5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 High
AI Score
Confidence
High
0.964 High
EPSS
Percentile
99.6%
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:1593 advisory.
Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud based on Red Hat OpenStack Platform.
Security Fix(es):
* A resource-permission flaw was found in the python-tripleo and openstack-tripleo-heat-templates packages where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack service, thus potentially reading or modifying data in an OpenStack Block Storage volume.
To exploit this flaw, the attacker must have local access to an overcloud node. However by default, access to overcloud nodes is restricted and accessible only from the management undercloud server on an internal network. (CVE-2017-12155)
This issue was discovered by Katuya Kawakami (NEC).
* It was discovered that the memcached connections using UDP transport protocol can be abused for efficient traffic amplification distributed denial of service (DDoS) attacks. A remote attacker could send a malicious UDP request using a spoofed source IP address of a target system to memcached, causing it to send a significantly larger response to the target. (CVE-2018-1000115)
This advisory also addresses the following issues:
* This release adds support for deploying Dell EMC VMAX Block Storage backend using the Red Hat OpenStack Platform director. (BZ#1503896)
* Using composable roles for deploying Dell SC and PS Block Storage backend caused errors. The backends could only be deploying using 'cinder::config::cinder_config' hiera data.
With this update, the composable role support for deploying the Dell SC and PS Block Storage backends is updated. As a result, they can be now deployed using composable roles. (BZ#1552980)
* Previously, the iptables rules were managed by the Red Hat OpenStack Platform director and the OpenStack Networking service, which resulted in the rules created by the OpenStack Networking service to persist on to the disk. As a result, the rules that should not be loaded after an iptables restart or a system reboot would be loaded causing traffic issues.
With this update, the Red Hat OpenStack Platform director has been updated to exclude the OpenStack Networking rules from '/etc/sysconfig/iptables' when the director saves the firewall rules. As a result, iptables restart or a system reboot should work without causing traffic problems.
Note: It might be necessary to perform a rolling restart of the controller nodes to ensure that any orphaned managed neutron rules are no longer reloaded. (BZ#1541528)
* OS::TripleO::SwiftStorage::Ports* resources have been renamed to OS::TripleO::ObjectStorage::Port* to ensure standalone Object Storage nodes using the 'ObjectStorage' roles can be deployed correctly.
Operators need to modify their custom templates that previously used OS::TripleO::SwiftStorage::Ports* settings. (BZ#1544802)
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2018:1593. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(194086);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");
script_cve_id("CVE-2017-12155", "CVE-2018-1000115");
script_xref(name:"RHSA", value:"2018:1593");
script_name(english:"RHEL 7 : Red Hat OpenStack Platform director (RHSA-2018:1593)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates for Red Hat OpenStack Platform director.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2018:1593 advisory.
Red Hat OpenStack Platform director provides the facilities for deploying and monitoring a private or
public infrastructure-as-a-service (IaaS) cloud based on Red Hat OpenStack Platform.
Security Fix(es):
* A resource-permission flaw was found in the python-tripleo and openstack-tripleo-heat-templates packages
where ceph.client.openstack.keyring is created as world-readable. A local attacker with access to the key
could read or modify data on Ceph cluster pools for OpenStack as though the attacker were the OpenStack
service, thus potentially reading or modifying data in an OpenStack Block Storage volume.
To exploit this flaw, the attacker must have local access to an overcloud node. However by default, access
to overcloud nodes is restricted and accessible only from the management undercloud server on an internal
network. (CVE-2017-12155)
This issue was discovered by Katuya Kawakami (NEC).
* It was discovered that the memcached connections using UDP transport protocol can be abused for
efficient traffic amplification distributed denial of service (DDoS) attacks. A remote attacker could send
a malicious UDP request using a spoofed source IP address of a target system to memcached, causing it to
send a significantly larger response to the target. (CVE-2018-1000115)
This advisory also addresses the following issues:
* This release adds support for deploying Dell EMC VMAX Block Storage backend using the Red Hat OpenStack
Platform director. (BZ#1503896)
* Using composable roles for deploying Dell SC and PS Block Storage backend caused errors. The backends
could only be deploying using 'cinder::config::cinder_config' hiera data.
With this update, the composable role support for deploying the Dell SC and PS Block Storage backends is
updated. As a result, they can be now deployed using composable roles. (BZ#1552980)
* Previously, the iptables rules were managed by the Red Hat OpenStack Platform director and the OpenStack
Networking service, which resulted in the rules created by the OpenStack Networking service to persist on
to the disk. As a result, the rules that should not be loaded after an iptables restart or a system reboot
would be loaded causing traffic issues.
With this update, the Red Hat OpenStack Platform director has been updated to exclude the OpenStack
Networking rules from '/etc/sysconfig/iptables' when the director saves the firewall rules. As a result,
iptables restart or a system reboot should work without causing traffic problems.
Note: It might be necessary to perform a rolling restart of the controller nodes to ensure that any
orphaned managed neutron rules are no longer reloaded. (BZ#1541528)
* OS::TripleO::SwiftStorage::Ports* resources have been renamed to OS::TripleO::ObjectStorage::Port* to
ensure standalone Object Storage nodes using the 'ObjectStorage' roles can be deployed correctly.
Operators need to modify their custom templates that previously used OS::TripleO::SwiftStorage::Ports*
settings. (BZ#1544802)
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1414549");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1489360");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1503896");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1514532");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1514842");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1517302");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1533602");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1534540");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1538753");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1541528");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1543883");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1544211");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1544802");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1545666");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1547091");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1547957");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1551182");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1552980");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1559093");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568596");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1568601");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1571840");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1576577");
# https://access.redhat.com/security/data/csaf/v2/advisories/2018/rhsa-2018_1593.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?cd002ca1");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:1593");
script_set_attribute(attribute:"solution", value:
"Update the RHEL Red Hat OpenStack Platform director package based on the guidance in RHSA-2018:1593.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12155");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(732);
script_set_attribute(attribute:"vendor_severity", value:"Moderate");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/12/12");
script_set_attribute(attribute:"patch_publication_date", value:"2018/05/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openstack-tripleo-heat-templates");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:puppet-tripleo");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/rhel/client/7/7Client/x86_64/openstack-tools/10/debug',
'content/dist/rhel/client/7/7Client/x86_64/openstack-tools/10/os',
'content/dist/rhel/client/7/7Client/x86_64/openstack-tools/10/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/openstack-devtools/10/debug',
'content/dist/rhel/server/7/7Server/x86_64/openstack-devtools/10/os',
'content/dist/rhel/server/7/7Server/x86_64/openstack-devtools/10/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/openstack-tools/10/debug',
'content/dist/rhel/server/7/7Server/x86_64/openstack-tools/10/os',
'content/dist/rhel/server/7/7Server/x86_64/openstack-tools/10/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/openstack/10/debug',
'content/dist/rhel/server/7/7Server/x86_64/openstack/10/os',
'content/dist/rhel/server/7/7Server/x86_64/openstack/10/source/SRPMS',
'content/dist/rhel/workstation/7/7Workstation/x86_64/openstack-tools/10/debug',
'content/dist/rhel/workstation/7/7Workstation/x86_64/openstack-tools/10/os',
'content/dist/rhel/workstation/7/7Workstation/x86_64/openstack-tools/10/source/SRPMS'
],
'pkgs': [
{'reference':'openstack-tripleo-heat-templates-5.3.10-1.el7ost', 'release':'7', 'el_string':'el7ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'},
{'reference':'puppet-tripleo-5.6.8-6.el7ost', 'release':'7', 'el_string':'el7ost', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openstack-'}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openstack-tripleo-heat-templates / puppet-tripleo');
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | puppet-tripleo | p-cpe:/a:redhat:enterprise_linux:puppet-tripleo |
redhat | enterprise_linux | openstack-tripleo-heat-templates | p-cpe:/a:redhat:enterprise_linux:openstack-tripleo-heat-templates |
redhat | enterprise_linux | 7 | cpe:/o:redhat:enterprise_linux:7 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12155
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1000115
www.nessus.org/u?cd002ca1
access.redhat.com/errata/RHSA-2018:1593
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1414549
bugzilla.redhat.com/show_bug.cgi?id=1489360
bugzilla.redhat.com/show_bug.cgi?id=1503896
bugzilla.redhat.com/show_bug.cgi?id=1514532
bugzilla.redhat.com/show_bug.cgi?id=1514842
bugzilla.redhat.com/show_bug.cgi?id=1517302
bugzilla.redhat.com/show_bug.cgi?id=1533602
bugzilla.redhat.com/show_bug.cgi?id=1534540
bugzilla.redhat.com/show_bug.cgi?id=1538753
bugzilla.redhat.com/show_bug.cgi?id=1541528
bugzilla.redhat.com/show_bug.cgi?id=1543883
bugzilla.redhat.com/show_bug.cgi?id=1544211
bugzilla.redhat.com/show_bug.cgi?id=1544802
bugzilla.redhat.com/show_bug.cgi?id=1545666
bugzilla.redhat.com/show_bug.cgi?id=1547091
bugzilla.redhat.com/show_bug.cgi?id=1547957
bugzilla.redhat.com/show_bug.cgi?id=1551182
bugzilla.redhat.com/show_bug.cgi?id=1552980
bugzilla.redhat.com/show_bug.cgi?id=1559093
bugzilla.redhat.com/show_bug.cgi?id=1568596
bugzilla.redhat.com/show_bug.cgi?id=1568601
bugzilla.redhat.com/show_bug.cgi?id=1571840
bugzilla.redhat.com/show_bug.cgi?id=1576577
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 High
AI Score
Confidence
High
0.964 High
EPSS
Percentile
99.6%