Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2020-5766.NASL
HistorySep 07, 2023 - 12:00 a.m.

Oracle Linux 7 : Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes olcne (ELSA-2020-5766)

2023-09-0700:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
JSON

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2020-5766 advisory.

  • An improper link resolution vulnerability affects Kata Containers versions prior to 1.11.0. Upon container teardown, a malicious guest can trick the kata-runtime into unmounting any mount point on the host and all mount points underneath it, potentiality resulting in a host DoS. (CVE-2020-2024)

  • Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may also affect QEMU and Firecracker based guests. (CVE-2020-2025)

  • A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any host path, potentially allowing for code execution on the host. This issue affects: Kata Containers 1.11 versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; Kata Containers 1.9 and earlier versions. (CVE-2020-2026)

  • The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod.
    If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail. (CVE-2020-8557)

  • The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6 are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to escalate privileges from a node compromise to a full cluster compromise. (CVE-2020-8559)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2020-5766.
##

include('compat.inc');

if (description)
{
  script_id(180954);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/07");

  script_cve_id(
    "CVE-2020-2024",
    "CVE-2020-2025",
    "CVE-2020-2026",
    "CVE-2020-8557",
    "CVE-2020-8559"
  );

  script_name(english:"Oracle Linux 7 : Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes olcne (ELSA-2020-5766)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ELSA-2020-5766 advisory.

  - An improper link resolution vulnerability affects Kata Containers versions prior to 1.11.0. Upon container
    teardown, a malicious guest can trick the kata-runtime into unmounting any mount point on the host and all
    mount points underneath it, potentiality resulting in a host DoS. (CVE-2020-2024)

  - Kata Containers before 1.11.0 on Cloud Hypervisor persists guest filesystem changes to the underlying
    image file on the host. A malicious guest can overwrite the image file to gain control of all subsequent
    guest VMs. Since Kata Containers uses the same VM image file with all VMMs, this issue may also affect
    QEMU and Firecracker based guests. (CVE-2020-2025)

  - A malicious guest compromised before a container creation (e.g. a malicious guest image or a guest running
    multiple containers) can trick the kata runtime into mounting the untrusted container filesystem on any
    host path, potentially allowing for code execution on the host. This issue affects: Kata Containers 1.11
    versions earlier than 1.11.1; Kata Containers 1.10 versions earlier than 1.10.5; Kata Containers 1.9 and
    earlier versions. (CVE-2020-2026)

  - The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account
    for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by
    kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod.
    If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node
    and cause the node to fail. (CVE-2020-8557)

  - The Kubernetes kube-apiserver in versions v1.6-v1.15, and versions prior to v1.16.13, v1.17.9 and v1.18.6
    are vulnerable to an unvalidated redirect on proxied upgrade requests that could allow an attacker to
    escalate privileges from a node compromise to a full cluster compromise. (CVE-2020-8559)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2020-5766.html");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8559");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2020-2026");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/19");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/07/22");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kata");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kata-image");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kata-runtime");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kernel-uek-container");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kubeadm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kubectl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:kubelet");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:olcne-agent");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:olcne-api-server");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:olcne-nginx");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:olcne-utils");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:olcnectl");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Oracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("linux_alt_patch_detect.nasl", "ssh_get_info.nasl");
  script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");

  exit(0);
}


include('ksplice.inc');
include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_release = get_kb_item("Host/RedHat/release");
if (isnull(os_release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);
if ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);

var machine_uptrack_level = get_one_kb_item('Host/uptrack-uname-r');
if (machine_uptrack_level)
{
  var trimmed_uptrack_level = ereg_replace(string:machine_uptrack_level, pattern:"\.(x86_64|i[3-6]86|aarch64)$", replace:'');
  var fixed_uptrack_levels = ['4.14.35-1902.303.5.3.el7'];
  foreach var fixed_uptrack_level ( fixed_uptrack_levels ) {
    if (rpm_spec_vers_cmp(a:trimmed_uptrack_level, b:fixed_uptrack_level) >= 0)
    {
      audit(AUDIT_PATCH_INSTALLED, 'KSplice hotfix for ELSA-2020-5766');
    }
  }
  __rpm_report = 'Running KSplice level of ' + trimmed_uptrack_level + ' does not meet the minimum fixed level of ' + join(fixed_uptrack_levels, sep:' / ') + ' for this advisory.\n\n';
}

var kernel_major_minor = get_kb_item('Host/uname/major_minor');
if (empty_or_null(kernel_major_minor)) exit(1, 'Unable to determine kernel major-minor level.');
var expected_kernel_major_minor = '4.14';
if (kernel_major_minor != expected_kernel_major_minor)
  audit(AUDIT_OS_NOT, 'running kernel level ' + expected_kernel_major_minor + ', it is running kernel level ' + kernel_major_minor);

var pkgs = [
    {'reference':'kata-1.7.3-1.0.7.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kata-image-1.7.3-1.0.5.1.ol7_202007011859', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kata-runtime-1.7.3-1.0.5.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kernel-uek-container-4.14.35-1902.303.5.3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'kernel-uek-container-4.14.35'},
    {'reference':'kubeadm-1.14.9-1.0.6.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kubectl-1.14.9-1.0.6.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'kubelet-1.14.9-1.0.6.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'olcne-agent-1.0.5-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'olcne-api-server-1.0.5-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'olcne-nginx-1.0.5-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'olcne-utils-1.0.5-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'olcnectl-1.0.5-3.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release) {
    if (exists_check) {
        if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
    } else {
        if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
    }
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kata / kata-image / kata-runtime / etc');
}
VendorProductVersionCPE
oraclelinux7cpe:/o:oracle:linux:7
oraclelinuxkatap-cpe:/a:oracle:linux:kata
oraclelinuxkata-imagep-cpe:/a:oracle:linux:kata-image
oraclelinuxkata-runtimep-cpe:/a:oracle:linux:kata-runtime
oraclelinuxkernel-uek-containerp-cpe:/a:oracle:linux:kernel-uek-container
oraclelinuxkubeadmp-cpe:/a:oracle:linux:kubeadm
oraclelinuxkubectlp-cpe:/a:oracle:linux:kubectl
oraclelinuxkubeletp-cpe:/a:oracle:linux:kubelet
oraclelinuxolcne-agentp-cpe:/a:oracle:linux:olcne-agent
oraclelinuxolcne-api-serverp-cpe:/a:oracle:linux:olcne-api-server
Rows per page:
1-10 of 131

Related

oraclelinux 3
ibm 14
nessus 16
cve 5
osv 8
fedora 6
openvas 6
github 3
prion 5
veracode 4
gitlab 2
redhat 13
alpinelinux 2
hackerone 2
ubuntucve 2
debiancve 2
redhatcve 2
altlinux 1
githubexploit 2
cgr 1
wolfi 1
photon 5
kitploit 1
oraclelinux
oraclelinux
Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes olcne security update
2020-07-22 00:00:00
kubernetes security update
2020-07-22 00:00:00
Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes kubernetes istio olcne security update
2020-07-22 00:00:00
ibm
ibm
Security Bulletin: IBM Cloud Private is vulnerable to Kubernetes vulnerabilities (CVE-2020-8557, CVE-2020-8559)
2020-09-28 20:01:40
Security Bulletin: API Connect is vulnerable to denial of service via Kubernetes (CVE-2020-8557, CVE-2020-8559)
2020-10-08 01:32:33
Security Bulletin: Red Hat OpenShift on IBM Cloud is affected by a Kubernetes kubelet security vulnerability (CVE-2020-8557)
2020-10-09 17:08:16
nessus
nessus
Oracle Linux 7 : kubernetes (ELSA-2020-5767)
2023-09-07 00:00:00
Oracle Linux 7 : Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes kubernetes istio olcne (ELSA-2020-5765)
2023-09-07 00:00:00
Photon OS 3.0: Kubernetes PHSA-2020-3.0-0142
2020-09-21 00:00:00
cve
cve
CVE-2020-2025
2020-05-19 21:15:00
CVE-2020-8557
2020-07-23 17:15:00
CVE-2020-2026
2020-06-10 18:15:00
osv
osv
Link Following in Kata Runtime
2022-02-15 01:57:18
CVE-2020-8557
2020-07-23 17:15:12
Denial of service in Kubernetes
2024-04-24 20:01:31
fedora
fedora
[SECURITY] Fedora 31 Update: kata-osbuilder-1.11.1-1.fc31.1
2020-11-05 02:11:53
[SECURITY] Fedora 31 Update: kata-ksm-throttler-1.11.1-1.fc31.1
2020-11-05 02:11:52
[SECURITY] Fedora 31 Update: kata-proxy-1.11.1-1.fc31.1
2020-10-17 14:24:57
openvas
openvas
Fedora: Security Advisory for kata-proxy (FEDORA-2020-2f5879aeb6)
2020-10-18 00:00:00
Fedora: Security Advisory for kata-osbuilder (FEDORA-2020-61fcf3ffc7)
2020-11-05 00:00:00
Fedora: Security Advisory for kata-ksm-throttler (FEDORA-2020-15a1bde727)
2020-11-05 00:00:00
github
github
Link Following in Kata Runtime
2022-02-15 01:57:18
Denial of service in Kubernetes
2024-04-24 20:01:31
Privilege Escalation in Kubernetes
2024-04-24 20:01:22
prion
prion
Design/Logic Flaw
2020-05-19 21:15:00
Code injection
2020-07-23 17:15:00
Code injection
2020-06-10 18:15:00
veracode
veracode
Remote Code Execution (RCE)
2020-06-19 05:41:18
Denial Of Service (DoS)
2020-07-24 04:57:47
Privilege Escalation
2020-07-17 04:41:18
gitlab
gitlab
Uncontrolled Resource Consumption
2020-07-23 00:00:00
URL Redirection to Untrusted Site (Open Redirect)
2020-07-22 00:00:00
redhat
redhat
(RHSA-2020:3580) Moderate: OpenShift Container Platform 4.4.19 openshift-enterprise-hyperkube-container security update
2020-09-01 18:50:12
(RHSA-2020:3579) Moderate: OpenShift Container Platform 4.4.19 openshift security update
2020-09-01 18:32:13
(RHSA-2020:3520) Moderate: OpenShift Container Platform 4.5.7 openshift-enterprise-hyperkube-container security update
2020-08-24 15:02:11
alpinelinux
alpinelinux
CVE-2020-8557
2020-07-23 17:15:00
CVE-2020-8559
2020-07-22 14:15:00
hackerone
hackerone
Kubernetes: Node disk DOS by writing to container /etc/hosts
2020-05-07 07:11:29
Kubernetes: Compromise of node can lead to compromise of pods on other nodes
2020-05-01 12:26:35
ubuntucve
ubuntucve
CVE-2020-8557
2020-07-23 00:00:00
CVE-2020-8559
2020-07-22 00:00:00
debiancve
debiancve
CVE-2020-8557
2020-07-23 17:15:00
CVE-2020-8559
2020-07-22 14:15:00
redhatcve
redhatcve
CVE-2020-8557
2020-07-15 22:37:46
CVE-2020-8559
2020-07-15 22:07:40
altlinux
altlinux
Security fix for the ALT Linux 10 package kubernetes version 1.18.6-alt1
2020-07-24 00:00:00
githubexploit
githubexploit
Exploit for Open Redirect in Kubernetes
2020-07-22 08:36:41
Exploit for Open Redirect in Kubernetes
2020-07-22 05:13:01
cgr
cgr
CVE-2020-8559 vulnerabilities
2024-05-06 16:06:39
wolfi
wolfi
CVE-2020-8559 vulnerabilities
2024-05-06 09:06:33
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-1.0-0325
2020-09-19 00:00:00
Important Photon OS Security Update - PHSA-2020-0325
2020-09-19 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2020-2.0-0285
2020-09-19 00:00:00
kitploit
kitploit
Metarget - Framework Providing Automatic Constructions Of Vulnerable Infrastructures
2021-06-04 21:30:00
JSON
Related for ORACLELINUX_ELSA-2020-5766.NASL
oraclelinux3ibm14nessus16cve5osv8fedora6openvas6github3prion5veracode4gitlab2redhat13alpinelinux2hackerone2ubuntucve2debiancve2redhatcve2altlinux1githubexploit2cgr1wolfi1photon5kitploit1