Lucene search

K
nessusThis script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.PHOTONOS_PHSA-2021-3_0-0311_DOCKER.NASL
HistoryOct 08, 2021 - 12:00 a.m.

Photon OS 3.0: Docker PHSA-2021-3.0-0311

2021-10-0800:00:00
This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
15

An update of the docker package has been released.

  • Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using docker cp into a specially-crafted container can result in Unix file permission changes for existing files in the hosts filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from VMware Security Advisory PHSA-2021-3.0-0311. The text
# itself is copyright (C) VMware, Inc.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(153946);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/10/12");

  script_cve_id("CVE-2021-41089");

  script_name(english:"Photon OS 3.0: Docker PHSA-2021-3.0-0311");

  script_set_attribute(attribute:"synopsis", value:
"The remote PhotonOS host is missing multiple security updates.");
  script_set_attribute(attribute:"description", value:
"An update of the docker package has been released.

  - Moby is an open-source project created by Docker to enable software containerization. A bug was found in
    Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container
    can result in Unix file permission changes for existing files in the hosts filesystem, widening access
    to others. This bug does not directly allow files to be read, modified, or executed without an additional
    cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this
    version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-3.0-311.md");
  script_set_attribute(attribute:"solution", value:
"Update the affected Linux packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-41089");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2021/09/30");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/10/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2021/10/08");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:docker");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:3.0");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"PhotonOS Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");

  exit(0);
}

include('audit.inc');
include('global_settings.inc');
include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var release = get_kb_item('Host/PhotonOS/release');
if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, 'PhotonOS');
if (release !~ "^VMware Photon (?:Linux|OS) 3\.0(\D|$)") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');

if (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);

var flag = 0;

if (rpm_exists(rpm:'docker-18.09', release:'PhotonOS-3.0') && rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'docker-18.09.9-12.ph3')) flag++;
if (rpm_exists(rpm:'docker-19.03', release:'PhotonOS-3.0') && rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'docker-19.03.15-8.ph3')) flag++;
if (rpm_exists(rpm:'docker-cli-18.09', release:'PhotonOS-3.0') && rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'docker-cli-18.09.9-12.ph3')) flag++;
if (rpm_exists(rpm:'docker-cli-19.03', release:'PhotonOS-3.0') && rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'docker-cli-19.03.15-8.ph3')) flag++;
if (rpm_exists(rpm:'docker-doc-18.09', release:'PhotonOS-3.0') && rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'docker-doc-18.09.9-12.ph3')) flag++;
if (rpm_exists(rpm:'docker-doc-19.03', release:'PhotonOS-3.0') && rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'docker-doc-19.03.15-8.ph3')) flag++;
if (rpm_exists(rpm:'docker-engine-18.09', release:'PhotonOS-3.0') && rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'docker-engine-18.09.9-12.ph3')) flag++;
if (rpm_exists(rpm:'docker-engine-19.03', release:'PhotonOS-3.0') && rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'docker-engine-19.03.15-8.ph3')) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'docker');
}
Related for PHOTONOS_PHSA-2021-3_0-0311_DOCKER.NASL