Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.NUTANIX_NXSA-AOS-5_19_1_5.NASL
HistorySep 01, 2022 - 12:00 a.m.

Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.19.1.5)

2022-09-0100:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18

8.6 High

AI Score

Confidence

High

JSON

The version of AOS installed on the remote host is prior to 5.19.1.5. It is, therefore, affected by multiple vulnerabilities as referenced in the NXSA-AOS-5.19.1.5 advisory.

  • Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB provides the ability to run arbitrary commands as root. (CVE-2020-15862)

  • Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which allows privilege escalation to root via sudoedit -s and a command-line argument that ends with a single backslash character. (CVE-2021-3156)

  • A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is exploitable by any local user who can execute the sudo command without authentication. Successful exploitation of this flaw could lead to privilege escalation. (CVE-2021-3156)

  • The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi- byte input sequences in the EUC-KR encoding, may have a buffer over-read. (CVE-2019-25013)

  • The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. (CVE-2020-10029)

  • sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack- based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of Fixed for glibc 2.33 in the 26649 reference.
    (CVE-2020-29573)

  • Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain privileges or cause a denial of service by leveraging improper access to a certain error field.
    (CVE-2020-15436)

  • A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system) functionality was found in the way user create and delete object using NFSv4.2 or newer if both simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to the NFS could use this flaw to starve the resources causing denial of service. (CVE-2020-35513)

  • Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular expression quantifiers have an integer overflow. (CVE-2020-10543)

  • Perl before 5.30.3 has an integer overflow related to mishandling of a PL_regkind[OP(n)] == NOTHING situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction injection. (CVE-2020-10878)

  • regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of recursive S_study_chunk calls. (CVE-2020-12723)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(164609);
  script_version("1.8");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/07");

  script_cve_id(
    "CVE-2019-25013",
    "CVE-2020-10029",
    "CVE-2020-10543",
    "CVE-2020-10878",
    "CVE-2020-12723",
    "CVE-2020-15436",
    "CVE-2020-15862",
    "CVE-2020-29573",
    "CVE-2020-35513",
    "CVE-2021-3156"
  );
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/04/27");
  script_xref(name:"CEA-ID", value:"CEA-2021-0004");
  script_xref(name:"CEA-ID", value:"CEA-2021-0025");

  script_name(english:"Nutanix AOS : Multiple Vulnerabilities (NXSA-AOS-5.19.1.5)");

  script_set_attribute(attribute:"synopsis", value:
"The Nutanix AOS host is affected by multiple vulnerabilities .");
  script_set_attribute(attribute:"description", value:
"The version of AOS installed on the remote host is prior to 5.19.1.5. It is, therefore, affected by multiple
vulnerabilities as referenced in the NXSA-AOS-5.19.1.5 advisory.

  - Net-SNMP through 5.8 has Improper Privilege Management because SNMP WRITE access to the EXTEND MIB
    provides the ability to run arbitrary commands as root. (CVE-2020-15862)

  - Sudo before 1.9.5p2 contains an off-by-one error that can result in a heap-based buffer overflow, which
    allows privilege escalation to root via sudoedit -s and a command-line argument that ends with a single
    backslash character. (CVE-2021-3156)

  - A heap-based buffer overflow was found in the way sudo parses command line arguments. This flaw is
    exploitable by any local user who can execute the sudo command without authentication. Successful
    exploitation of this flaw could lead to privilege escalation.  (CVE-2021-3156)

  - The iconv feature in the GNU C Library (aka glibc or libc6) through 2.32, when processing invalid multi-
    byte input sequences in the EUC-KR encoding, may have a buffer over-read. (CVE-2019-25013)

  - The GNU C Library (aka glibc or libc6) before 2.32 could overflow an on-stack buffer during range
    reduction if an input to an 80-bit long double function contains a non-canonical bit pattern, a seen when
    passing a 0x5d414141414141410000 value to sinl on x86 targets. This is related to
    sysdeps/ieee754/ldbl-96/e_rem_pio2l.c. (CVE-2020-10029)

  - sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-
    based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with
    a non-canonical bit pattern, as seen when passing a \x00\x04\x00\x00\x00\x00\x00\x00\x00\x04 value to
    sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because
    of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words,
    the reference to 2.23 is intentional despite the mention of Fixed for glibc 2.33 in the 26649 reference.
    (CVE-2020-29573)

  - Use-after-free vulnerability in fs/block_dev.c in the Linux kernel before 5.8 allows local users to gain
    privileges or cause a denial of service by leveraging improper access to a certain error field.
    (CVE-2020-15436)

  - A flaw incorrect umask during file or directory modification in the Linux kernel NFS (network file system)
    functionality was found in the way user create and delete object using NFSv4.2 or newer if both
    simultaneously accessing the NFS by the other process that is not using new NFSv4.2. A user with access to
    the NFS could use this flaw to starve the resources causing denial of service. (CVE-2020-35513)

  - Perl before 5.30.3 on 32-bit platforms allows a heap-based buffer overflow because nested regular
    expression quantifiers have an integer overflow. (CVE-2020-10543)

  - Perl before 5.30.3 has an integer overflow related to mishandling of a PL_regkind[OP(n)] == NOTHING
    situation. A crafted regular expression could lead to malformed bytecode with a possibility of instruction
    injection. (CVE-2020-10878)

  - regcomp.c in Perl before 5.30.3 allows a buffer overflow via a crafted regular expression because of
    recursive S_study_chunk calls. (CVE-2020-12723)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  # https://portal.nutanix.com/page/documents/security-advisories/release-advisories/details?id=NXSA-AOS-5.19.1.5
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?51f492e8");
  script_set_attribute(attribute:"solution", value:
"Update the Nutanix AOS software to recommended version.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-10878");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"metasploit_name", value:'Sudo Heap-Based Buffer Overflow');
  script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:"CANVAS");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/03/04");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/08/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/09/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:nutanix:aos");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("nutanix_collect.nasl");
  script_require_keys("Host/Nutanix/Data/lts", "Host/Nutanix/Data/Service", "Host/Nutanix/Data/Version", "Host/Nutanix/Data/arch");

  exit(0);
}

include('vcf.inc');
include('vcf_extras.inc');

var app_info = vcf::nutanix::get_app_info();

var constraints = [
  { 'fixed_version' : '5.19.1.5', 'product' : 'AOS', 'fixed_display' : 'Upgrade the AOS install to 5.19.1.5 or higher.', 'lts' : FALSE },
  { 'fixed_version' : '5.19.1.5', 'product' : 'NDFS', 'fixed_display' : 'Upgrade the AOS install to 5.19.1.5 or higher.', 'lts' : FALSE }
];

vcf::nutanix::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_HOLE
);
VendorProductVersionCPE
nutanixaoscpe:/o:nutanix:aos

Related

nessus 87
redhat 19
aix 1
cloudfoundry 1
ubuntu 2
fedora 2
openvas 3
mageia 1
gentoo 1
ibm 8
oraclelinux 8
osv 9
centos 2
suse 2
amazon 3
rocky 1
photon 9
almalinux 2
cve 5
debiancve 6
prion 6
redhatcve 4
veracode 6
cbl_mariner 1
ubuntucve 5
f5 2
hackerone 1
alpinelinux 1
cloudlinux 1
nessus
nessus
Nutanix AHV : Multiple Vulnerabilities (NXSA-AHV-20201105.1082)
2022-09-01 00:00:00
RHEL 7 : perl (RHSA-2021:0883)
2021-03-17 00:00:00
EulerOS Virtualization for ARM 64 3.0.2.0 : perl (EulerOS-SA-2020-1967)
2020-09-08 00:00:00
redhat
redhat
(RHSA-2021:0607) Moderate: Red Hat Advanced Cluster Management 2.1.3 security and bug fix update
2021-02-17 16:49:27
(RHSA-2021:0348) Moderate: glibc security and bug fix update
2021-02-02 09:29:25
(RHSA-2021:0883) Moderate: perl security update
2021-03-16 13:08:30
aix
aix
There are vulnerabilities in Perl that affect AIX.
2020-12-09 16:36:39
cloudfoundry
cloudfoundry
USN-4602-1: Perl vulnerabilities | Cloud Foundry
2021-03-09 00:00:00
ubuntu
ubuntu
Perl vulnerabilities
2020-10-27 00:00:00
Perl vulnerabilities
2020-10-26 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: perl-5.30.3-452.fc31
2020-06-16 01:19:13
[SECURITY] Fedora 32 Update: perl-5.30.3-453.fc32
2020-06-05 02:32:03
openvas
openvas
openSUSE: Security Advisory for perl (openSUSE-SU-2020:0850-1)
2020-06-23 00:00:00
Fedora: Security Advisory for perl (FEDORA-2020-fd73c08076)
2020-06-23 00:00:00
Fedora: Security Advisory for perl (FEDORA-2020-4021bf2ae8)
2020-06-07 00:00:00
mageia
mageia
Updated perl packages fix security vulnerability
2020-06-11 02:59:36
gentoo
gentoo
Perl: Multiple vulnerabilities
2020-06-12 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multiple vulnerabilities in Perl
2023-07-11 13:31:52
Security Bulletin: Vulnerabilities in Perl affect AIX (CVE-2020-10543, CVE-2020-10878, and CVE-2020-12723)
2021-03-04 17:37:08
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to multiple Base OS issues
2023-12-01 16:06:59
oraclelinux
oraclelinux
perl security update
2021-02-03 00:00:00
glibc security and bug fix update
2021-02-05 00:00:00
perl security update
2021-05-20 00:00:00
osv
osv
perl vulnerabilities
2020-10-26 11:11:53
perl vulnerabilities
2020-10-27 14:02:08
Moderate: perl security and bug fix update
2021-05-18 05:49:06
centos
centos
glibc, nscd security update
2021-02-04 01:02:29
perl security update
2021-02-04 01:04:16
suse
suse
Security update for perl (important)
2020-06-23 00:00:00
Security update for glibc (important)
2021-02-28 00:00:00
amazon
amazon
Medium: perl
2021-02-19 01:26:00
Medium: glibc
2021-07-08 18:38:00
Important: net-snmp
2021-01-05 23:34:00
rocky
rocky
perl security and bug fix update
2021-05-18 05:49:06
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0302
2020-06-23 00:00:00
Important Photon OS Security Update - PHSA-2020-0104
2020-06-23 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0315
2021-01-28 00:00:00
almalinux
almalinux
Moderate: perl security and bug fix update
2021-05-18 05:49:06
Moderate: perl security update
2021-02-16 07:35:46
cve
cve
CVE-2020-35513
2021-01-26 18:15:00
CVE-2020-29573
2020-12-06 00:15:00
CVE-2020-15436
2020-11-23 21:15:00
debiancve
debiancve
CVE-2020-35513
2021-01-26 18:15:00
CVE-2020-29573
2020-12-06 00:15:00
CVE-2020-15436
2020-11-23 21:15:00
prion
prion
Design/Logic Flaw
2021-01-26 18:15:00
Design/Logic Flaw
2020-11-23 21:15:00
Stack overflow
2020-12-06 00:15:00
redhatcve
redhatcve
CVE-2020-35513
2021-01-25 11:53:32
CVE-2020-15436
2020-11-24 16:51:35
CVE-2020-29573
2020-12-07 18:59:25
veracode
veracode
Privilege Escalation
2020-12-06 02:27:38
Denial Of Service (DoS)
2021-02-05 03:55:23
Denial Of Service (DoS)
2020-08-06 21:34:50
cbl_mariner
cbl_mariner
CVE-2020-15436 affecting package kernel 5.4.91-6
2021-01-29 07:40:05
ubuntucve
ubuntucve
CVE-2020-29573
2020-12-06 00:00:00
CVE-2020-35513
2021-01-26 00:00:00
CVE-2020-12723
2020-06-01 00:00:00
f5
f5
K27238230 : glibc vulnerability CVE-2020-29573
2021-03-10 00:00:00
K44318398 : Net-SNMP vulnerability CVE-2020-15862
2021-04-23 00:00:00
hackerone
hackerone
Internet Bug Bounty: [CVE-2020-10543] Buffer overflow caused by a crafted regular expression
2020-06-01 23:58:45
alpinelinux
alpinelinux
CVE-2020-10543
2020-06-05 14:15:00
cloudlinux
cloudlinux
Fixed CVE-2020-12723 in perl-5.10.1
2022-07-11 17:36:45

8.6 High

AI Score

Confidence

High

JSON
Related for NUTANIX_NXSA-AOS-5_19_1_5.NASL
nessus87redhat19aix1cloudfoundry1ubuntu2fedora2openvas3mageia1gentoo1ibm8oraclelinux8osv9centos2suse2amazon3rocky1photon9almalinux2cve5debiancve6prion6redhatcve4veracode6cbl_mariner1ubuntucve5f52hackerone1alpinelinux1cloudlinux1