Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2017-3389.NASL
HistoryDec 04, 2018 - 12:00 a.m.

RHEL 7 : Red Hat OpenShift Enterprise (RHSA-2017:3389)

2018-12-0400:00:00
This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

46.4%

JSON

An update is now available for Red Hat OpenShift Container Platform 3.4, Red Hat OpenShift Container Platform 3.5, and Red Hat OpenShift Container Platform 3.6.

Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

OpenShift Enterprise by Red Hat is the company’s cloud computing Platform-as-a-Service (PaaS) solution designed for on-premise or private cloud deployments.

This advisory contains the RPM packages for this release. An advisory for the container images for this release is available at:
https://access.redhat.com/ errata/RHBA-2017:3390.

Space precludes documenting all of the bug fixes and enhancements in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes :

https://docs.openshift.com/container-platform/3.6/release_notes/ ocp_3_6_release_notes.html

https://docs.openshift.com/container-platform/3.5/release_notes/ ocp_3_5_release_notes.html

https://docs.openshift.com/container-platform/3.4/release_notes/ ocp_3_4_release_notes.html

All OpenShift Container Platform 3 users are advised to upgrade to these updated packages and images.

Security Fix(es) :

  • An attacker with knowledge of the given name used to authenticate and access Elasticsearch can later access it without the token, bypassing authentication. This attack also requires that the Elasticsearch be configured with an external route, and the data accessed is limited to the indices. (CVE-2017-12195)

This issue was discovered by Rich Megginson (Red Hat).

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2017:3389. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(119390);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/11");

  script_cve_id("CVE-2017-12195");
  script_xref(name:"RHSA", value:"2017:3389");

  script_name(english:"RHEL 7 : Red Hat OpenShift Enterprise (RHSA-2017:3389)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description",
    value:
"An update is now available for Red Hat OpenShift Container Platform
3.4, Red Hat OpenShift Container Platform 3.5, and Red Hat OpenShift
Container Platform 3.6.

Red Hat Product Security has rated this update as having a security
impact of Moderate. A Common Vulnerability Scoring System (CVSS) base
score, which gives a detailed severity rating, is available for each
vulnerability from the CVE link(s) in the References section.

OpenShift Enterprise by Red Hat is the company's cloud computing
Platform-as-a-Service (PaaS) solution designed for on-premise or
private cloud deployments.

This advisory contains the RPM packages for this release. An advisory
for the container images for this release is available at:
https://access.redhat.com/ errata/RHBA-2017:3390.

Space precludes documenting all of the bug fixes and enhancements in
this advisory. See the following Release Notes documentation, which
will be updated shortly for this release, for details about these
changes :

https://docs.openshift.com/container-platform/3.6/release_notes/
ocp_3_6_release_notes.html

https://docs.openshift.com/container-platform/3.5/release_notes/
ocp_3_5_release_notes.html

https://docs.openshift.com/container-platform/3.4/release_notes/
ocp_3_4_release_notes.html

All OpenShift Container Platform 3 users are advised to upgrade to
these updated packages and images.

Security Fix(es) :

* An attacker with knowledge of the given name used to authenticate
and access Elasticsearch can later access it without the token,
bypassing authentication. This attack also requires that the
Elasticsearch be configured with an external route, and the data
accessed is limited to the indices. (CVE-2017-12195)

This issue was discovered by Rich Megginson (Red Hat)."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2017:3389"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2017-12195"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-cluster-capacity");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-dockerregistry");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-federation-services");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-service-catalog");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:atomic-openshift-tests");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cockpit-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cockpit-kubernetes");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-elasticsearch-plugin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tuned-profiles-atomic-openshift-node");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");

  script_set_attribute(attribute:"vuln_publication_date", value:"2018/07/27");
  script_set_attribute(attribute:"patch_publication_date", value:"2017/12/07");
  script_set_attribute(attribute:"plugin_publication_date", value:"2018/12/04");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^7([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 7.x", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2017:3389";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_exists(rpm:"atomic-openshift-3.6", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-3.6.173.0.63-1.git.0.855ea8b.el7")) flag++;
  if (rpm_exists(rpm:"atomic-openshift-clients-3.6", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-clients-3.6.173.0.63-1.git.0.855ea8b.el7")) flag++;
  if (rpm_exists(rpm:"atomic-openshift-clients-redistributable-3.6", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-clients-redistributable-3.6.173.0.63-1.git.0.855ea8b.el7")) flag++;
  if (rpm_exists(rpm:"atomic-openshift-cluster-capacity-3.6", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-cluster-capacity-3.6.173.0.63-1.git.0.855ea8b.el7")) flag++;
  if (rpm_exists(rpm:"atomic-openshift-docker-excluder-3.6", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"atomic-openshift-docker-excluder-3.6.173.0.63-1.git.0.855ea8b.el7")) flag++;
  if (rpm_exists(rpm:"atomic-openshift-dockerregistry-3.6", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-dockerregistry-3.6.173.0.63-1.git.0.855ea8b.el7")) flag++;
  if (rpm_exists(rpm:"atomic-openshift-excluder-3.6", release:"RHEL7") && rpm_check(release:"RHEL7", reference:"atomic-openshift-excluder-3.6.173.0.63-1.git.0.855ea8b.el7")) flag++;
  if (rpm_exists(rpm:"atomic-openshift-federation-services-3.6", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-federation-services-3.6.173.0.63-1.git.0.855ea8b.el7")) flag++;
  if (rpm_exists(rpm:"atomic-openshift-master-3.6", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-master-3.6.173.0.63-1.git.0.855ea8b.el7")) flag++;
  if (rpm_exists(rpm:"atomic-openshift-node-3.6", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-node-3.6.173.0.63-1.git.0.855ea8b.el7")) flag++;
  if (rpm_exists(rpm:"atomic-openshift-pod-3.6", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-pod-3.6.173.0.63-1.git.0.855ea8b.el7")) flag++;
  if (rpm_exists(rpm:"atomic-openshift-sdn-ovs-3.6", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-sdn-ovs-3.6.173.0.63-1.git.0.855ea8b.el7")) flag++;
  if (rpm_exists(rpm:"atomic-openshift-service-catalog-3.6", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-service-catalog-3.6.173.0.63-1.git.0.855ea8b.el7")) flag++;
  if (rpm_exists(rpm:"atomic-openshift-tests-3.6", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"atomic-openshift-tests-3.6.173.0.63-1.git.0.855ea8b.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"cockpit-debuginfo-155-1.el7")) flag++;
  if (rpm_check(release:"RHEL7", cpu:"x86_64", reference:"cockpit-kubernetes-155-1.el7")) flag++;
  if (rpm_check(release:"RHEL7", reference:"openshift-elasticsearch-plugin-2.4.4.17__redhat_1-3.el7")) flag++;
  if (rpm_exists(rpm:"tuned-profiles-atomic-openshift-node-3.6", release:"RHEL7") && rpm_check(release:"RHEL7", cpu:"x86_64", reference:"tuned-profiles-atomic-openshift-node-3.6.173.0.63-1.git.0.855ea8b.el7")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "atomic-openshift / atomic-openshift-clients / etc");
  }
}
VendorProductVersionCPE
redhatenterprise_linuxatomic-openshiftp-cpe:/a:redhat:enterprise_linux:atomic-openshift
redhatenterprise_linuxatomic-openshift-clientsp-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients
redhatenterprise_linuxatomic-openshift-clients-redistributablep-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable
redhatenterprise_linuxatomic-openshift-cluster-capacityp-cpe:/a:redhat:enterprise_linux:atomic-openshift-cluster-capacity
redhatenterprise_linuxatomic-openshift-docker-excluderp-cpe:/a:redhat:enterprise_linux:atomic-openshift-docker-excluder
redhatenterprise_linuxatomic-openshift-dockerregistryp-cpe:/a:redhat:enterprise_linux:atomic-openshift-dockerregistry
redhatenterprise_linuxatomic-openshift-excluderp-cpe:/a:redhat:enterprise_linux:atomic-openshift-excluder
redhatenterprise_linuxatomic-openshift-federation-servicesp-cpe:/a:redhat:enterprise_linux:atomic-openshift-federation-services
redhatenterprise_linuxatomic-openshift-masterp-cpe:/a:redhat:enterprise_linux:atomic-openshift-master
redhatenterprise_linuxatomic-openshift-nodep-cpe:/a:redhat:enterprise_linux:atomic-openshift-node
Rows per page:
1-10 of 191

Related

redhat 2
cvelist 1
veracode 1
redhatcve 1
nvd 1
nessus 1
prion 1
cve 1
redhat
redhat
(RHSA-2017:3188) Moderate: Red Hat OpenShift Container Platform 3.7 security, bug, and enhancement update
2017-11-28 21:16:53
(RHSA-2017:3389) Moderate: Red Hat OpenShift Enterprise security, bug fix, and enhancement update
2017-12-07 06:54:54
cvelist
cvelist
CVE-2017-12195
2018-07-27 15:00:00
veracode
veracode
Authentication Bypass
2019-01-15 09:19:33
redhatcve
redhatcve
CVE-2017-12195
2017-11-28 20:19:57
nvd
nvd
CVE-2017-12195
2018-07-27 15:29:00
nessus
nessus
RHEL 7 : Red Hat OpenShift Container Platform 3.7 (RHSA-2017:3188)
2018-12-04 00:00:00
prion
prion
Design/Logic Flaw
2018-07-27 15:29:00
cve
cve
CVE-2017-12195
2018-07-27 15:29:00

5.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

46.4%

JSON
Related for REDHAT-RHSA-2017-3389.NASL
redhat2cvelist1veracode1redhatcve1nvd1nessus1prion1cve1