm-criconfig", "p-cpe:/a:novell:opensuse:docker-kubic-zsh-completion", "p-cpe:/a:novell:opensuse:docker-zsh-completion", "p-cpe:/a:novell:opensuse:runc", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-3506.NASL", "href": "https://www.tenable.com/plugins/nessus/154606", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:3506-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154606);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/27\");\n\n script_cve_id(\n \"CVE-2021-30465\",\n \"CVE-2021-32760\",\n \"CVE-2021-41089\",\n \"CVE-2021-41091\",\n \"CVE-2021-41092\",\n \"CVE-2021-41103\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : containerd, docker, runc (openSUSE-SU-2021:3506-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:3506-1 advisory.\n\n - runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the\n vulnerability, an attacker must be able to create multiple containers with a fairly specific mount\n configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.\n (CVE-2021-30465)\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where\n pulling and extracting a specially-crafted container image can result in Unix file permission changes for\n existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner\n of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does\n not directly allow files to be read, modified, or executed without an additional cooperating process. This\n bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from\n trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially\n affected by this bug through policies and profiles that prevent containerd from interacting with specific\n files. (CVE-2021-32760)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container\n can result in Unix file permission changes for existing files in the host's filesystem, widening access to\n others. This bug does not directly allow files to be read, modified, or executed without an additional\n cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this\n version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with\n insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory\n contents and execute programs. When containers included executable programs with extended permission bits\n (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed\n in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running\n containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade\n limit access to the host to trusted users. Limit access to host volumes to trusted containers.\n (CVE-2021-41091)\n\n - Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker\n CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file\n (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed\n would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended\n private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as\n soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries\n in the configuration file reference an installed credential helper that is executable and on the PATH.\n (CVE-2021-41092)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1102408\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191334\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191355\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191434\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NP4XGHFKECRFSI6UYXER53KXVGP66EHQ/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9b01f733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-32760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41089\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41103\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-30465\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:containerd-ctr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-fish-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-kubic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-kubic-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-kubic-fish-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-kubic-kubeadm-criconfig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-kubic-zsh-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-zsh-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:runc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'containerd-1.4.11-56.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-ctr-1.4.11-56.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-20.10.9_ce-156.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-bash-completion-20.10.9_ce-156.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-fish-completion-20.10.9_ce-156.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-kubic-20.10.9_ce-156.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-kubic-bash-completion-20.10.9_ce-156.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-kubic-fish-completion-20.10.9_ce-156.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-kubic-zsh-completion-20.10.9_ce-156.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-zsh-completion-20.10.9_ce-156.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'runc-1.0.2-23.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd / containerd-ctr / docker / docker-bash-completion / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:46:29", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1404-1 advisory.\n\n - runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.\n (CVE-2021-30465)\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. (CVE-2021-32760)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.\n (CVE-2021-41091)\n\n - Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.\n (CVE-2021-41092)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-01T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : containerd, docker, runc (openSUSE-SU-2021:1404-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30465", "CVE-2021-32760", "CVE-2021-41089", "CVE-2021-41091", "CVE-2021-41092", "CVE-2021-41103"], "modified": "2023-11-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:containerd", "p-cpe:/a:novell:opensuse:containerd-ctr", "p-cpe:/a:novell:opensuse:docker", "p-cpe:/a:novell:opensuse:docker-bash-completion", "p-cpe:/a:novell:opensuse:docker-fish-completion", "p-cpe:/a:novell:opensuse:docker-zsh-completion", "p-cpe:/a:novell:opensuse:runc", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1404.NASL", "href": "https://www.tenable.com/plugins/nessus/154769", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1404-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154769);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/27\");\n\n script_cve_id(\n \"CVE-2021-30465\",\n \"CVE-2021-32760\",\n \"CVE-2021-41089\",\n \"CVE-2021-41091\",\n \"CVE-2021-41092\",\n \"CVE-2021-41103\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : containerd, docker, runc (openSUSE-SU-2021:1404-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1404-1 advisory.\n\n - runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the\n vulnerability, an attacker must be able to create multiple containers with a fairly specific mount\n configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.\n (CVE-2021-30465)\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where\n pulling and extracting a specially-crafted container image can result in Unix file permission changes for\n existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner\n of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does\n not directly allow files to be read, modified, or executed without an additional cooperating process. This\n bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from\n trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially\n affected by this bug through policies and profiles that prevent containerd from interacting with specific\n files. (CVE-2021-32760)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container\n can result in Unix file permission changes for existing files in the host's filesystem, widening access to\n others. This bug does not directly allow files to be read, modified, or executed without an additional\n cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this\n version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with\n insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory\n contents and execute programs. When containers included executable programs with extended permission bits\n (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed\n in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running\n containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade\n limit access to the host to trusted users. Limit access to host volumes to trusted containers.\n (CVE-2021-41091)\n\n - Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker\n CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file\n (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed\n would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended\n private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as\n soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries\n in the configuration file reference an installed credential helper that is executable and on the PATH.\n (CVE-2021-41092)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1102408\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191334\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191355\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191434\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/L7ADRJZ4HKOCVZC5ZKIM4MD6EZEHBNB3/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?55e12d1f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-32760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41089\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41103\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-30465\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:containerd-ctr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-fish-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-zsh-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:runc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'containerd-1.4.11-lp152.2.12.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-ctr-1.4.11-lp152.2.12.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-20.10.9_ce-lp152.2.18.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-bash-completion-20.10.9_ce-lp152.2.18.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-fish-completion-20.10.9_ce-lp152.2.18.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-zsh-completion-20.10.9_ce-lp152.2.18.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'runc-1.0.2-lp152.2.9.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd / containerd-ctr / docker / docker-bash-completion / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-15T18:43:59", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3506-1 advisory.\n\n - runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.\n (CVE-2021-30465)\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. (CVE-2021-32760)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.\n (CVE-2021-41091)\n\n - Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.\n (CVE-2021-41092)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-28T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : containerd, docker, runc (SUSE-SU-2021:3506-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30465", "CVE-2021-32760", "CVE-2021-41089", "CVE-2021-41091", "CVE-2021-41092", "CVE-2021-41103"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:containerd", "p-cpe:/a:novell:suse_linux:docker", "p-cpe:/a:novell:suse_linux:docker-bash-completion", "p-cpe:/a:novell:suse_linux:docker-fish-completion", "p-cpe:/a:novell:suse_linux:runc", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-3506-1.NASL", "href": "https://www.tenable.com/plugins/nessus/154638", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3506-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154638);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-30465\",\n \"CVE-2021-32760\",\n \"CVE-2021-41089\",\n \"CVE-2021-41091\",\n \"CVE-2021-41092\",\n \"CVE-2021-41103\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3506-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : containerd, docker, runc (SUSE-SU-2021:3506-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:3506-1 advisory.\n\n - runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the\n vulnerability, an attacker must be able to create multiple containers with a fairly specific mount\n configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.\n (CVE-2021-30465)\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where\n pulling and extracting a specially-crafted container image can result in Unix file permission changes for\n existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner\n of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does\n not directly allow files to be read, modified, or executed without an additional cooperating process. This\n bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from\n trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially\n affected by this bug through policies and profiles that prevent containerd from interacting with specific\n files. (CVE-2021-32760)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container\n can result in Unix file permission changes for existing files in the host's filesystem, widening access to\n others. This bug does not directly allow files to be read, modified, or executed without an additional\n cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this\n version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with\n insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory\n contents and execute programs. When containers included executable programs with extended permission bits\n (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed\n in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running\n containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade\n limit access to the host to trusted users. Limit access to host volumes to trusted containers.\n (CVE-2021-41091)\n\n - Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker\n CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file\n (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed\n would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended\n private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as\n soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries\n in the configuration file reference an installed credential helper that is executable and on the PATH.\n (CVE-2021-41092)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1102408\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191334\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191355\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-32760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41089\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41103\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-October/009645.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?83c57493\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-30465\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:docker-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:docker-fish-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:runc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1|2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1/2/3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(0|1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP0/1\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'containerd-1.4.11-56.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'docker-20.10.9_ce-156.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'docker-bash-completion-20.10.9_ce-156.1', 'sp':'0', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'runc-1.0.2-23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'containerd-1.4.11-56.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'docker-20.10.9_ce-156.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'docker-bash-completion-20.10.9_ce-156.1', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'runc-1.0.2-23.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'containerd-1.4.11-56.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'containerd-1.4.11-56.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'docker-20.10.9_ce-156.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'docker-20.10.9_ce-156.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'docker-bash-completion-20.10.9_ce-156.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'runc-1.0.2-23.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'runc-1.0.2-23.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'containerd-1.4.11-56.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'containerd-1.4.11-56.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'docker-20.10.9_ce-156.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'docker-20.10.9_ce-156.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'docker-bash-completion-20.10.9_ce-156.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'docker-bash-completion-20.10.9_ce-156.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'runc-1.0.2-23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'runc-1.0.2-23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'containerd-1.4.11-56.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'containerd-1.4.11-56.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'docker-20.10.9_ce-156.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'docker-20.10.9_ce-156.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'docker-bash-completion-20.10.9_ce-156.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'runc-1.0.2-23.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'runc-1.0.2-23.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'containerd-1.4.11-56.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-15.2']},\n {'reference':'docker-20.10.9_ce-156.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-15.2']},\n {'reference':'docker-bash-completion-20.10.9_ce-156.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-15.2']},\n {'reference':'runc-1.0.2-23.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-15.2']},\n {'reference':'containerd-1.4.11-56.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-15.3']},\n {'reference':'docker-20.10.9_ce-156.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-15.3']},\n {'reference':'docker-bash-completion-20.10.9_ce-156.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-15.3']},\n {'reference':'docker-fish-completion-20.10.9_ce-156.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-15.3']},\n {'reference':'runc-1.0.2-23.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-15.3']},\n {'reference':'containerd-1.4.11-56.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'docker-20.10.9_ce-156.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'runc-1.0.2-23.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'containerd-1.4.11-56.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'docker-20.10.9_ce-156.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'runc-1.0.2-23.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd / docker / docker-bash-completion / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-23T14:38:40", "description": "The remote host is affected by the vulnerability described in GLSA-202105-33 (containerd: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in containerd. Please review the CVE identifiers referenced below for details.\n Impact :\n\n A local attacker, able to run a malicious container in the same network namespace as the shim, could possibly escalate privileges. Furthermore, an attacker could disclose sensitive information.\n Workaround :\n\n There is no known workaround at this time.", "cvss3": {}, "published": "2022-01-24T00:00:00", "type": "nessus", "title": "GLSA-202105-33 : containerd: Multiple vulnerabilities", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15257", "CVE-2021-21334"], "modified": "2023-11-20T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:containerd", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-202105-33.NASL", "href": "https://www.tenable.com/plugins/nessus/156977", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 202105-33.\n#\n# The advisory text is Copyright (C) 2001-2022 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156977);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/20\");\n\n script_cve_id(\"CVE-2020-15257\", \"CVE-2021-21334\");\n script_xref(name:\"GLSA\", value:\"202105-33\");\n\n script_name(english:\"GLSA-202105-33 : containerd: Multiple vulnerabilities\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote host is affected by the vulnerability described in GLSA-202105-33\n(containerd: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in containerd. Please\n review the CVE identifiers referenced below for details.\n \nImpact :\n\n A local attacker, able to run a malicious container in the same network\n namespace as the shim, could possibly escalate privileges. Furthermore,\n an attacker could disclose sensitive information.\n \nWorkaround :\n\n There is no known workaround at this time.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security.gentoo.org/glsa/202105-33\");\n script_set_attribute(attribute:\"solution\", value:\n\"All containerd users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=app-emulation/containerd-1.4.4'\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21334\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/05/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"app-emulation/containerd\", unaffected:make_list(\"ge 1.4.4\"), vulnerable:make_list(\"lt 1.4.4\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"containerd\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-19T16:41:40", "description": "An update of the containerd package has been released.", "cvss3": {}, "published": "2021-04-07T00:00:00", "type": "nessus", "title": "Photon OS 4.0: Containerd PHSA-2021-4.0-0007", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15257", "CVE-2021-21334"], "modified": "2021-04-07T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:containerd", "cpe:/o:vmware:photonos:4.0"], "id": "PHOTONOS_PHSA-2021-4_0-0007_CONTAINERD.NASL", "href": "https://www.tenable.com/plugins/nessus/148345", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-4.0-0007. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(148345);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/07\");\n\n script_cve_id(\"CVE-2020-15257\", \"CVE-2021-21334\");\n\n script_name(english:\"Photon OS 4.0: Containerd PHSA-2021-4.0-0007\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the containerd package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-4.0-7.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21334\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/11/20\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/04/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/04/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:4.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 4\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 4.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'containerd-1.4.4-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'containerd-doc-1.4.4-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'containerd-extras-1.4.4-1.ph4')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:30:03", "description": "The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5162 advisory.\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise unprivileged users and processes can execute those programs and gain the specified file capabilities up to the bounding set. Due to this bug, containers which included executable programs with inheritable file capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable file capabilities up to the container's bounding set. Containers which use Linux users and groups to perform privilege separation inside the container are most directly impacted. This bug did not affect the container security sandbox as the inheritable set never contained more capabilities than were included in the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\n - containerd is an open source container runtime. A bug was found in the containerd's CRI implementation where programs inside a container can cause the containerd daemon to consume memory without bound during invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing processes via an exec facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted images and commands are used. (CVE-2022-31030)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-06-13T00:00:00", "type": "nessus", "title": "Debian DSA-5162-1 : containerd - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-24769", "CVE-2022-31030"], "modified": "2022-06-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:containerd", "p-cpe:/a:debian:debian_linux:golang-github-containerd-containerd-dev", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5162.NASL", "href": "https://www.tenable.com/plugins/nessus/162143", "sourceData": "#\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5162. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(162143);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/06/13\");\n\n script_cve_id(\"CVE-2022-24769\", \"CVE-2022-31030\");\n\n script_name(english:\"Debian DSA-5162-1 : containerd - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing one or more security-related updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the\ndsa-5162 advisory.\n\n - Moby is an open-source project created by Docker to enable and accelerate software containerization. A bug\n was found in Moby (Docker Engine) prior to version 20.10.14 where containers were incorrectly started with\n non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling\n programs with inheritable file capabilities to elevate those capabilities to the permitted set during\n `execve(2)`. Normally, when executable programs have specified permitted file capabilities, otherwise\n unprivileged users and processes can execute those programs and gain the specified file capabilities up to\n the bounding set. Due to this bug, containers which included executable programs with inheritable file\n capabilities allowed otherwise unprivileged users and processes to additionally gain these inheritable\n file capabilities up to the container's bounding set. Containers which use Linux users and groups to\n perform privilege separation inside the container are most directly impacted. This bug did not affect the\n container security sandbox as the inheritable set never contained more capabilities than were included in\n the container's bounding set. This bug has been fixed in Moby (Docker Engine) 20.10.14. Running containers\n should be stopped, deleted, and recreated for the inheritable capabilities to be reset. This fix changes\n Moby (Docker Engine) behavior such that containers are started with a more typical Linux environment. As a\n workaround, the entry point of a container can be modified to use a utility like `capsh(1)` to drop\n inheritable capabilities prior to the primary process starting. (CVE-2022-24769)\n\n - containerd is an open source container runtime. A bug was found in the containerd's CRI implementation\n where programs inside a container can cause the containerd daemon to consume memory without bound during\n invocation of the `ExecSync` API. This can cause containerd to consume all available memory on the\n computer, denying service to other legitimate workloads. Kubernetes and crictl can both be configured to\n use containerd's CRI implementation; `ExecSync` may be used when running probes or when executing\n processes via an exec facility. This bug has been fixed in containerd 1.6.6 and 1.5.13. Users should\n update to these versions to resolve the issue. Users unable to upgrade should ensure that only trusted\n images and commands are used. (CVE-2022-31030)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/containerd\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2022/dsa-5162\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-24769\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2022-31030\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/containerd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the containerd packages.\n\nFor the stable distribution (bullseye), these problems have been fixed in version 1.4.13~ds1-1~deb11u2.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-24769\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/06/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:golang-github-containerd-containerd-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'containerd', 'reference': '1.4.13~ds1-1~deb11u2'},\n {'release': '11.0', 'prefix': 'golang-github-containerd-containerd-dev', 'reference': '1.4.13~ds1-1~deb11u2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd / golang-github-containerd-containerd-dev');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:58:54", "description": "An update of the docker package has been released.\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the hosts filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Docker PHSA-2021-1.0-0439", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41089", "CVE-2021-41103"], "modified": "2021-10-19T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:docker", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2021-1_0-0439_DOCKER.NASL", "href": "https://www.tenable.com/plugins/nessus/153929", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-1.0-0439. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153929);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/19\");\n\n script_cve_id(\"CVE-2021-41089\", \"CVE-2021-41103\");\n\n script_name(english:\"Photon OS 1.0: Docker PHSA-2021-1.0-0439\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the docker package has been released.\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container\n can result in Unix file permission changes for existing files in the hosts filesystem, widening access\n to others. This bug does not directly allow files to be read, modified, or executed without an additional\n cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this\n version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-439.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 1.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nvar flag = 0;\n\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'docker-18.09.9-7.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'docker-doc-18.09.9-7.ph1')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'docker');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-12T18:03:54", "description": "The version of containerd installed on the remote host is prior to 1.4.13-3. The version of docker installed on the remote host is prior to 20.10.13-2. The version of ecs-init installed on the remote host is prior to 1.61.1-1. The version of runc installed on the remote host is prior to 1.0.3-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2022-001 advisory.\n\n - containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd's CRI implementation on Linux with a specially-crafted image configuration could gain access to read-only copies of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information.\n Kubernetes and crictl can both be configured to use containerd's CRI implementation. This bug has been fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.\n (CVE-2022-23648)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-07-14T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : ecs-init, docker, containerd, runc (ALASECS-2022-001)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2022-23648", "CVE-2022-24769"], "modified": "2023-10-11T00:00:00", "cpe": ["cpe:/o:amazon:linux:2", "p-cpe:/a:amazon:linux:docker", "p-cpe:/a:amazon:linux:docker-debuginfo", "p-cpe:/a:amazon:linux:runc", "p-cpe:/a:amazon:linux:runc-debuginfo", "p-cpe:/a:amazon:linux:containerd", "p-cpe:/a:amazon:linux:containerd-debuginfo", "p-cpe:/a:amazon:linux:containerd-stress", "p-cpe:/a:amazon:linux:ecs-init"], "id": "AL2_ALASECS-2022-001.NASL", "href": "https://www.tenable.com/plugins/nessus/178301", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASECS-2022-001.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(178301);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/11\");\n\n script_cve_id(\"CVE-2022-23648\", \"CVE-2022-24769\");\n\n script_name(english:\"Amazon Linux 2 : ecs-init, docker, containerd, runc (ALASECS-2022-001)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of containerd installed on the remote host is prior to 1.4.13-3. The version of docker installed on the\nremote host is prior to 20.10.13-2. The version of ecs-init installed on the remote host is prior to 1.61.1-1. The\nversion of runc installed on the remote host is prior to 1.0.3-3. It is, therefore, affected by a vulnerability as\nreferenced in the ALAS2ECS-2022-001 advisory.\n\n - containerd is a container runtime available as a daemon for Linux and Windows. A bug was found in\n containerd prior to versions 1.6.1, 1.5.10, and 1.14.12 where containers launched through containerd's CRI\n implementation on Linux with a specially-crafted image configuration could gain access to read-only copies\n of arbitrary files and directories on the host. This may bypass any policy-based enforcement on container\n setup (including a Kubernetes Pod Security Policy) and expose potentially sensitive information.\n Kubernetes and crictl can both be configured to use containerd's CRI implementation. This bug has been\n fixed in containerd 1.6.1, 1.5.10, and 1.4.12. Users should update to these versions to resolve the issue.\n (CVE-2022-23648)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASECS-2022-001.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-23648.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2022-24769.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update ecs-init' to update your system.\n Run 'yum update docker' to update your system.\n Run 'yum update containerd' to update your system.\n Run 'yum update runc' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2022-23648\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2022/03/02\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/06/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/07/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-stress\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:docker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:ecs-init\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:runc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:runc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'containerd-1.4.13-3.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-1.4.13-3.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.13-3.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.13-3.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.13-3.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.13-3.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-20.10.13-2.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-20.10.13-2.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-debuginfo-20.10.13-2.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-debuginfo-20.10.13-2.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ecs-init-1.61.1-1.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'ecs-init-1.61.1-1.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'runc-1.0.3-3.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'runc-1.0.3-3.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'runc-debuginfo-1.0.3-3.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'runc-debuginfo-1.0.3-3.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"containerd / containerd-debuginfo / containerd-stress / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-06-01T14:23:22", "description": "This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2020-15257: Fixed a privilege escalation in containerd (bsc#1178969).\n\nCVE-2021-21284: potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732)\n\nCVE-2021-21285: pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730)\n\nNon-security issues fixed :\n\nUpdate Docker to 19.03.15-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. This update includes fixes for bsc#1181732 (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285).\n\nOnly apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE. It appears that SLES doesn't like the patch. (bsc#1180401)\n\nUpdate to containerd v1.3.9, which is needed for Docker v19.03.14-ce and fixes CVE-2020-15257. bsc#1180243\n\nUpdate to containerd v1.3.7, which is required for Docker 19.03.13-ce.\nbsc#1176708\n\nUpdate to Docker 19.03.14-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. CVE-2020-15257 bsc#1180243 https://github.com/docker/docker-ce/releases/tag/v19.03.14\n\nEnable fish-completion\n\nAdd a patch which makes Docker compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460)\n\nUpdate to Docker 19.03.13-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1176708\n\nFixes for %_libexecdir changing to /usr/libexec (bsc#1174075)\n\nEmergency fix: %requires_eq does not work with provide symbols, only effective package names. Convert back to regular Requires.\n\nUpdate to Docker 19.03.12-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md.\n\nUse Go 1.13 instead of Go 1.14 because Go 1.14 can cause all sorts of spurrious errors due to Go returning -EINTR from I/O syscalls much more often (due to Go 1.14's pre-emptive goroutine support).\n\nAdd BuildRequires for all -git dependencies so that we catch missing dependencies much more quickly.\n\nUpdate to libnetwork 55e924b8a842, which is required for Docker 19.03.14-ce. bsc#1180243\n\nAdd patch which makes libnetwork compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-02-12T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : containerd, docker, docker-runc, golang-github-docker-libnetwork (SUSE-SU-2021:0435-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15257", "CVE-2021-21284", "CVE-2021-21285"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:containerd", "p-cpe:/a:novell:suse_linux:docker", "p-cpe:/a:novell:suse_linux:docker-debuginfo", "p-cpe:/a:novell:suse_linux:docker-libnetwork", "p-cpe:/a:novell:suse_linux:docker-libnetwork-debuginfo", "p-cpe:/a:novell:suse_linux:docker-runc", "p-cpe:/a:novell:suse_linux:docker-runc-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-0435-1.NASL", "href": "https://www.tenable.com/plugins/nessus/146460", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2021:0435-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146460);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\"CVE-2020-15257\", \"CVE-2021-21284\", \"CVE-2021-21285\");\n\n script_name(english:\"SUSE SLES15 Security Update : containerd, docker, docker-runc, golang-github-docker-libnetwork (SUSE-SU-2021:0435-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for containerd, docker, docker-runc,\ngolang-github-docker-libnetwork fixes the following issues :\n\nSecurity issues fixed :\n\nCVE-2020-15257: Fixed a privilege escalation in containerd\n(bsc#1178969).\n\nCVE-2021-21284: potential privilege escalation when the root user in\nthe remapped namespace has access to the host filesystem (bsc#1181732)\n\nCVE-2021-21285: pulling a malformed Docker image manifest crashes the\ndockerd daemon (bsc#1181730)\n\nNon-security issues fixed :\n\nUpdate Docker to 19.03.15-ce. See upstream changelog in the packaged\n/usr/share/doc/packages/docker/CHANGELOG.md. This update includes\nfixes for bsc#1181732 (CVE-2021-21284) and bsc#1181730\n(CVE-2021-21285).\n\nOnly apply the boo#1178801 libnetwork patch to handle firewalld on\nopenSUSE. It appears that SLES doesn't like the patch. (bsc#1180401)\n\nUpdate to containerd v1.3.9, which is needed for Docker v19.03.14-ce\nand fixes CVE-2020-15257. bsc#1180243\n\nUpdate to containerd v1.3.7, which is required for Docker 19.03.13-ce.\nbsc#1176708\n\nUpdate to Docker 19.03.14-ce. See upstream changelog in the packaged\n/usr/share/doc/packages/docker/CHANGELOG.md. CVE-2020-15257\nbsc#1180243 https://github.com/docker/docker-ce/releases/tag/v19.03.14\n\nEnable fish-completion\n\nAdd a patch which makes Docker compatible with firewalld with nftables\nbackend. Backport of https://github.com/moby/libnetwork/pull/2548\n(bsc#1178801, SLE-16460)\n\nUpdate to Docker 19.03.13-ce. See upstream changelog in the packaged\n/usr/share/doc/packages/docker/CHANGELOG.md. bsc#1176708\n\nFixes for %_libexecdir changing to /usr/libexec (bsc#1174075)\n\nEmergency fix: %requires_eq does not work with provide symbols, only\neffective package names. Convert back to regular Requires.\n\nUpdate to Docker 19.03.12-ce. See upstream changelog in the packaged\n/usr/share/doc/packages/docker/CHANGELOG.md.\n\nUse Go 1.13 instead of Go 1.14 because Go 1.14 can cause all sorts of\nspurrious errors due to Go returning -EINTR from I/O syscalls much\nmore often (due to Go 1.14's pre-emptive goroutine support).\n\nAdd BuildRequires for all -git dependencies so that we catch missing\ndependencies much more quickly.\n\nUpdate to libnetwork 55e924b8a842, which is required for Docker\n19.03.14-ce. bsc#1180243\n\nAdd patch which makes libnetwork compatible with firewalld with\nnftables backend. Backport of\nhttps://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1174075\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1176708\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1178969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1180401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181730\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/show_bug.cgi?id=1181732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/docker/docker-ce/releases/tag/v19.03.14\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/moby/libnetwork/pull/2548\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2020-15257/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21284/\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-21285/\");\n # https://www.suse.com/support/update/announcement/2021/suse-su-20210435-1\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fccb77db\");\n script_set_attribute(attribute:\"solution\", value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Manager Server 4.0 :\n\nzypper in -t patch SUSE-SLE-Product-SUSE-Manager-Server-4.0-2021-435=1\n\nSUSE Manager Retail Branch Server 4.0 :\n\nzypper in -t patch\nSUSE-SLE-Product-SUSE-Manager-Retail-Branch-Server-4.0-2021-435=1\n\nSUSE Manager Proxy 4.0 :\n\nzypper in -t patch SUSE-SLE-Product-SUSE-Manager-Proxy-4.0-2021-435=1\n\nSUSE Linux Enterprise Server for SAP 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-SP1-2021-435=1\n\nSUSE Linux Enterprise Server 15-SP1-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-SP1-LTSS-2021-435=1\n\nSUSE Linux Enterprise Server 15-SP1-BCL :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-SP1-BCL-2021-435=1\n\nSUSE Linux Enterprise Module for Containers 15-SP3 :\n\nzypper in -t patch SUSE-SLE-Module-Containers-15-SP3-2021-435=1\n\nSUSE Linux Enterprise Module for Containers 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Containers-15-SP2-2021-435=1\n\nSUSE Linux Enterprise High Performance Computing 15-SP1-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-SP1-LTSS-2021-435=1\n\nSUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-SP1-ESPOS-2021-435=1\n\nSUSE Enterprise Storage 6 :\n\nzypper in -t patch SUSE-Storage-6-2021-435=1\n\nSUSE CaaS Platform 4.0 :\n\nTo install this update, use the SUSE CaaS Platform 'skuba' tool. I\nwill inform you if it detects new updates and let you then trigger\nupdating of the complete cluster in a controlled way.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15257\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21284\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:docker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:docker-libnetwork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:docker-libnetwork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:docker-runc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:docker-runc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1|2|3)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1/2/3\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"containerd-1.3.9-5.29.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"docker-19.03.15_ce-6.43.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"docker-debuginfo-19.03.15_ce-6.43.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"docker-libnetwork-debuginfo-0.7.0.1+gitr2908_55e924b8a842-4.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"docker-runc-debuginfo-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"containerd-1.3.9-5.29.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"docker-19.03.15_ce-6.43.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"docker-debuginfo-19.03.15_ce-6.43.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"docker-libnetwork-debuginfo-0.7.0.1+gitr2908_55e924b8a842-4.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"3\", reference:\"docker-runc-debuginfo-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"containerd-1.3.9-5.29.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"docker-19.03.15_ce-6.43.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"docker-debuginfo-19.03.15_ce-6.43.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-4.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"docker-libnetwork-debuginfo-0.7.0.1+gitr2908_55e924b8a842-4.28.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"docker-runc-debuginfo-1.0.0rc10+gitr3981_dc9208a3303f-6.45.3\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"containerd / docker / docker-runc / golang-github-docker-libnetwork\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-31T14:26:52", "description": "This update for containerd, docker, docker-runc, golang-github-docker-libnetwork fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2020-15257: Fixed a privilege escalation in containerd (bsc#1178969).\n\n - CVE-2021-21284: potential privilege escalation when the root user in the remapped namespace has access to the host filesystem (bsc#1181732)\n\n - CVE-2021-21285: pulling a malformed Docker image manifest crashes the dockerd daemon (bsc#1181730)\n\nNon-security issues fixed :\n\n - Update Docker to 19.03.15-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. This update includes fixes for bsc#1181732 (CVE-2021-21284) and bsc#1181730 (CVE-2021-21285).\n\n - Only apply the boo#1178801 libnetwork patch to handle firewalld on openSUSE. It appears that SLES doesn't like the patch. (bsc#1180401)\n\n - Update to containerd v1.3.9, which is needed for Docker v19.03.14-ce and fixes CVE-2020-15257. bsc#1180243\n\n - Update to containerd v1.3.7, which is required for Docker 19.03.13-ce. bsc#1176708\n\n - Update to Docker 19.03.14-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md.\n CVE-2020-15257 bsc#1180243 https://github.com/docker/docker-ce/releases/tag/v19.03.\n 14\n\n - Enable fish-completion\n\n - Add a patch which makes Docker compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460)\n\n - Update to Docker 19.03.13-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1176708\n\n - Fixes for %_libexecdir changing to /usr/libexec (bsc#1174075)\n\n - Emergency fix: %requires_eq does not work with provide symbols, only effective package names. Convert back to regular Requires.\n\n - Update to Docker 19.03.12-ce. See upstream changelog in the packaged /usr/share/doc/packages/docker/CHANGELOG.md.\n\n - Use Go 1.13 instead of Go 1.14 because Go 1.14 can cause all sorts of spurrious errors due to Go returning -EINTR from I/O syscalls much more often (due to Go 1.14's pre-emptive goroutine support).\n\n - Add BuildRequires for all -git dependencies so that we catch missing dependencies much more quickly.\n\n - Update to libnetwork 55e924b8a842, which is required for Docker 19.03.14-ce. bsc#1180243\n\n - Add patch which makes libnetwork compatible with firewalld with nftables backend. Backport of https://github.com/moby/libnetwork/pull/2548 (bsc#1178801, SLE-16460)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {}, "published": "2021-02-16T00:00:00", "type": "nessus", "title": "openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2021-278)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15257", "CVE-2021-21284", "CVE-2021-21285"], "modified": "2022-05-10T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:containerd", "p-cpe:/a:novell:opensuse:containerd-ctr", "p-cpe:/a:novell:opensuse:docker", "p-cpe:/a:novell:opensuse:docker-bash-completion", "p-cpe:/a:novell:opensuse:docker-debuginfo", "p-cpe:/a:novell:opensuse:docker-fish-completion", "p-cpe:/a:novell:opensuse:docker-libnetwork", "p-cpe:/a:novell:opensuse:docker-libnetwork-debuginfo", "p-cpe:/a:novell:opensuse:docker-runc", "p-cpe:/a:novell:opensuse:docker-runc-debuginfo", "p-cpe:/a:novell:opensuse:docker-test", "p-cpe:/a:novell:opensuse:docker-test-debuginfo", "p-cpe:/a:novell:opensuse:docker-zsh-completion", "p-cpe:/a:novell:opensuse:fish", "p-cpe:/a:novell:opensuse:fish-debuginfo", "p-cpe:/a:novell:opensuse:fish-debugsource", "p-cpe:/a:novell:opensuse:fish-devel", "p-cpe:/a:novell:opensuse:golang-github-docker-libnetwork", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-278.NASL", "href": "https://www.tenable.com/plugins/nessus/146506", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2021-278.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(146506);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/10\");\n\n script_cve_id(\"CVE-2020-15257\", \"CVE-2021-21284\", \"CVE-2021-21285\");\n\n script_name(english:\"openSUSE Security Update : containerd / docker / docker-runc / etc (openSUSE-2021-278)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote openSUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"This update for containerd, docker, docker-runc,\ngolang-github-docker-libnetwork fixes the following issues :\n\nSecurity issues fixed :\n\n - CVE-2020-15257: Fixed a privilege escalation in\n containerd (bsc#1178969).\n\n - CVE-2021-21284: potential privilege escalation when the\n root user in the remapped namespace has access to the\n host filesystem (bsc#1181732)\n\n - CVE-2021-21285: pulling a malformed Docker image\n manifest crashes the dockerd daemon (bsc#1181730)\n\nNon-security issues fixed :\n\n - Update Docker to 19.03.15-ce. See upstream changelog in\n the packaged\n /usr/share/doc/packages/docker/CHANGELOG.md. This update\n includes fixes for bsc#1181732 (CVE-2021-21284) and\n bsc#1181730 (CVE-2021-21285).\n\n - Only apply the boo#1178801 libnetwork patch to handle\n firewalld on openSUSE. It appears that SLES doesn't like\n the patch. (bsc#1180401)\n\n - Update to containerd v1.3.9, which is needed for Docker\n v19.03.14-ce and fixes CVE-2020-15257. bsc#1180243\n\n - Update to containerd v1.3.7, which is required for\n Docker 19.03.13-ce. bsc#1176708\n\n - Update to Docker 19.03.14-ce. See upstream changelog in\n the packaged\n /usr/share/doc/packages/docker/CHANGELOG.md.\n CVE-2020-15257 bsc#1180243\n https://github.com/docker/docker-ce/releases/tag/v19.03.\n 14\n\n - Enable fish-completion\n\n - Add a patch which makes Docker compatible with firewalld\n with nftables backend. Backport of\n https://github.com/moby/libnetwork/pull/2548\n (bsc#1178801, SLE-16460)\n\n - Update to Docker 19.03.13-ce. See upstream changelog in\n the packaged\n /usr/share/doc/packages/docker/CHANGELOG.md. bsc#1176708\n\n - Fixes for %_libexecdir changing to /usr/libexec\n (bsc#1174075)\n\n - Emergency fix: %requires_eq does not work with provide\n symbols, only effective package names. Convert back to\n regular Requires.\n\n - Update to Docker 19.03.12-ce. See upstream changelog in\n the packaged\n /usr/share/doc/packages/docker/CHANGELOG.md.\n\n - Use Go 1.13 instead of Go 1.14 because Go 1.14 can cause\n all sorts of spurrious errors due to Go returning -EINTR\n from I/O syscalls much more often (due to Go 1.14's\n pre-emptive goroutine support).\n\n - Add BuildRequires for all -git dependencies so that we\n catch missing dependencies much more quickly.\n\n - Update to libnetwork 55e924b8a842, which is required for\n Docker 19.03.14-ce. bsc#1180243\n\n - Add patch which makes libnetwork compatible with\n firewalld with nftables backend. Backport of\n https://github.com/moby/libnetwork/pull/2548\n (bsc#1178801, SLE-16460)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1174075\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1176708\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178801\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1178969\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180243\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1180401\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181730\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1181732\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/docker/docker-ce/releases/tag/v19.03.14\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/moby/libnetwork/pull/2548\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected containerd / docker / docker-runc / etc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15257\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-21284\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/12/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/02/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/02/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:containerd-ctr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-fish-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-libnetwork\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-libnetwork-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-runc\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-runc-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-test-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-zsh-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fish\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fish-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fish-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:fish-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:golang-github-docker-libnetwork\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"containerd-1.3.9-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"containerd-ctr-1.3.9-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"docker-19.03.15_ce-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"docker-bash-completion-19.03.15_ce-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"docker-debuginfo-19.03.15_ce-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"docker-fish-completion-19.03.15_ce-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"docker-libnetwork-debuginfo-0.7.0.1+gitr2908_55e924b8a842-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"docker-runc-1.0.0rc10+gitr3981_dc9208a3303f-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"docker-runc-debuginfo-1.0.0rc10+gitr3981_dc9208a3303f-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"docker-test-19.03.15_ce-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"docker-test-debuginfo-19.03.15_ce-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"docker-zsh-completion-19.03.15_ce-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"fish-2.7.1-lp152.5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"fish-debuginfo-2.7.1-lp152.5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"fish-debugsource-2.7.1-lp152.5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"fish-devel-2.7.1-lp152.5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"golang-github-docker-libnetwork-0.7.0.1+gitr2908_55e924b8a842-lp152.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"containerd / containerd-ctr / docker-runc / docker-runc-debuginfo / etc\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}], "mageia": [{"lastseen": "2023-12-03T17:33:22", "description": "A bug was found in containerd where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host\u2019s filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. \n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-10-23T13:05:28", "type": "mageia", "title": "Updated docker-containerd packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-32760", "CVE-2021-41103"], "modified": "2021-10-23T13:05:28", "id": "MGASA-2021-0484", "href": "https://advisories.mageia.org/MGASA-2021-0484.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T17:33:22", "description": "It was discovered that Docker could be made to expose sensitive information when processing URLs in container image manifests. A remote attacker could use this to trick the user and obtain the user's registry credentials (CVE-2020-15157). \n", "cvss3": {"exploitabilityScore": 1.6, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 4.0}, "published": "2020-11-09T17:48:43", "type": "mageia", "title": "Updated docker packages fix a security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "LOW", "exploitabilityScore": 4.9, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "HIGH", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.6, "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15157"], "modified": "2020-11-09T17:48:43", "id": "MGASA-2020-0406", "href": "https://advisories.mageia.org/MGASA-2020-0406.html", "cvss": {"score": 2.6, "vector": "AV:N/AC:H/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2023-12-03T17:33:22", "description": "Containers were incorrectly started with non-empty inheritable Linux process capabilities, creating an atypical Linux environment and enabling programs with inheritable file capabilities to elevate those capabilities to the permitted set during 'execve(2)' (CVE-2022-24769) \n", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2022-03-28T19:23:37", "type": "mageia", "title": "Updated docker packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24769"], "modified": "2022-03-28T19:23:37", "id": "MGASA-2022-0117", "href": "https://advisories.mageia.org/MGASA-2022-0117.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-03T17:33:22", "description": "Containers were incorrectly started with non-empty inheritable Linux process capabilities (CVE-2022-24769) \n", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2022-04-16T00:35:09", "type": "mageia", "title": "Updated docker-containerd packages fix security vulnerability\n", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2022-24769"], "modified": "2022-04-16T00:35:08", "id": "MGASA-2022-0144", "href": "https://advisories.mageia.org/MGASA-2022-0144.html", "cvss": {"score": 4.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:P"}}], "debian": [{"lastseen": "2023-12-04T10:28:50", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4865-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nFebruary 27, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : docker.io\nCVE ID : CVE-2020-15157 CVE-2020-15257 CVE-2021-21284 CVE-2021-21285\n\nMultiple security issues were discovered in Docker, a Linux container\nruntime, which could result in denial of service, an information leak\nor privilege escalation.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 18.09.1+dfsg1-7.1+deb10u3.\n\nWe recommend that you upgrade your docker.io packages.\n\nFor the detailed security status of docker.io please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/docker.io\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.3, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 6.8, "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 4.0}, "published": "2021-02-27T18:36:39", "type": "debian", "title": "[SECURITY] [DSA 4865-1] docker.io security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15157", "CVE-2020-15257", "CVE-2021-21284", "CVE-2021-21285"], "modified": "2021-02-27T18:36:39", "id": "DEBIAN:DSA-4865-1:E637E", "href": "https://lists.debian.org/debian-security-announce/2021/msg00046.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-28T08:46:10", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5002-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nNovember 06, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : containerd\nCVE ID : CVE-2021-41103\n\nA flaw was discovered in containerd, an open and reliable container\nruntime. Insufficiently restricted permissions on container root and\nplugin directories could result in privilege escalation.\n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 1.4.5~ds1-2+deb11u1.\n\nWe recommend that you upgrade your containerd packages.\n\nFor the detailed security status of containerd please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/containerd\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-11-06T21:49:59", "type": "debian", "title": "[SECURITY] [DSA 5002-1] containerd security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41103"], "modified": "2021-11-06T21:49:59", "id": "DEBIAN:DSA-5002-1:C91D8", "href": "https://lists.debian.org/debian-security-announce/2021/msg00187.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T16:09:24", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5002-1 security@debian.org\nhttps://www.debian.org/security/ Salvatore Bonaccorso\nNovember 06, 2021 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : containerd\nCVE ID : CVE-2021-41103\n\nA flaw was discovered in containerd, an open and reliable container\nruntime. Insufficiently restricted permissions on container root and\nplugin directories could result in privilege escalation.\n\nFor the stable distribution (bullseye), this problem has been fixed in\nversion 1.4.5~ds1-2+deb11u1.\n\nWe recommend that you upgrade your containerd packages.\n\nFor the detailed security status of containerd please refer to its\nsecurity tracker page at:\nhttps://security-tracker.debian.org/tracker/containerd\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-11-06T21:49:59", "type": "debian", "title": "[SECURITY] [DSA 5002-1] containerd security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41103"], "modified": "2021-11-06T21:49:59", "id": "DEBIAN:DSA-5002-1:FE3C9", "href": "https://lists.debian.org/debian-security-announce/2021/msg00187.html", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-03T10:06:35", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-5162-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJune 12, 2022 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : containerd\nCVE ID : CVE-2022-24769 CVE-2022-31030\n\nTwo vulnerabilities were discovered that the containerd container\nruntime, which could result in denial of service or incomplete restriction\nof capabilities.\n\nFor the stable distribution (bullseye), these problems have been fixed in\nversion 1.4.13~ds1-1~deb11u2.\n\nWe recommend that you upgrade your containerd packages.\n\nFor the detailed security status of containerd please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/containerd\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.5, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.4}, "published": "2022-06-12T17:51:32", "type": "debian", "title": "[SECURITY] [DSA 5162-1] containerd security update", "bulletinFamily": "unix", "cvss2": {"severity":

EulerOS 2.0 SP5 : docker-engine (EulerOS-SA-2022-1886)

Description

Related