Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2018-2745.NASLHistoryApr 27, 2024 - 12:00 a.m.
RHEL 7 : CloudForms 4.5.5 (RHSA-2018:2745)
2024-04-2700:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
redhat enterprise linux
cloudforms
vulnerabilities
rubygem sprockets
path traversal
remote attack
improper access control
druby
local users
arbitrary commands
nessus
scanner
7.5 High
AI Score
Confidence
Low
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2745 advisory.
-
rubygem-sprockets: Path traversal in forbidden_request?() can allow remote attackers to read arbitrary files (CVE-2018-3760)
-
cfme: Improper access control in dRuby allows local users to execute arbitrary commands as root (CVE-2018-10905)
Note that Nessus has not tested for these issues but has instead relied only on the applicationβs self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2018:2745. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(194089);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/27");
script_cve_id("CVE-2018-3760", "CVE-2018-10905");
script_xref(name:"RHSA", value:"2018:2745");
script_name(english:"RHEL 7 : CloudForms 4.5.5 (RHSA-2018:2745)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2018:2745 advisory.
- rubygem-sprockets: Path traversal in forbidden_request?() can allow remote attackers to read arbitrary
files (CVE-2018-3760)
- cfme: Improper access control in dRuby allows local users to execute arbitrary commands as root
(CVE-2018-10905)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#important");
# https://access.redhat.com/documentation/en-us/red_hat_cloudforms/4.5/html/release_notes
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?95750580");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1586214");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1590761");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1591443");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1593058");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1593353");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1593678");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1593798");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1593914");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1594008");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1594028");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1594326");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1594387");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1595457");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1595462");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1595771");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1596336");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1602190");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1607442");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1608849");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1613388");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1613758");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1622632");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1623574");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1625250");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1626475");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1626502");
# https://access.redhat.com/security/data/csaf/v2/advisories/2018/rhsa-2018_2745.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a44cd2fa");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:2745");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-10905");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(22, 284);
script_set_attribute(attribute:"vendor_severity", value:"Important");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/06/20");
script_set_attribute(attribute:"patch_publication_date", value:"2018/09/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ansible-tower-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ansible-tower-setup");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cfme");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cfme-appliance");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cfme-gemset");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-postgresql95-postgresql-pglogical");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/cf-me/server/5.8/x86_64/debug',
'content/dist/cf-me/server/5.8/x86_64/os',
'content/dist/cf-me/server/5.8/x86_64/source/SRPMS'
],
'pkgs': [
{'reference':'ansible-tower-server-3.1.8-1.el7at', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.8'},
{'reference':'ansible-tower-setup-3.1.8-1.el7at', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.8'},
{'reference':'cfme-5.8.5.1-1.el7cf', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.8'},
{'reference':'cfme-appliance-5.8.5.1-1.el7cf', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.8'},
{'reference':'cfme-gemset-5.8.5.1-1.el7cf', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.8'},
{'reference':'rh-postgresql95-postgresql-pglogical-1.2.1-2.el7cf', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.8'}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ansible-tower-server / ansible-tower-setup / cfme / cfme-appliance / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | 7 | cpe:/o:redhat:enterprise_linux:7 |
| redhat | enterprise_linux | ansible-tower-server | p-cpe:/a:redhat:enterprise_linux:ansible-tower-server |
| redhat | enterprise_linux | ansible-tower-setup | p-cpe:/a:redhat:enterprise_linux:ansible-tower-setup |
| redhat | enterprise_linux | cfme | p-cpe:/a:redhat:enterprise_linux:cfme |
| redhat | enterprise_linux | cfme-appliance | p-cpe:/a:redhat:enterprise_linux:cfme-appliance |
| redhat | enterprise_linux | cfme-gemset | p-cpe:/a:redhat:enterprise_linux:cfme-gemset |
| redhat | enterprise_linux | rh-postgresql95-postgresql-pglogical | p-cpe:/a:redhat:enterprise_linux:rh-postgresql95-postgresql-pglogical |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10905
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3760
www.nessus.org/u?95750580
www.nessus.org/u?a44cd2fa
access.redhat.com/errata/RHSA-2018:2745
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1586214
bugzilla.redhat.com/show_bug.cgi?id=1590761
bugzilla.redhat.com/show_bug.cgi?id=1591443
bugzilla.redhat.com/show_bug.cgi?id=1593058
bugzilla.redhat.com/show_bug.cgi?id=1593353
bugzilla.redhat.com/show_bug.cgi?id=1593678
bugzilla.redhat.com/show_bug.cgi?id=1593798
bugzilla.redhat.com/show_bug.cgi?id=1593914
bugzilla.redhat.com/show_bug.cgi?id=1594008
bugzilla.redhat.com/show_bug.cgi?id=1594028
bugzilla.redhat.com/show_bug.cgi?id=1594326
bugzilla.redhat.com/show_bug.cgi?id=1594387
bugzilla.redhat.com/show_bug.cgi?id=1595457
bugzilla.redhat.com/show_bug.cgi?id=1595462
bugzilla.redhat.com/show_bug.cgi?id=1595771
bugzilla.redhat.com/show_bug.cgi?id=1596336
bugzilla.redhat.com/show_bug.cgi?id=1602190
bugzilla.redhat.com/show_bug.cgi?id=1607442
bugzilla.redhat.com/show_bug.cgi?id=1608849
bugzilla.redhat.com/show_bug.cgi?id=1613388
bugzilla.redhat.com/show_bug.cgi?id=1613758
bugzilla.redhat.com/show_bug.cgi?id=1622632
bugzilla.redhat.com/show_bug.cgi?id=1623574
bugzilla.redhat.com/show_bug.cgi?id=1625250
bugzilla.redhat.com/show_bug.cgi?id=1626475
bugzilla.redhat.com/show_bug.cgi?id=1626502
Related
redhat
redhat
veracode
veracode
Arbitrary Code Execution
2019-01-15 09:25:58
Directory Traversal
2018-06-20 08:36:16
Directory Traversal
2019-01-15 09:24:20
redhatcve
redhatcve
CVE-2018-10905
2019-10-11 10:51:16
CVE-2018-3760
2019-10-09 16:26:49
cve
cve
CVE-2018-10905
2018-07-24 13:29:00
CVE-2018-3760
2018-06-26 19:29:00
cvelist
cvelist
CVE-2018-10905
2018-07-24 13:00:00
CVE-2018-3760
2018-06-19 00:00:00
prion
prion
Design/Logic Flaw
2018-07-24 13:29:00
Information disclosure
2018-06-26 19:29:00
nessus
nessus
openSUSE Security Update : rubygem-sprockets (openSUSE-2018-773)
2018-07-30 00:00:00
Debian DSA-4242-1 : ruby-sprockets - security update
2018-07-10 00:00:00
openSUSE Security Update : rubygem-sprockets (openSUSE-2019-542)
2019-03-27 00:00:00
osv
osv
Sprockets path traversal leads to information leak
2018-06-20 22:18:58
ruby-sprockets - security update
2018-07-09 00:00:00
ruby-sprockets - security update
2018-07-12 00:00:00
fedora
fedora
[SECURITY] Fedora 27 Update: rubygem-sprockets-3.7.2-1.fc27
2018-07-14 23:36:29
[SECURITY] Fedora 28 Update: rubygem-sprockets-3.7.2-1.fc28
2018-07-15 03:33:48
openvas
openvas
Debian: Security Advisory (DSA-4242-1)
2018-07-08 00:00:00
Fedora Update for rubygem-sprockets FEDORA-2018-2735a12b72
2018-07-15 00:00:00
Fedora Update for rubygem-sprockets FEDORA-2018-fd29597fa4
2018-07-15 00:00:00
hackerone
hackerone
debian
debian
[SECURITY] [DSA 4242-1] ruby-sprockets security update
2018-07-09 21:07:12
[SECURITY] [DLA-1419-1] ruby-sprockets security update
2018-07-12 09:41:28
[SECURITY] [DSA 4242-1] ruby-sprockets security update
2018-07-09 21:06:50
nuclei
nuclei
Ruby On Rails - Local File Inclusion
2020-04-05 18:01:09
seebug
seebug
Ruby on Rails θ·―εΎη©ΏθΆδΈδ»»ζζδ»Άθ―»εζΌζ΄(CVE-2018-3760)εζ
2018-08-08 00:00:00
suse
suse
Security update for rubygem-sprockets (moderate)
2018-07-28 16:02:02
Security update for rubygem-sprockets (important)
2018-06-29 21:15:11
ubuntucve
ubuntucve
CVE-2018-3760
2018-06-26 00:00:00
debiancve
debiancve
CVE-2018-3760
2018-06-26 19:29:00
github
github
Sprockets path traversal leads to information leak
2018-06-20 22:18:58