Lucene search
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2021-0162.NASLHistoryJan 19, 2021 - 12:00 a.m.
Oracle Linux 7 : xstream (ELSA-2021-0162)
2021-01-1900:00:00
This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
8.6 High
AI Score
Confidence
High
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-0162 advisory.
- XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who rely on blocklists are affected. Anyone using XStream’s Security Framework allowlist is not affected. The linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version 1.4.14. (CVE-2020-26217)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2021-0162.
##
include('compat.inc');
if (description)
{
script_id(145080);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/30");
script_cve_id("CVE-2020-26217");
script_xref(name:"CEA-ID", value:"CEA-2021-0025");
script_name(english:"Oracle Linux 7 : xstream (ELSA-2021-0162)");
script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the
ELSA-2021-0162 advisory.
- XStream before version 1.4.14 is vulnerable to Remote Code Execution.The vulnerability may allow a remote
attacker to run arbitrary shell commands only by manipulating the processed input stream. Only users who
rely on blocklists are affected. Anyone using XStream's Security Framework allowlist is not affected. The
linked advisory provides code workarounds for users who cannot upgrade. The issue is fixed in version
1.4.14. (CVE-2020-26217)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2021-0162.html");
script_set_attribute(attribute:"solution", value:
"Update the affected xstream and / or xstream-javadoc packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-26217");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/11/16");
script_set_attribute(attribute:"patch_publication_date", value:"2021/01/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/01/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:xstream");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:xstream-javadoc");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Oracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);
if ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);
pkgs = [
{'reference':'xstream-1.3.1-12.el7_9', 'release':'7'},
{'reference':'xstream-javadoc-1.3.1-12.el7_9', 'release':'7'}
];
flag = 0;
foreach package_array ( pkgs ) {
reference = NULL;
release = NULL;
sp = NULL;
cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
rpm_prefix = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];
if (reference && release) {
if (rpm_prefix) {
if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
} else {
if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'xstream / xstream-javadoc');
}Related
checkpoint_advisories
checkpoint_advisories
XStream Remote Code Execution (CVE-2020-26217)
2020-12-21 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2020-11-17 05:32:23
ibm
ibm
oraclelinux
oraclelinux
xstream security update
2021-01-19 00:00:00
osv
osv
CVE-2020-26217
2020-11-16 21:15:12
BIT-activemq-2020-26217
2024-03-06 10:51:03
libxstream-java - security update
2020-12-15 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-2471-1)
2020-12-02 00:00:00
Debian: Security Advisory (DSA-4811-1)
2020-12-16 00:00:00
CentOS: Security Advisory for xstream (CESA-2021:0162)
2021-01-27 00:00:00
debiancve
debiancve
CVE-2020-26217
2020-11-16 21:15:00
nessus
nessus
CentOS 7 : xstream (CESA-2021:0162)
2021-01-26 00:00:00
RHEL 7 : xstream (RHSA-2021:0162)
2021-01-19 00:00:00
Scientific Linux Security Update : xstream on SL7.x (noarch) (2021:0162)
2021-01-26 00:00:00
redhat
redhat
(RHSA-2021:0106) Important: Red Hat Decision Manager 7.9.1 security update
2021-01-13 16:51:52
(RHSA-2021:0162) Important: xstream security update
2021-01-18 09:12:59
atlassian
atlassian
prion
prion
Remote code execution
2020-11-16 21:15:00
amazon
amazon
Important: xstream
2021-01-25 23:09:00
debian
debian
[SECURITY] [DSA 4811-1] libxstream-java security update
2020-12-15 12:12:12
[SECURITY] [DLA 2471-1] libxstream-java security update
2020-12-01 03:37:05
centos
centos
xstream security update
2021-01-25 14:08:47
ubuntucve
ubuntucve
CVE-2020-26217
2020-11-16 00:00:00
githubexploit
githubexploit
Exploit for OS Command Injection in Xstream Project Xstream
2020-12-08 07:58:41
Exploit for OS Command Injection in Xstream Project Xstream
2021-01-22 09:56:11
Exploit for OS Command Injection in Xstream Project Xstream
2020-12-13 17:39:11
nuclei
nuclei
XStream <1.4.14 - Remote Code Execution
2023-03-12 03:38:05
cve
cve
CVE-2020-26217
2020-11-16 21:15:00
github
github
XStream can be used for Remote Code Execution
2020-11-16 20:07:59
redhatcve
redhatcve
CVE-2020-26217
2020-11-18 10:26:26
suse
suse
Security update for xstream (important)
2021-01-22 00:00:00
ubuntu
ubuntu
XStream vulnerabilities
2021-01-28 00:00:00
XStream vulnerabilities
2021-05-11 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2021
2021-07-20 00:00:00
Oracle Critical Patch Update Advisory - October 2021
2021-10-19 00:00:00
Oracle Critical Patch Update Advisory - April 2021
2021-04-20 00:00:00