Lucene search
This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2021-03BCFA3491.NASLHistoryJan 14, 2021 - 12:00 a.m.
Fedora 32 : golang-github-docker-credential-helpers (2021-03bcfa3491)
2021-01-1400:00:00
This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0005 Low
EPSS
Percentile
17.7%
The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-03bcfa3491 advisory.
- docker-credential-helpers before 0.6.3 has a double free in the List functions. (CVE-2019-1020014)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable Network Security, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2021-03bcfa3491
#
include('compat.inc');
if (description)
{
script_id(144967);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/04/12");
script_cve_id("CVE-2019-1020014");
script_xref(name:"FEDORA", value:"2021-03bcfa3491");
script_name(english:"Fedora 32 : golang-github-docker-credential-helpers (2021-03bcfa3491)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the
FEDORA-2021-03bcfa3491 advisory.
- docker-credential-helpers before 0.6.3 has a double free in the List functions. (CVE-2019-1020014)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2021-03bcfa3491");
script_set_attribute(attribute:"solution", value:
"Update the affected golang-github-docker-credential-helpers package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-1020014");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/29");
script_set_attribute(attribute:"patch_publication_date", value:"2021/01/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/01/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:32");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:golang-github-docker-credential-helpers");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item('Host/RedHat/release');
if (isnull(release) || 'Fedora' >!< release) audit(AUDIT_OS_NOT, 'Fedora');
os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
os_ver = os_ver[1];
if (! preg(pattern:"^32([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 32', 'Fedora ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);
pkgs = [
{'reference':'golang-github-docker-credential-helpers-0.6.3-2.fc32', 'release':'FC32', 'rpm_spec_vers_cmp':TRUE}
];
flag = 0;
foreach package_array ( pkgs ) {
reference = NULL;
release = NULL;
sp = NULL;
cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (reference && release) {
if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'golang-github-docker-credential-helpers');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | 32 | cpe:/o:fedoraproject:fedora:32 |
| fedoraproject | fedora | golang-github-docker-credential-helpers | p-cpe:/a:fedoraproject:fedora:golang-github-docker-credential-helpers |
Related
ubuntu
ubuntu
docker-credential-helpers vulnerability
2021-03-15 00:00:00
Docker vulnerability
2019-08-19 00:00:00
docker-credential-helpers vulnerability
2019-08-19 00:00:00
openvas
openvas
Mageia: Security Advisory (MGASA-2019-0269)
2022-01-28 00:00:00
Ubuntu: Security Advisory (USN-4103-2)
2019-08-20 00:00:00
Ubuntu: Security Advisory (USN-4103-1)
2019-08-20 00:00:00
cvelist
cvelist
CVE-2019-1020014
2019-07-29 12:20:21
nessus
nessus
Ubuntu 19.04 : docker-credential-helpers vulnerability (USN-4103-1)
2019-08-20 00:00:00
Ubuntu 16.04 LTS / 18.04 LTS : Docker vulnerability (USN-4103-2)
2019-08-20 00:00:00
veracode
veracode
Denial Of Service (DoS)
2019-07-30 01:33:18
osv
osv
golang-github-docker-docker-credential-helpers vulnerability
2021-03-15 22:42:37
CVE-2019-1020014
2019-07-29 13:15:11
fedora
fedora
debiancve
debiancve
CVE-2019-1020014
2019-07-29 13:15:11
cve
cve
CVE-2019-1020014
2019-07-29 13:15:11
ubuntucve
ubuntucve
CVE-2019-1020014
2019-07-29 00:00:00
mageia
mageia
Updated docker packages fix security vulnerability
2019-09-12 22:09:52
prion
prion
Double free
2019-07-29 13:15:00
nvd
nvd
CVE-2019-1020014
2019-07-29 13:15:11
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0005 Low
EPSS
Percentile
17.7%
Related for FEDORA_2021-03BCFA3491.NASL