Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2019-4813.NASLHistorySep 07, 2023 - 12:00 a.m.
Oracle Linux 7 : docker-engine (ELSA-2019-4813)
2023-09-0700:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2019-4813 advisory.
-
In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the docker build command would be able to gain command execution. An issue exists in the way docker build processes remote git URLs, and results in command injection into the underlying git clone command, leading to code execution in the context of the user executing the docker build command. This occurs because git ref can be misinterpreted as a flag. (CVE-2019-13139)
-
In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before 18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It potentially applies to other API users of the stack API if they resend the secret. (CVE-2019-13509)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2019-4813.
##
include('compat.inc');
if (description)
{
script_id(180634);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/07");
script_cve_id("CVE-2019-13139", "CVE-2019-13509");
script_name(english:"Oracle Linux 7 : docker-engine (ELSA-2019-4813)");
script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the
ELSA-2019-4813 advisory.
- In Docker before 18.09.4, an attacker who is capable of supplying or manipulating the build path for the
docker build command would be able to gain command execution. An issue exists in the way docker build
processes remote git URLs, and results in command injection into the underlying git clone command,
leading to code execution in the context of the user executing the docker build command. This occurs
because git ref can be misinterpreted as a flag. (CVE-2019-13139)
- In Docker CE and EE before 18.09.8 (as well as Docker EE before 17.06.2-ee-23 and 18.x before
18.03.1-ee-10), Docker Engine in debug mode may sometimes add secrets to the debug log. This applies to a
scenario where docker stack deploy is run to redeploy a stack that includes (non external) secrets. It
potentially applies to other API users of the stack API if they resend the secret. (CVE-2019-13509)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2019-4813.html");
script_set_attribute(attribute:"solution", value:
"Update the affected docker-engine package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-13509");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2019-13139");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/07/17");
script_set_attribute(attribute:"patch_publication_date", value:"2019/10/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/07");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:docker-engine");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Oracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_release = get_kb_item("Host/RedHat/release");
if (isnull(os_release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);
var pkgs = [
{'reference':'docker-engine-18.09.8.ol-1.0.4.el7', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'docker-engine-18.09.8.ol-1.0.4.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release) {
if (exists_check) {
if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
} else {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'docker-engine');
}
Related
amazon
amazon
Medium: docker
2019-11-04 18:12:00
nessus
nessus
Photon OS 3.0: Docker PHSA-2020-3.0-0085
2020-05-06 00:00:00
Amazon Linux AMI : docker (ALAS-2019-1316)
2019-11-07 00:00:00
Photon OS 2.0: Docker PHSA-2020-2.0-0235
2020-05-05 00:00:00
oraclelinux
oraclelinux
docker-engine security update
2019-10-03 00:00:00
photon
photon
Important Photon OS Security Update - PHSA-2020-0085
2020-05-02 00:00:00
Important Photon OS Security Update - PHSA-2020-3.0-0085
2020-05-02 00:00:00
osv
osv
docker.io - security update
2019-09-09 00:00:00
CVE-2019-13509
2019-07-18 16:15:11
Secret insertion into debug log in Docker
2022-05-24 16:50:40
debian
debian
[SECURITY] [DSA 4521-1] docker.io security update
2019-09-09 20:55:48
openvas
openvas
Debian: Security Advisory (DSA-4521-1)
2019-09-11 00:00:00
Docker < 18.09.8 Information Disclosure Vulnerability
2019-07-29 00:00:00
Fedora Update for docker FEDORA-2019-5b54793a4a
2019-08-29 00:00:00
alpinelinux
alpinelinux
CVE-2019-13509
2019-07-18 16:15:00
prion
prion
Design/Logic Flaw
2019-07-18 16:15:00
Command injection
2019-08-22 20:15:00
veracode
veracode
Information Disclosure
2020-05-10 23:25:40
Command Injection
2019-07-25 07:17:26
redhatcve
redhatcve
CVE-2019-13509
2019-07-23 11:21:44
CVE-2019-13139
2019-07-23 22:51:45
debiancve
debiancve
CVE-2019-13509
2019-07-18 16:15:00
CVE-2019-13139
2019-08-22 20:15:00
fedora
fedora
[SECURITY] Fedora 30 Update: docker-1.13.1-68.git47e2230.fc30
2019-08-27 15:28:34
[SECURITY] Fedora 29 Update: docker-1.13.1-68.git47e2230.fc29
2019-08-27 18:38:02
cbl_mariner
cbl_mariner
CVE-2019-13509 affecting package moby-buildx 0.4.1-3
2021-07-08 21:56:42
CVE-2019-13139 affecting package moby-buildx 0.4.1-3
2021-07-08 21:56:42
github
github
Secret insertion into debug log in Docker
2022-05-24 16:50:40
ubuntucve
ubuntucve
CVE-2019-13509
2019-07-18 00:00:00
CVE-2019-13139
2019-08-22 00:00:00
cve
cve
CVE-2019-13509
2019-07-18 16:15:00
CVE-2019-13139
2019-08-22 20:15:00
suse
suse
kitploit
kitploit
Related for ORACLELINUX_ELSA-2019-4813.NASL