The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2020-4542 advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2020-4542.
##
include('compat.inc');
if (description)
{
script_id(142760);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/11/13");
script_cve_id("CVE-2020-14382");
script_name(english:"Oracle Linux 8 : cryptsetup (ELSA-2020-4542)");
script_summary(english:"Checks the rpm output for the updated packages");
script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the
ELSA-2020-4542 advisory.
- A vulnerability was found in upstream release cryptsetup-2.2.0 where, there's a bug in LUKS2 format
validation code, that is effectively invoked on every device/image presenting itself as LUKS2 container.
The bug is in segments validation code in file 'lib/luks2/luks2_json_metadata.c' in function
hdr_validate_segments(struct crypt_device *cd, json_object *hdr_jobj) where the code does not check for
possible overflow on memory allocation used for intervals array (see statement intervals =
malloc(first_backup * sizeof(*intervals));). Due to the bug, library can be *tricked* to expect such
allocation was successful but for far less memory then originally expected. Later it may read data FROM
image crafted by an attacker and actually write such data BEYOND allocated memory. (CVE-2020-14382)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2020-4542.html");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-14382");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/09/16");
script_set_attribute(attribute:"patch_publication_date", value:"2020/11/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/11/12");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cryptsetup");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cryptsetup-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cryptsetup-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cryptsetup-reencrypt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:integritysetup");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:veritysetup");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Oracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);
pkgs = [
{'reference':'cryptsetup-2.3.3-2.el8', 'cpu':'aarch64', 'release':'8'},
{'reference':'cryptsetup-2.3.3-2.el8', 'cpu':'x86_64', 'release':'8'},
{'reference':'cryptsetup-devel-2.3.3-2.el8', 'cpu':'aarch64', 'release':'8'},
{'reference':'cryptsetup-devel-2.3.3-2.el8', 'cpu':'i686', 'release':'8'},
{'reference':'cryptsetup-devel-2.3.3-2.el8', 'cpu':'x86_64', 'release':'8'},
{'reference':'cryptsetup-libs-2.3.3-2.el8', 'cpu':'aarch64', 'release':'8'},
{'reference':'cryptsetup-libs-2.3.3-2.el8', 'cpu':'i686', 'release':'8'},
{'reference':'cryptsetup-libs-2.3.3-2.el8', 'cpu':'x86_64', 'release':'8'},
{'reference':'cryptsetup-reencrypt-2.3.3-2.el8', 'cpu':'aarch64', 'release':'8'},
{'reference':'cryptsetup-reencrypt-2.3.3-2.el8', 'cpu':'x86_64', 'release':'8'},
{'reference':'integritysetup-2.3.3-2.el8', 'cpu':'aarch64', 'release':'8'},
{'reference':'integritysetup-2.3.3-2.el8', 'cpu':'x86_64', 'release':'8'},
{'reference':'veritysetup-2.3.3-2.el8', 'cpu':'aarch64', 'release':'8'},
{'reference':'veritysetup-2.3.3-2.el8', 'cpu':'x86_64', 'release':'8'}
];
flag = 0;
foreach package_array ( pkgs ) {
reference = NULL;
release = NULL;
sp = NULL;
cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
rpm_prefix = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];
if (reference && release) {
if (rpm_prefix) {
if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
} else {
if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cryptsetup / cryptsetup-devel / cryptsetup-libs / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
oracle | linux | 8 | cpe:/o:oracle:linux:8 |
oracle | linux | cryptsetup | p-cpe:/a:oracle:linux:cryptsetup |
oracle | linux | cryptsetup-devel | p-cpe:/a:oracle:linux:cryptsetup-devel |
oracle | linux | cryptsetup-libs | p-cpe:/a:oracle:linux:cryptsetup-libs |
oracle | linux | cryptsetup-reencrypt | p-cpe:/a:oracle:linux:cryptsetup-reencrypt |
oracle | linux | integritysetup | p-cpe:/a:oracle:linux:integritysetup |
oracle | linux | veritysetup | p-cpe:/a:oracle:linux:veritysetup |