Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ROCKY_LINUX_RLSA-2019-3403.NASL
HistoryNov 07, 2023 - 12:00 a.m.

Rocky Linux 8 : container-tools:rhel8 (RLSA-2019:3403)

2023-11-0700:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
rocky linux 8
vulnerabilities
tls connection
container tools
podman
buildah
skopeo
red hat enterprise linux
cri-o
openshift container platform
mitm attack
login credentials
bearer tokens
libslirp
heap-based buffer overflow
cncf
cni
network firewall
kubernetes
iptables
nessus
scanner

7.4 High

AI Score

Confidence

Low

JSON

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2019:3403 advisory.

  • The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack and steal login credentials or bearer tokens. (CVE-2019-10214)

  • ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it mishandles a case involving the first fragment. (CVE-2019-14378)

  • Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI ‘portmap’ plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0. (CVE-2019-9946)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Rocky Linux Security Advisory RLSA-2019:3403.
##

include('compat.inc');

if (description)
{
  script_id(184867);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/07");

  script_cve_id("CVE-2019-9946", "CVE-2019-10214", "CVE-2019-14378");
  script_xref(name:"RLSA", value:"2019:3403");

  script_name(english:"Rocky Linux 8 : container-tools:rhel8 (RLSA-2019:3403)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Rocky Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the
RLSA-2019:3403 advisory.

  - The containers/image library used by the container tools Podman, Buildah, and Skopeo in Red Hat Enterprise
    Linux version 8 and CRI-O in OpenShift Container Platform, does not enforce TLS connections to the
    container registry authorization service. An attacker could use this vulnerability to launch a MiTM attack
    and steal login credentials or bearer tokens. (CVE-2019-10214)

  - ip_reass in ip_input.c in libslirp 4.0.0 has a heap-based buffer overflow via a large packet because it
    mishandles a case involving the first fragment. (CVE-2019-14378)

  - Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall
    misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI,
    inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES
    chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better
    fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in
    CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0. (CVE-2019-9946)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://errata.rockylinux.org/RLSA-2019:3403");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1655211");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1661597");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1671023");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1672581");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1674519");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1677251");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1677264");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1689255");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1690514");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1691543");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1692513");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1693154");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1693424");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1707220");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1719626");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1719994");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1720646");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1720654");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1721247");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1721638");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1723879");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1728700");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1730281");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1731117");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1732508");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1734745");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1734809");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1737077");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1739961");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1740079");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1741157");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1743685");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2019-14378");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/03/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2019/11/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/07");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:oci-systemd-hook");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:oci-systemd-hook-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:oci-systemd-hook-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:oci-umount");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:oci-umount-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:oci-umount-debugsource");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rocky:linux:8");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Rocky Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RockyLinux/release", "Host/RockyLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RockyLinux/release');
if (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');
var os_ver = pregmatch(pattern: "Rocky(?: Linux)? release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);

if (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);

var pkgs = [
    {'reference':'oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.4.0+557+48ba8b2f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
    {'reference':'oci-systemd-hook-0.1.15-2.git2d0b8a3.module+el8.4.0+557+48ba8b2f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
    {'reference':'oci-systemd-hook-debuginfo-0.1.15-2.git2d0b8a3.module+el8.4.0+557+48ba8b2f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
    {'reference':'oci-systemd-hook-debuginfo-0.1.15-2.git2d0b8a3.module+el8.4.0+557+48ba8b2f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
    {'reference':'oci-systemd-hook-debugsource-0.1.15-2.git2d0b8a3.module+el8.4.0+557+48ba8b2f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
    {'reference':'oci-systemd-hook-debugsource-0.1.15-2.git2d0b8a3.module+el8.4.0+557+48ba8b2f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
    {'reference':'oci-umount-2.3.4-2.git87f9237.module+el8.4.0+557+48ba8b2f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
    {'reference':'oci-umount-2.3.4-2.git87f9237.module+el8.4.0+557+48ba8b2f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
    {'reference':'oci-umount-debuginfo-2.3.4-2.git87f9237.module+el8.4.0+557+48ba8b2f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
    {'reference':'oci-umount-debuginfo-2.3.4-2.git87f9237.module+el8.4.0+557+48ba8b2f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
    {'reference':'oci-umount-debugsource-2.3.4-2.git87f9237.module+el8.4.0+557+48ba8b2f', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
    {'reference':'oci-umount-debugsource-2.3.4-2.git87f9237.module+el8.4.0+557+48ba8b2f', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'oci-systemd-hook / oci-systemd-hook-debuginfo / etc');
}
VendorProductVersionCPE
rockylinuxoci-systemd-hookp-cpe:/a:rocky:linux:oci-systemd-hook
rockylinuxoci-systemd-hook-debuginfop-cpe:/a:rocky:linux:oci-systemd-hook-debuginfo
rockylinuxoci-systemd-hook-debugsourcep-cpe:/a:rocky:linux:oci-systemd-hook-debugsource
rockylinuxoci-umountp-cpe:/a:rocky:linux:oci-umount
rockylinuxoci-umount-debuginfop-cpe:/a:rocky:linux:oci-umount-debuginfo
rockylinuxoci-umount-debugsourcep-cpe:/a:rocky:linux:oci-umount-debugsource
rockylinux8cpe:/o:rocky:linux:8

References

Related

osv 11
rocky 2
nessus 66
redhat 19
oraclelinux 16
almalinux 2
veracode 3
fedora 3
redhatcve 3
openvas 31
photon 2
suse 10
prion 3
cloudfoundry 1
ibm 4
ubuntucve 3
cve 3
alpinelinux 1
debiancve 3
github 1
amazon 2
f5 1
packetstorm 1
zdt 1
hackerone 1
debian 2
centos 2
ubuntu 2
osv
osv
Important: container-tools:rhel8 security, bug fix, and enhancement update
2019-11-05 17:41:57
Important: container-tools:rhel8 security, bug fix, and enhancement update
2019-11-05 17:41:57
Important: container-tools:1.0 security and bug fix update
2019-11-05 17:52:13
rocky
rocky
container-tools:rhel8 security, bug fix, and enhancement update
2019-11-05 17:41:57
container-tools:1.0 security and bug fix update
2019-11-05 17:52:13
nessus
nessus
CentOS 8 : container-tools:rhel8 (CESA-2019:3403)
2021-01-29 00:00:00
CentOS 8 : container-tools:1.0 (CESA-2019:3494)
2021-01-29 00:00:00
RHEL 8 : container-tools:1.0 (RHSA-2019:3494)
2019-11-06 00:00:00
redhat
redhat
(RHSA-2019:3403) Important: container-tools:rhel8 security, bug fix, and enhancement update
2019-11-05 17:41:57
(RHSA-2019:3494) Important: container-tools:1.0 security and bug fix update
2019-11-05 17:52:13
(RHSA-2019:2825) Moderate: OpenShift Container Platform 4.1.17 cri-o security update
2019-09-25 06:30:05
oraclelinux
oraclelinux
container-tools:ol8 security, bug fix, and enhancement update
2019-11-14 00:00:00
container-tools:1.0 security and bug fix update
2019-11-14 00:00:00
container-tools:ol8 security and bug fix update
2020-01-03 00:00:00
almalinux
almalinux
Important: container-tools:rhel8 security, bug fix, and enhancement update
2019-11-05 17:41:57
Important: container-tools:1.0 security and bug fix update
2019-11-05 17:52:13
veracode
veracode
Firewall Misconfiguration
2019-04-03 02:27:37
Information Disclosure
2019-09-24 00:19:31
Denial Of Service (DoS)
2019-10-23 00:09:56
fedora
fedora
[SECURITY] Fedora 30 Update: containernetworking-plugins-0.7.5-1.fc30
2019-06-12 14:48:31
[SECURITY] Fedora 29 Update: containernetworking-plugins-0.7.5-1.fc29
2019-06-15 01:21:29
[SECURITY] Fedora 30 Update: libslirp-4.0.0-2.fc30
2019-08-11 01:14:53
redhatcve
redhatcve
CVE-2019-9946
2020-04-02 14:08:46
CVE-2019-10214
2020-01-19 09:45:16
CVE-2019-14378
2020-04-09 10:06:01
openvas
openvas
Fedora Update for containernetworking-plugins FEDORA-2019-d2b57d3b19
2019-06-13 00:00:00
Fedora Update for containernetworking-plugins FEDORA-2019-24217abfdf
2019-06-15 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0712-1)
2021-06-09 00:00:00
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2019-2.0-0148
2019-04-03 00:00:00
Important Photon OS Security Update - PHSA-2019-0148
2019-04-03 00:00:00
suse
suse
Security update for skopeo (important)
2019-09-15 00:00:00
Security update for podman (moderate)
2019-09-17 00:00:00
Security update for buildah (important)
2019-09-15 00:00:00
prion
prion
Authorization
2019-11-25 11:15:00
Code injection
2019-04-02 18:30:00
Heap overflow
2019-07-29 11:15:00
cloudfoundry
cloudfoundry
CVE-2019-9946: Kubernetes affecting certain network configurations with CNI | Cloud Foundry
2019-04-01 00:00:00
ibm
ibm
Security Bulletin: IBM Cloud Kubernetes Service is affected by a CNI security vulnerability
2019-04-09 15:50:01
Security Bulletin: API Connect V2018 is impacted by a security degradation vulnerability in Kubernetes (CVE-2019-9946)
2019-05-19 14:50:01
Security Bulletin: IBM Cloud Private for Data is affected multiple security vulnerabilities in IBM Cloud Private Kubernetes
2019-10-03 22:50:40
ubuntucve
ubuntucve
CVE-2019-9946
2019-04-02 00:00:00
CVE-2019-10214
2019-11-25 00:00:00
CVE-2019-14378
2019-07-29 00:00:00
cve
cve
CVE-2019-9946
2019-04-02 18:30:00
CVE-2019-10214
2019-11-25 11:15:00
CVE-2019-14378
2019-07-29 11:15:00
alpinelinux
alpinelinux
CVE-2019-9946
2019-04-02 18:30:00
debiancve
debiancve
CVE-2019-9946
2019-04-02 18:30:00
CVE-2019-10214
2019-11-25 11:15:00
CVE-2019-14378
2019-07-29 11:15:00
github
github
containers/image library Insufficiently Protects Credentials
2022-02-15 01:57:18
amazon
amazon
Important: qemu
2020-03-02 23:45:00
Important: qemu-kvm
2020-11-14 01:23:00
f5
f5
K25423748 : QEMU vulnerability CVE-2019-14378
2019-09-06 00:00:00
packetstorm
packetstorm
QEMU Denial Of Service
2019-08-30 00:00:00
zdt
zdt
QEMU - Denial of Service Exploit
2019-08-30 00:00:00
hackerone
hackerone
Kubernetes: IPv4 only clusters susceptible to MitM attacks via IPv6 rogue router advertisements
2020-03-15 17:34:18
debian
debian
[SECURITY] [DSA 4512-1] qemu security update
2019-09-02 17:58:18
[SECURITY] [DSA 4506-1] qemu security update
2019-08-24 09:55:59
centos
centos
qemu security update
2020-02-06 00:20:07
qemu security update
2020-03-10 20:44:03
ubuntu
ubuntu
QEMU vulnerabilities
2019-11-14 00:00:00
QEMU vulnerabilities
2019-11-14 00:00:00

7.4 High

AI Score

Confidence

Low

JSON
Related for ROCKY_LINUX_RLSA-2019-3403.NASL
osv11rocky2nessus66redhat19oraclelinux16almalinux2veracode3fedora3redhatcve3openvas31photon2suse10prion3cloudfoundry1ibm4ubuntucve3cve3alpinelinux1debiancve3github1amazon2f51packetstorm1zdt1hackerone1debian2centos2ubuntu2