GLSA-202211-07 : sysstat: Arbitrary Code Execution

🗓️ 22 Nov 2022 00:00:00Reported by TenableType

sysstat vulnerability: Arbitrary Code Execution on Linu

Reporter	Title	Published	Views	Family All 178
Tenable Nessus	Amazon Linux 2022 : sysstat (ALAS2022-2022-255)	9 Dec 202200:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : sysstat (ALAS2023-2023-094)	21 Mar 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : sysstat (ALAS-2023-1925)	6 Feb 202300:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0070: sysstat (ALINUX3-SA-2023:0070)	14 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : sysstat (ALSA-2023:2234)	14 May 202300:00	–	nessus
Tenable Nessus	AlmaLinux 8 : sysstat (ALSA-2023:2800)	21 May 202300:00	–	nessus
Tenable Nessus	CentOS 8 : sysstat (CESA-2023:2800)	16 May 202300:00	–	nessus
Tenable Nessus	CentOS 9 : sysstat-12.5.4-4.el9	29 Feb 202400:00	–	nessus
Tenable Nessus	Debian dla-3188 : isag - security update	14 Nov 202200:00	–	nessus
Tenable Nessus	Debian dla-3434 : isag - security update	27 May 202300:00	–	nessus

Source	Link
security	www.security.gentoo.org/glsa/202211-07
bugs	www.bugs.gentoo.org/show_bug.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# @NOAGENT@
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 202211-07.
#
# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('compat.inc');

if (description)
{
  script_id(168043);
  script_version("1.4");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/03");

  script_cve_id("CVE-2022-39377");

  script_name(english:"GLSA-202211-07 : sysstat: Arbitrary Code Execution");

  script_set_attribute(attribute:"synopsis", value:
"");
  script_set_attribute(attribute:"description", value:
"The remote host is affected by the vulnerability described in GLSA-202211-07 (sysstat: Arbitrary Code Execution)

  - sysstat is a set of system performance tools for the Linux operating system. On 32 bit systems, in
    versions 9.1.16 and newer but prior to 12.7.1, allocate_structures contains a size_t overflow in
    sa_common.c. The allocate_structures function insufficiently checks bounds before arithmetic
    multiplication, allowing for an overflow in the size allocated for the buffer representing system
    activities. This issue may lead to Remote Code Execution (RCE). This issue has been patched in version
    12.7.1. (CVE-2022-39377)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://security.gentoo.org/glsa/202211-07");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=880543");
  script_set_attribute(attribute:"solution", value:
"All sysstat users should upgrade to the latest version:

          # emerge --sync
          # emerge --ask --oneshot --verbose >=app-admin/sysstat-12.7.1");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-39377");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/11/08");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/11/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/11/22");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:sysstat");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
  script_set_attribute(attribute:"generated_plugin", value:"former");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Gentoo Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}
include('qpkg.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/Gentoo/release')) audit(AUDIT_OS_NOT, 'Gentoo');
if (!get_kb_item('Host/Gentoo/qpkg-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item("Host/cpu");
if (empty_or_null(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^i[3-6]86$") audit(AUDIT_OS_NOT, "32-bit");

var flag = 0;

var packages = [
  {
    'name' : 'app-admin/sysstat',
    'unaffected' : make_list("ge 12.7.1", "lt 12.0.0"),
    'vulnerable' : make_list("lt 12.7.1")
  }
];

foreach package( packages ) {
  if (isnull(package['unaffected'])) package['unaffected'] = make_list();
  if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();
  if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;
}

# This plugin has a different number of unaffected and vulnerable versions for
# one or more packages. To ensure proper detection, a separate line should be 
# used for each fixed/vulnerable version pair.

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_HOLE,
    extra      : qpkg_report_get()
  );
  exit(0);
}
else
{
  qpkg_tests = list_uniq(qpkg_tests);
  var tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'sysstat');
}

03 Oct 2023 00:00Current

7.4High risk

Vulners AI Score7.4

CVSS 3.17 - 7.8

EPSS0.01096

SSVC