The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-1796 advisory.
Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by default and do not require authentication. This issue affects Podman 1.8.0 onwards. (CVE-2021-20199)
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. (CVE-2020-29652)
Note that Nessus has not tested for this issue but has instead relied only on the applicationโs self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2021-1796.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(155323);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/23");
script_cve_id("CVE-2020-29652", "CVE-2021-20199");
script_name(english:"Oracle Linux 8 : container-tools:ol8 (ELSA-2021-1796)");
script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ELSA-2021-1796 advisory.
- Rootless containers run with Podman, receive all traffic with a source IP address of 127.0.0.1 (including
from remote hosts). This impacts containerized applications that trust localhost (127.0.01) connections by
default and do not require authentication. This issue affects Podman 1.8.0 onwards. (CVE-2021-20199)
- A nil pointer dereference in the golang.org/x/crypto/ssh component through
v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH
servers. (CVE-2020-29652)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2021-1796.html");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-20199");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/12/17");
script_set_attribute(attribute:"patch_publication_date", value:"2021/05/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/11/12");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:buildah");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:buildah-tests");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cockpit-podman");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:conmon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:container-selinux");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:containernetworking-plugins");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:containers-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:crit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:criu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:crun");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:fuse-overlayfs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libslirp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:libslirp-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:oci-seccomp-bpf-hook");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:podman");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:podman-catatonit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:podman-docker");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:podman-plugins");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:podman-remote");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:podman-tests");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python3-criu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:runc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:skopeo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:skopeo-tests");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:slirp4netns");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:udica");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Oracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
var os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);
var module_ver = get_kb_item('Host/RedHat/appstream/container-tools');
if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module container-tools:ol8');
if ('ol8' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module container-tools:' + module_ver);
var appstreams = {
'container-tools:ol8': [
{'reference':'buildah-1.19.7-1.0.1.module+el8.4.0+20157+b6591bfb', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'buildah-1.19.7-1.0.1.module+el8.4.0+20157+b6591bfb', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'buildah-tests-1.19.7-1.0.1.module+el8.4.0+20157+b6591bfb', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'buildah-tests-1.19.7-1.0.1.module+el8.4.0+20157+b6591bfb', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'cockpit-podman-29-2.module+el8.4.0+20157+b6591bfb', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'conmon-2.0.26-1.module+el8.4.0+20157+b6591bfb', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'conmon-2.0.26-1.module+el8.4.0+20157+b6591bfb', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'container-selinux-2.158.0-1.module+el8.4.0+20157+b6591bfb', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'containernetworking-plugins-0.9.1-1.module+el8.4.0+20157+b6591bfb', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'containernetworking-plugins-0.9.1-1.module+el8.4.0+20157+b6591bfb', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'containers-common-1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'containers-common-1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'crit-3.15-1.module+el8.4.0+20157+b6591bfb', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'crit-3.15-1.module+el8.4.0+20157+b6591bfb', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'criu-3.15-1.module+el8.4.0+20157+b6591bfb', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'criu-3.15-1.module+el8.4.0+20157+b6591bfb', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'crun-0.18-1.module+el8.4.0+20157+b6591bfb', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'crun-0.18-1.module+el8.4.0+20157+b6591bfb', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'fuse-overlayfs-1.4.0-2.module+el8.4.0+20157+b6591bfb', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'fuse-overlayfs-1.4.0-2.module+el8.4.0+20157+b6591bfb', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libslirp-4.3.1-1.module+el8.4.0+20157+b6591bfb', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libslirp-4.3.1-1.module+el8.4.0+20157+b6591bfb', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libslirp-devel-4.3.1-1.module+el8.4.0+20157+b6591bfb', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libslirp-devel-4.3.1-1.module+el8.4.0+20157+b6591bfb', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'oci-seccomp-bpf-hook-1.2.0-2.module+el8.4.0+20157+b6591bfb', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'oci-seccomp-bpf-hook-1.2.0-2.module+el8.4.0+20157+b6591bfb', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-catatonit-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-catatonit-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-docker-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-plugins-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-plugins-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-remote-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-remote-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-tests-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-tests-3.0.1-6.0.1.module+el8.4.0+20157+b6591bfb', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-criu-3.15-1.module+el8.4.0+20157+b6591bfb', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-criu-3.15-1.module+el8.4.0+20157+b6591bfb', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'runc-1.0.0-70.rc92.module+el8.4.0+20157+b6591bfb', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'runc-1.0.0-70.rc92.module+el8.4.0+20157+b6591bfb', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'skopeo-1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'skopeo-1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'skopeo-tests-1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'skopeo-tests-1.2.2-8.0.1.module+el8.4.0+20157+b6591bfb', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'slirp4netns-1.1.8-1.module+el8.4.0+20157+b6591bfb', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'slirp4netns-1.1.8-1.module+el8.4.0+20157+b6591bfb', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'udica-0.2.4-1.module+el8.4.0+20157+b6591bfb', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
]
};
var flag = 0;
var appstreams_found = 0;
foreach var module (keys(appstreams)) {
var appstream = NULL;
var appstream_name = NULL;
var appstream_version = NULL;
var appstream_split = split(module, sep:':', keep:FALSE);
if (!empty_or_null(appstream_split)) {
appstream_name = appstream_split[0];
appstream_version = appstream_split[1];
if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);
}
if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
appstreams_found++;
foreach var package_array ( appstreams[module] ) {
var reference = NULL;
var release = NULL;
var sp = NULL;
var cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (reference && release) {
if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
}
if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module container-tools:ol8');
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'buildah / buildah-tests / cockpit-podman / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
oracle | linux | 8 | cpe:/o:oracle:linux:8 |
oracle | linux | buildah | p-cpe:/a:oracle:linux:buildah |
oracle | linux | buildah-tests | p-cpe:/a:oracle:linux:buildah-tests |
oracle | linux | cockpit-podman | p-cpe:/a:oracle:linux:cockpit-podman |
oracle | linux | conmon | p-cpe:/a:oracle:linux:conmon |
oracle | linux | container-selinux | p-cpe:/a:oracle:linux:container-selinux |
oracle | linux | containernetworking-plugins | p-cpe:/a:oracle:linux:containernetworking-plugins |
oracle | linux | containers-common | p-cpe:/a:oracle:linux:containers-common |
oracle | linux | crit | p-cpe:/a:oracle:linux:crit |
oracle | linux | criu | p-cpe:/a:oracle:linux:criu |