Lucene search
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2022-1566.NASLHistoryApr 28, 2022 - 12:00 a.m.
Oracle Linux 8 : container-tools:2.0 (ELSA-2022-1566)
2022-04-2800:00:00
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2022-1566 advisory.
-
A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions.
A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non- empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
(CVE-2022-27649) -
A flaw was found in buildah where containers were incorrectly started with non-empty default permissions.
A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the potential to impact confidentiality and integrity. (CVE-2022-27651)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2022-1566.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(160310);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/04/28");
script_cve_id("CVE-2022-27649", "CVE-2022-27651");
script_name(english:"Oracle Linux 8 : container-tools:2.0 (ELSA-2022-1566)");
script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the
ELSA-2022-1566 advisory.
- A flaw was found in Podman, where containers were started incorrectly with non-empty default permissions.
A vulnerability was found in Moby (Docker Engine), where containers were started incorrectly with non-
empty inheritable Linux process capabilities. This flaw allows an attacker with access to programs with
inheritable file capabilities to elevate those capabilities to the permitted set when execve(2) runs.
(CVE-2022-27649)
- A flaw was found in buildah where containers were incorrectly started with non-empty default permissions.
A bug was found in Moby (Docker Engine) where containers were incorrectly started with non-empty
inheritable Linux process capabilities, enabling an attacker with access to programs with inheritable file
capabilities to elevate those capabilities to the permitted set when execve(2) runs. This has the
potential to impact confidentiality and integrity. (CVE-2022-27651)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2022-1566.html");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-27649");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/04/04");
script_set_attribute(attribute:"patch_publication_date", value:"2022/04/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/04/28");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:buildah");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:buildah-tests");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:cockpit-podman");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:conmon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:container-selinux");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:containernetworking-plugins");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:containers-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:crit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:criu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:fuse-overlayfs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:podman");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:podman-docker");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:podman-remote");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:podman-tests");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python-podman-api");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:python3-criu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:runc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:skopeo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:skopeo-tests");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:slirp4netns");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:udica");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Oracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
var os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);
var module_ver = get_kb_item('Host/RedHat/appstream/container-tools');
if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module container-tools:2.0');
if ('2.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module container-tools:' + module_ver);
var appstreams = {
'container-tools:2.0': [
{'reference':'buildah-1.11.6-10.0.1.module+el8.5.0+20636+305c97cc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'buildah-1.11.6-10.0.1.module+el8.5.0+20636+305c97cc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'buildah-tests-1.11.6-10.0.1.module+el8.5.0+20636+305c97cc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'buildah-tests-1.11.6-10.0.1.module+el8.5.0+20636+305c97cc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'cockpit-podman-11-1.module+el8.5.0+20636+305c97cc', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'conmon-2.0.15-1.module+el8.5.0+20636+305c97cc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'conmon-2.0.15-1.module+el8.5.0+20636+305c97cc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'container-selinux-2.130.0-1.module+el8.5.0+20636+305c97cc', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'containernetworking-plugins-0.8.3-4.0.1.module+el8.5.0+20636+305c97cc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'containernetworking-plugins-0.8.3-4.0.1.module+el8.5.0+20636+305c97cc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'containers-common-0.1.41-4.0.1.module+el8.5.0+20636+305c97cc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'containers-common-0.1.41-4.0.1.module+el8.5.0+20636+305c97cc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'crit-3.12-9.module+el8.5.0+20636+305c97cc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'crit-3.12-9.module+el8.5.0+20636+305c97cc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'criu-3.12-9.module+el8.5.0+20636+305c97cc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'criu-3.12-9.module+el8.5.0+20636+305c97cc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'fuse-overlayfs-0.7.8-1.module+el8.5.0+20636+305c97cc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'fuse-overlayfs-0.7.8-1.module+el8.5.0+20636+305c97cc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-1.6.4-28.0.1.module+el8.5.0+20636+305c97cc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-1.6.4-28.0.1.module+el8.5.0+20636+305c97cc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-docker-1.6.4-28.0.1.module+el8.5.0+20636+305c97cc', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-remote-1.6.4-28.0.1.module+el8.5.0+20636+305c97cc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-remote-1.6.4-28.0.1.module+el8.5.0+20636+305c97cc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-tests-1.6.4-28.0.1.module+el8.5.0+20636+305c97cc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-tests-1.6.4-28.0.1.module+el8.5.0+20636+305c97cc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python-podman-api-1.2.0-0.2.gitd0a45fe.module+el8.5.0+20636+305c97cc', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-criu-3.12-9.module+el8.5.0+20636+305c97cc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-criu-3.12-9.module+el8.5.0+20636+305c97cc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'runc-1.0.0-66.rc10.module+el8.5.0+20636+305c97cc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'runc-1.0.0-66.rc10.module+el8.5.0+20636+305c97cc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'skopeo-0.1.41-4.0.1.module+el8.5.0+20636+305c97cc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'skopeo-0.1.41-4.0.1.module+el8.5.0+20636+305c97cc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'skopeo-tests-0.1.41-4.0.1.module+el8.5.0+20636+305c97cc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'skopeo-tests-0.1.41-4.0.1.module+el8.5.0+20636+305c97cc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'slirp4netns-0.4.2-3.git21fdece.module+el8.5.0+20636+305c97cc', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'slirp4netns-0.4.2-3.git21fdece.module+el8.5.0+20636+305c97cc', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'udica-0.2.1-2.module+el8.5.0+20636+305c97cc', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
]
};
var flag = 0;
var appstreams_found = 0;
foreach var module (keys(appstreams)) {
var appstream = NULL;
var appstream_name = NULL;
var appstream_version = NULL;
var appstream_split = split(module, sep:':', keep:FALSE);
if (!empty_or_null(appstream_split)) {
appstream_name = appstream_split[0];
appstream_version = appstream_split[1];
if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);
}
if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
appstreams_found++;
foreach var package_array ( appstreams[module] ) {
var reference = NULL;
var release = NULL;
var sp = NULL;
var cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (reference && release) {
if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
}
if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module container-tools:2.0');
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'buildah / buildah-tests / cockpit-podman / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| oracle | linux | 8 | cpe:/o:oracle:linux:8 |
| oracle | linux | buildah | p-cpe:/a:oracle:linux:buildah |
| oracle | linux | buildah-tests | p-cpe:/a:oracle:linux:buildah-tests |
| oracle | linux | cockpit-podman | p-cpe:/a:oracle:linux:cockpit-podman |
| oracle | linux | conmon | p-cpe:/a:oracle:linux:conmon |
| oracle | linux | container-selinux | p-cpe:/a:oracle:linux:container-selinux |
| oracle | linux | containernetworking-plugins | p-cpe:/a:oracle:linux:containernetworking-plugins |
| oracle | linux | containers-common | p-cpe:/a:oracle:linux:containers-common |
| oracle | linux | crit | p-cpe:/a:oracle:linux:crit |
| oracle | linux | criu | p-cpe:/a:oracle:linux:criu |
Related
nessus
nessus
RHEL 8 : container-tools:3.0 (RHSA-2022:1565)
2022-04-27 00:00:00
CentOS 8 : container-tools:3.0 (CESA-2022:1565)
2022-04-27 00:00:00
RHEL 8 : container-tools:2.0 (RHSA-2022:1566)
2022-04-27 00:00:00
oraclelinux
oraclelinux
container-tools:3.0 security and bug fix update
2022-04-28 00:00:00
container-tools:2.0 security update
2022-04-28 00:00:00
container-tools:ol8 security, bug fix, and enhancement update
2022-05-17 00:00:00
osv
osv
Moderate: container-tools:2.0 security update
2022-04-26 13:51:50
Moderate: container-tools:3.0 security and bug fix update
2022-04-26 13:51:39
Moderate: container-tools:2.0 security update
2022-04-26 13:51:50
rocky
rocky
container-tools:3.0 security and bug fix update
2022-04-26 13:51:39
container-tools:2.0 security update
2022-04-26 13:51:50
container-tools:rhel8 security, bug fix, and enhancement update
2022-05-10 08:00:01
redhat
redhat
(RHSA-2022:1565) Moderate: container-tools:3.0 security and bug fix update
2022-04-26 13:51:39
(RHSA-2022:1566) Moderate: container-tools:2.0 security update
2022-04-26 13:51:50
(RHSA-2022:1407) Moderate: container-tools:2.0 security and bug fix update
2022-04-19 13:43:35
almalinux
almalinux
Moderate: container-tools:2.0 security update
2022-04-26 13:51:50
Moderate: container-tools:3.0 security and bug fix update
2022-04-26 13:51:39
Important: container-tools:rhel8 security, bug fix, and enhancement update
2022-05-10 00:00:00
veracode
veracode
Denial Of Service (DoS)
2022-04-02 08:56:27
Privilege Escalation
2022-04-06 08:53:19
github
github
Podman's default inheritable capabilities for linux container not empty
2022-04-01 20:52:29
Non-empty default inheritable capabilities for linux container in Buildah
2022-04-01 13:56:42
prion
prion
Default credentials
2022-04-04 20:15:00
Design/Logic Flaw
2022-04-04 20:15:00
cbl_mariner
cbl_mariner
CVE-2022-27649 affecting package podman 2.2.1-5
2022-08-03 21:00:10
CVE-2022-27651 affecting package buildah 1.18.0-22
2024-04-29 21:06:18
CVE-2022-27651 affecting package buildah 1.18.0-7
2023-02-14 22:19:20
suse
suse
Security update for buildah (moderate)
2022-04-27 00:00:00
Security update for buildah (moderate)
2022-08-05 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: buildah-1.25.1-1.fc36
2022-05-07 04:45:00
[SECURITY] Fedora 35 Update: buildah-1.23.3-2.fc35
2022-04-07 15:26:50
[SECURITY] Fedora 34 Update: buildah-1.23.3-1.fc34
2022-04-07 15:15:39
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:2680-1)
2022-08-05 00:00:00
Fedora: Security Advisory for buildah (FEDORA-2022-1a15fe81f0)
2022-05-08 00:00:00
openSUSE: Security Advisory for buildah (SUSE-SU-2022:1437-1)
2022-05-17 00:00:00
alpinelinux
alpinelinux
CVE-2022-27651
2022-04-04 20:15:00
CVE-2022-27649
2022-04-04 20:15:00
ubuntucve
ubuntucve
CVE-2022-27649
2022-04-04 00:00:00
CVE-2022-27651
2022-04-04 00:00:00
cve
cve
CVE-2022-27649
2022-04-04 20:15:00
CVE-2022-27651
2022-04-04 20:15:00
debiancve
debiancve
CVE-2022-27651
2022-04-04 20:15:00
CVE-2022-27649
2022-04-04 20:15:00
redhatcve
redhatcve
CVE-2022-27651
2022-03-31 20:48:30
CVE-2022-27649
2022-03-31 20:48:29
rosalinux
rosalinux
Advisory ROSA-SA-2023-2227
2023-09-05 09:31:53
altlinux
altlinux
Security fix for the ALT Linux 10 package podman version 4.0.3-alt1
2022-04-08 00:00:00
redos
redos
ROS-20230710-01
2023-07-10 00:00:00
mageia
mageia
Updated skopeo/buildah/podman packages fix security vulnerability
2023-07-07 08:54:45
Related for ORACLELINUX_ELSA-2022-1566.NASL