Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2024-12157.NASLHistoryFeb 14, 2024 - 12:00 a.m.
Oracle Linux 7 : openssh (ELSA-2024-12157)
2024-02-1400:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
18
oracle linux 7
openssh vulnerability
elsa-2024-12157
remote attackers
integrity checks
security features
openssh extensions
terrapin attack
ssh transport protocol
cve-2023-48795
nessus scanner
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
6.6
Confidence
High
EPSS
0.965
Percentile
99.6%
The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2024-12157 advisory.
[7.4p1-23.0.3]
- add KEX_INITIAL flag [Orabug: 36160445]
- implement 'strict key exchange' [CVE-2023-48795][Orabug: 36160445]
Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Oracle Linux Security Advisory ELSA-2024-12157.
##
include('compat.inc');
if (description)
{
script_id(190505);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/23");
script_cve_id("CVE-2023-48795");
script_name(english:"Oracle Linux 7 : openssh (ELSA-2024-12157)");
script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the
ELSA-2024-12157 advisory.
[7.4p1-23.0.3]
- add KEX_INITIAL flag [Orabug: 36160445]
- implement 'strict key exchange' [CVE-2023-48795][Orabug: 36160445]
Tenable has extracted the preceding description block directly from the Oracle Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://linux.oracle.com/errata/ELSA-2024-12157.html");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:N/I:C/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N");
script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-48795");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/12/18");
script_set_attribute(attribute:"patch_publication_date", value:"2024/02/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/02/14");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ol7");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:exadata_dbserver:22.1.21.0.0::ovs3");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ol7");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:exadata_dbserver:22.1.22.0.0::ovs3");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ol7");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:exadata_dbserver:22.1.23.0.0::ovs3");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ol7");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:exadata_dbserver:22.1.24.0.0::ovs3");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ol7");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:exadata_dbserver:22.1.25.0.0::ovs3");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ol7");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:exadata_dbserver:22.1.26.0.0::ovs3");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ol7");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:exadata_dbserver:22.1.27.0.0::ovs3");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:exadata_dbserver:23.1.12.0.0::ovs3");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:exadata_dbserver:23.1.13.0.0::ovs3");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:exadata_dbserver:23.1.14.0.0::ovs3");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:exadata_dbserver:23.1.15.0.0::ovs3");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:exadata_dbserver:23.1.16.0.0::ovs3");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:exadata_dbserver:23.1.17.0.0::ovs3");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:exadata_dbserver:23.1.18.0.0::ovs3");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:exadata_dbserver:24.1.0.0.0::ovs3");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:exadata_dbserver:24.1.1.0.0::ovs3");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:exadata_dbserver:24.1.2.0.0::ovs3");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:exadata_dbserver:24.1.3.0.0::ovs3");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:exadata_dbserver:24.1.4.0.0::ovs3");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:linux:7:9:patch");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:linux:7::latest");
script_set_attribute(attribute:"cpe", value:"cpe:/a:oracle:linux:7::optional_latest");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssh");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssh-askpass");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssh-cavs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssh-clients");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssh-keycat");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssh-ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssh-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:openssh-server-sysvinit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:pam_ssh_agent_auth");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Oracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/local_checks_enabled");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_release = get_kb_item("Host/RedHat/release");
if (isnull(os_release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:os_release)) audit(AUDIT_OS_NOT, 'Oracle Linux');
var os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);
var pkgs = [
{'reference':'openssh-7.4p1-23.0.3.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
{'reference':'openssh-askpass-7.4p1-23.0.3.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
{'reference':'openssh-cavs-7.4p1-23.0.3.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
{'reference':'openssh-clients-7.4p1-23.0.3.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
{'reference':'openssh-keycat-7.4p1-23.0.3.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
{'reference':'openssh-ldap-7.4p1-23.0.3.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
{'reference':'openssh-server-7.4p1-23.0.3.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
{'reference':'openssh-server-sysvinit-7.4p1-23.0.3.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
{'reference':'pam_ssh_agent_auth-0.10.3-2.23.0.3.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'pam_ssh_agent_auth-0.10.3-2.23.0.3.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'openssh-7.4p1-23.0.3.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
{'reference':'openssh-askpass-7.4p1-23.0.3.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
{'reference':'openssh-cavs-7.4p1-23.0.3.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
{'reference':'openssh-clients-7.4p1-23.0.3.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
{'reference':'openssh-keycat-7.4p1-23.0.3.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
{'reference':'openssh-ldap-7.4p1-23.0.3.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
{'reference':'openssh-server-7.4p1-23.0.3.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
{'reference':'openssh-server-sysvinit-7.4p1-23.0.3.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
{'reference':'pam_ssh_agent_auth-0.10.3-2.23.0.3.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'EL' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release) {
if (exists_check) {
if (rpm_exists(release:_release, rpm:exists_check) && rpm_check(release:_release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
} else {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssh / openssh-askpass / openssh-cavs / etc');
}
Related
osv
osv
CGA-4m34-28x9-hpgj
2024-06-06 12:23:41
CGA-7vjq-fhpg-92x6
2024-06-06 12:23:30
CGA-48fx-4272-c6m9
2024-06-06 12:22:27
openvas
openvas
Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1765)
2024-05-30 00:00:00
Huawei EulerOS: Security Advisory for python-paramiko (EulerOS-SA-2024-1750)
2024-05-30 00:00:00
Huawei EulerOS: Security Advisory for libssh2 (EulerOS-SA-2024-1239)
2024-03-12 00:00:00
nessus
nessus
Jenkins LTS < 2.440.3 / Jenkins weekly < 2.452
2024-04-17 00:00:00
FreeBSD : nebula -- security fix for terrapin vulnerability (0f7598cc-9fe2-11ee-b47f-901b0e9408dc)
2023-12-21 00:00:00
Fedora 38 : proftpd (2023-b87ec6cf47)
2023-12-29 00:00:00
alpinelinux
alpinelinux
CVE-2023-48795
2023-12-18 16:15:10
cbl_mariner
cbl_mariner
CVE-2023-48795 affecting package kubevirt for versions less than null
2024-01-10 08:19:37
CVE-2023-48795 affecting package libssh for versions less than 0.10.6-1
2024-01-14 22:46:30
CVE-2023-48795 affecting package moby-cli for versions less than 20.10.27-2
2024-01-19 03:54:24
atlassian
atlassian
CVE-2023-48795 vulnerability on SSH
2024-01-04 17:19:13
fedora
fedora
[SECURITY] Fedora 39 Update: putty-0.80-1.fc39
2024-01-11 01:17:14
[SECURITY] Fedora 38 Update: putty-0.80-1.fc38
2024-01-11 02:17:03
[SECURITY] Fedora 39 Update: prometheus-podman-exporter-1.7.0-1.fc39
2024-01-29 06:26:11
ubuntu
ubuntu
libssh2 vulnerability
2024-01-15 00:00:00
FileZilla vulnerability
2024-01-18 00:00:00
LXD vulnerability
2024-04-22 00:00:00
mageia
mageia
Updated erlang packages fix a security vulnerability (Terrapin Attack)
2024-01-20 01:43:32
Updated putty package fixes a security vulnerability (Terrapin attack)
2024-01-08 13:12:44
redhat
redhat
(RHSA-2024:0499) Moderate: libssh security update
2024-01-25 15:19:29
(RHSA-2024:0625) Moderate: libssh security update
2024-01-31 08:08:23
oraclelinux
oraclelinux
buildah security update
2024-03-07 00:00:00
openssh security update
2024-03-18 00:00:00
cloudfoundry
cloudfoundry
USN-6561-1: libssh vulnerability | Cloud Foundry
2024-04-04 00:00:00
ibm
ibm
freebsd
freebsd
jenkins -- Terrapin SSH vulnerability in Jenkins CLI client
2024-04-17 00:00:00
redos
redos
ROS-20240408-15
2024-04-08 00:00:00
debian
debian
[SECURITY] [DSA 5600-1] php-phpseclib security update
2024-01-12 07:13:37
amazon
amazon
Medium: openssh
2023-12-18 09:20:00
CVSS3
5.9
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
AI Score
6.6
Confidence
High
EPSS
0.965
Percentile
99.6%
Related for ORACLELINUX_ELSA-2024-12157.NASL