Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.MARINER_PYTORCH_CVE-2022-25882.NASLHistoryApr 20, 2023 - 12:00 a.m.
CBL Mariner 2.0 Security Update: pytorch (CVE-2022-25882)
2023-04-2000:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
The version of pytorch installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-25882 advisory.
- Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data field of the tensor proto can have a path to the file which is outside the model current directory or user-provided directory, for example …/…/…/etc/passwd (CVE-2022-25882)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(174545);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/20");
script_cve_id("CVE-2022-25882");
script_name(english:"CBL Mariner 2.0 Security Update: pytorch (CVE-2022-25882)");
script_set_attribute(attribute:"synopsis", value:
"The remote CBL Mariner host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The version of pytorch installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore,
affected by a vulnerability as referenced in the CVE-2022-25882 advisory.
- Versions of the package onnx before 1.13.0 are vulnerable to Directory Traversal as the external_data
field of the tensor proto can have a path to the file which is outside the model current directory or
user-provided directory, for example ../../../etc/passwd (CVE-2022-25882)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://nvd.nist.gov/vuln/detail/CVE-2022-25882");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-25882");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/01/26");
script_set_attribute(attribute:"patch_publication_date", value:"2023/04/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/20");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:python3-pytorch");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:python3-pytorch-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:microsoft:cbl-mariner:pytorch-debuginfo");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:microsoft:cbl-mariner");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"MarinerOS Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/CBLMariner/release", "Host/CBLMariner/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/CBLMariner/release');
if (isnull(release) || 'CBL-Mariner' >!< release) audit(AUDIT_OS_NOT, 'CBL-Mariner');
var os_ver = pregmatch(pattern: "CBL-Mariner ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CBL-Mariner');
os_ver = os_ver[1];
if (! preg(pattern:"^2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'CBL-Mariner 2.0', 'CBL-Mariner ' + os_ver);
if (!get_kb_item('Host/CBLMariner/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu)
audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CBL-Mariner', cpu);
var pkgs = [
{'reference':'python3-pytorch-2.0.0-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-pytorch-2.0.0-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-pytorch-doc-2.0.0-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-pytorch-doc-2.0.0-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'pytorch-debuginfo-2.0.0-1.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},
{'reference':'pytorch-debuginfo-2.0.0-1.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'CBLMariner-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-pytorch / python3-pytorch-doc / pytorch-debuginfo');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| microsoft | cbl-mariner | x-cpe:/o:microsoft:cbl-mariner | |
| microsoft | cbl-mariner | python3-pytorch | p-cpe:/a:microsoft:cbl-mariner:python3-pytorch |
| microsoft | cbl-mariner | python3-pytorch-doc | p-cpe:/a:microsoft:cbl-mariner:python3-pytorch-doc |
| microsoft | cbl-mariner | pytorch-debuginfo | p-cpe:/a:microsoft:cbl-mariner:pytorch-debuginfo |
Related
prion
prion
Directory traversal
2023-01-26 21:15:00
Directory traversal
2024-02-23 18:15:00
osv
osv
PYSEC-2023-38
2023-01-26 21:15:00
CVE-2022-25882
2023-01-26 21:15:31
Directory Traversal in onnx
2023-01-26 21:30:25
github
github
Directory Traversal in onnx
2023-01-26 21:30:25
Onnx Directory Traversal vulnerability
2024-02-23 18:30:59
veracode
veracode
Directory Traversal
2023-01-31 03:43:00
ubuntucve
ubuntucve
CVE-2022-25882
2023-01-26 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-25882 affecting package pytorch for versions less than 2.0.0-1
2023-04-16 00:49:41
cve
cve
CVE-2022-25882
2023-01-26 21:15:31
CVE-2024-27318
2024-02-23 18:15:50
nessus
nessus
Fedora 39 : onnx (2024-270e3b5e9b)
2024-03-28 00:00:00
Fedora 40 : onnx (2024-abe1e34fdb)
2024-04-29 00:00:00
Related for MARINER_PYTORCH_CVE-2022-25882.NASL