9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
41.7%
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:2231 advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Rocky Linux Security Advisory RLSA-2020:2231.
##
include('compat.inc');
if (description)
{
script_id(185032);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/07");
script_cve_id("CVE-2020-1716");
script_xref(name:"RLSA", value:"2020:2231");
script_name(english:"Rocky Linux 8 : Rocky Enterprise Software Foundation Ceph Storage 4.1 (RLSA-2020:2231)");
script_set_attribute(attribute:"synopsis", value:
"The remote Rocky Linux host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the
RLSA-2020:2231 advisory.
- A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used
as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to
brute-force Ceph deployments, and gain administrator access to Ceph clusters via the Ceph dashboard to
initiate read, write, and delete Ceph clusters and also modify Ceph cluster configurations. Versions
before ceph-ansible 6.0.0alpha1 are affected. (CVE-2020-1716)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://errata.rockylinux.org/RLSA-2020:2231");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1274084");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1553202");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1581421");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1625951");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1639817");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1656512");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1658491");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1665683");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1678701");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1679924");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1687971");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1716815");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1716972");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1719446");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1724428");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1731148");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1731554");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1734583");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1738334");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1741677");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1743388");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1744276");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1746491");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1747206");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1747516");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1759700");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1759716");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1759725");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1759727");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1760126");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1760129");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1760219");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1761474");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1761743");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1762170");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1762197");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1762852");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1764431");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1765517");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1765530");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1765536");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1767144");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1771206");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1771208");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1775218");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1775266");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1775404");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1777064");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1777380");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1779186");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1782253");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1783223");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1784011");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1784405");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1784729");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1784746");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1784895");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1785363");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1785472");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1785474");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1785475");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1785476");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1785477");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1785478");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1785580");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1785646");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1785736");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1786107");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1786173");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1786287");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1786457");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1786684");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1788347");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1788917");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1789357");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1790472");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1790479");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1791174");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1792222");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1792225");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1792230");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1792320");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1793542");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1793564");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1794351");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1794713");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1794715");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1795406");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1795592");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1796160");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1796453");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1796853");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1797161");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1797817");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1798153");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1798718");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1798719");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1798781");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1802199");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1805347");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1805391");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1805643");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1807085");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1807184");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1808046");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1808345");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1808495");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1809242");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1810121");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1810551");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1810610");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1810884");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1810948");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1811547");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1813349");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1814082");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1814380");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1814542");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1814806");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1814942");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1815211");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1815239");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1815261");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1815390");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1815579");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1816713");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1816989");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1817069");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1817586");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1817985");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1819302");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1819681");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1820233");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1820272");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1820560");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1821784");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1822153");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1822328");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1822482");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1822599");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1822902");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1822905");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1823975");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1824263");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1825104");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1825149");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1825288");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1825827");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1825988");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1826884");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1827299");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1827781");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1827785");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1827789");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1827799");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1829804");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1831119");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1831285");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1831342");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1833063");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1834790");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1837206");
script_set_attribute(attribute:"solution", value:
"Update the affected smartmontools, smartmontools-debuginfo and / or smartmontools-debugsource packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-1716");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/05/19");
script_set_attribute(attribute:"patch_publication_date", value:"2020/05/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/07");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:smartmontools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:smartmontools-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:smartmontools-debugsource");
script_set_attribute(attribute:"cpe", value:"cpe:/o:rocky:linux:8");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Rocky Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RockyLinux/release", "Host/RockyLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RockyLinux/release');
if (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');
var os_ver = pregmatch(pattern: "Rocky(?: Linux)? release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);
if (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);
var pkgs = [
{'reference':'smartmontools-7.1-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'smartmontools-debuginfo-7.1-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'smartmontools-debugsource-7.1-1.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'smartmontools / smartmontools-debuginfo / smartmontools-debugsource');
}
Vendor | Product | Version | CPE |
---|---|---|---|
rocky | linux | smartmontools | p-cpe:/a:rocky:linux:smartmontools |
rocky | linux | smartmontools-debuginfo | p-cpe:/a:rocky:linux:smartmontools-debuginfo |
rocky | linux | smartmontools-debugsource | p-cpe:/a:rocky:linux:smartmontools-debugsource |
rocky | linux | 8 | cpe:/o:rocky:linux:8 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1716
bugzilla.redhat.com/show_bug.cgi?id=1274084
bugzilla.redhat.com/show_bug.cgi?id=1553202
bugzilla.redhat.com/show_bug.cgi?id=1581421
bugzilla.redhat.com/show_bug.cgi?id=1625951
bugzilla.redhat.com/show_bug.cgi?id=1639817
bugzilla.redhat.com/show_bug.cgi?id=1656512
bugzilla.redhat.com/show_bug.cgi?id=1658491
bugzilla.redhat.com/show_bug.cgi?id=1665683
bugzilla.redhat.com/show_bug.cgi?id=1678701
bugzilla.redhat.com/show_bug.cgi?id=1679924
bugzilla.redhat.com/show_bug.cgi?id=1687971
bugzilla.redhat.com/show_bug.cgi?id=1716815
bugzilla.redhat.com/show_bug.cgi?id=1716972
bugzilla.redhat.com/show_bug.cgi?id=1719446
bugzilla.redhat.com/show_bug.cgi?id=1724428
bugzilla.redhat.com/show_bug.cgi?id=1731148
bugzilla.redhat.com/show_bug.cgi?id=1731554
bugzilla.redhat.com/show_bug.cgi?id=1734583
bugzilla.redhat.com/show_bug.cgi?id=1738334
bugzilla.redhat.com/show_bug.cgi?id=1741677
bugzilla.redhat.com/show_bug.cgi?id=1743388
bugzilla.redhat.com/show_bug.cgi?id=1744276
bugzilla.redhat.com/show_bug.cgi?id=1746491
bugzilla.redhat.com/show_bug.cgi?id=1747206
bugzilla.redhat.com/show_bug.cgi?id=1747516
bugzilla.redhat.com/show_bug.cgi?id=1759700
bugzilla.redhat.com/show_bug.cgi?id=1759716
bugzilla.redhat.com/show_bug.cgi?id=1759725
bugzilla.redhat.com/show_bug.cgi?id=1759727
bugzilla.redhat.com/show_bug.cgi?id=1760126
bugzilla.redhat.com/show_bug.cgi?id=1760129
bugzilla.redhat.com/show_bug.cgi?id=1760219
bugzilla.redhat.com/show_bug.cgi?id=1761474
bugzilla.redhat.com/show_bug.cgi?id=1761743
bugzilla.redhat.com/show_bug.cgi?id=1762170
bugzilla.redhat.com/show_bug.cgi?id=1762197
bugzilla.redhat.com/show_bug.cgi?id=1762852
bugzilla.redhat.com/show_bug.cgi?id=1764431
bugzilla.redhat.com/show_bug.cgi?id=1765517
bugzilla.redhat.com/show_bug.cgi?id=1765530
bugzilla.redhat.com/show_bug.cgi?id=1765536
bugzilla.redhat.com/show_bug.cgi?id=1767144
bugzilla.redhat.com/show_bug.cgi?id=1771206
bugzilla.redhat.com/show_bug.cgi?id=1771208
bugzilla.redhat.com/show_bug.cgi?id=1775218
bugzilla.redhat.com/show_bug.cgi?id=1775266
bugzilla.redhat.com/show_bug.cgi?id=1775404
bugzilla.redhat.com/show_bug.cgi?id=1777064
bugzilla.redhat.com/show_bug.cgi?id=1777380
bugzilla.redhat.com/show_bug.cgi?id=1779186
bugzilla.redhat.com/show_bug.cgi?id=1782253
bugzilla.redhat.com/show_bug.cgi?id=1783223
bugzilla.redhat.com/show_bug.cgi?id=1784011
bugzilla.redhat.com/show_bug.cgi?id=1784405
bugzilla.redhat.com/show_bug.cgi?id=1784729
bugzilla.redhat.com/show_bug.cgi?id=1784746
bugzilla.redhat.com/show_bug.cgi?id=1784895
bugzilla.redhat.com/show_bug.cgi?id=1785363
bugzilla.redhat.com/show_bug.cgi?id=1785472
bugzilla.redhat.com/show_bug.cgi?id=1785474
bugzilla.redhat.com/show_bug.cgi?id=1785475
bugzilla.redhat.com/show_bug.cgi?id=1785476
bugzilla.redhat.com/show_bug.cgi?id=1785477
bugzilla.redhat.com/show_bug.cgi?id=1785478
bugzilla.redhat.com/show_bug.cgi?id=1785580
bugzilla.redhat.com/show_bug.cgi?id=1785646
bugzilla.redhat.com/show_bug.cgi?id=1785736
bugzilla.redhat.com/show_bug.cgi?id=1786107
bugzilla.redhat.com/show_bug.cgi?id=1786173
bugzilla.redhat.com/show_bug.cgi?id=1786287
bugzilla.redhat.com/show_bug.cgi?id=1786457
bugzilla.redhat.com/show_bug.cgi?id=1786684
bugzilla.redhat.com/show_bug.cgi?id=1788347
bugzilla.redhat.com/show_bug.cgi?id=1788917
bugzilla.redhat.com/show_bug.cgi?id=1789357
bugzilla.redhat.com/show_bug.cgi?id=1790472
bugzilla.redhat.com/show_bug.cgi?id=1790479
bugzilla.redhat.com/show_bug.cgi?id=1791174
bugzilla.redhat.com/show_bug.cgi?id=1792222
bugzilla.redhat.com/show_bug.cgi?id=1792225
bugzilla.redhat.com/show_bug.cgi?id=1792230
bugzilla.redhat.com/show_bug.cgi?id=1792320
bugzilla.redhat.com/show_bug.cgi?id=1793542
bugzilla.redhat.com/show_bug.cgi?id=1793564
bugzilla.redhat.com/show_bug.cgi?id=1794351
bugzilla.redhat.com/show_bug.cgi?id=1794713
bugzilla.redhat.com/show_bug.cgi?id=1794715
bugzilla.redhat.com/show_bug.cgi?id=1795406
bugzilla.redhat.com/show_bug.cgi?id=1795592
bugzilla.redhat.com/show_bug.cgi?id=1796160
bugzilla.redhat.com/show_bug.cgi?id=1796453
bugzilla.redhat.com/show_bug.cgi?id=1796853
bugzilla.redhat.com/show_bug.cgi?id=1797161
bugzilla.redhat.com/show_bug.cgi?id=1797817
bugzilla.redhat.com/show_bug.cgi?id=1798153
bugzilla.redhat.com/show_bug.cgi?id=1798718
bugzilla.redhat.com/show_bug.cgi?id=1798719
bugzilla.redhat.com/show_bug.cgi?id=1798781
bugzilla.redhat.com/show_bug.cgi?id=1802199
bugzilla.redhat.com/show_bug.cgi?id=1805347
bugzilla.redhat.com/show_bug.cgi?id=1805391
bugzilla.redhat.com/show_bug.cgi?id=1805643
bugzilla.redhat.com/show_bug.cgi?id=1807085
bugzilla.redhat.com/show_bug.cgi?id=1807184
bugzilla.redhat.com/show_bug.cgi?id=1808046
bugzilla.redhat.com/show_bug.cgi?id=1808345
bugzilla.redhat.com/show_bug.cgi?id=1808495
bugzilla.redhat.com/show_bug.cgi?id=1809242
bugzilla.redhat.com/show_bug.cgi?id=1810121
bugzilla.redhat.com/show_bug.cgi?id=1810551
bugzilla.redhat.com/show_bug.cgi?id=1810610
bugzilla.redhat.com/show_bug.cgi?id=1810884
bugzilla.redhat.com/show_bug.cgi?id=1810948
bugzilla.redhat.com/show_bug.cgi?id=1811547
bugzilla.redhat.com/show_bug.cgi?id=1813349
bugzilla.redhat.com/show_bug.cgi?id=1814082
bugzilla.redhat.com/show_bug.cgi?id=1814380
bugzilla.redhat.com/show_bug.cgi?id=1814542
bugzilla.redhat.com/show_bug.cgi?id=1814806
bugzilla.redhat.com/show_bug.cgi?id=1814942
bugzilla.redhat.com/show_bug.cgi?id=1815211
bugzilla.redhat.com/show_bug.cgi?id=1815239
bugzilla.redhat.com/show_bug.cgi?id=1815261
bugzilla.redhat.com/show_bug.cgi?id=1815390
bugzilla.redhat.com/show_bug.cgi?id=1815579
bugzilla.redhat.com/show_bug.cgi?id=1816713
bugzilla.redhat.com/show_bug.cgi?id=1816989
bugzilla.redhat.com/show_bug.cgi?id=1817069
bugzilla.redhat.com/show_bug.cgi?id=1817586
bugzilla.redhat.com/show_bug.cgi?id=1817985
bugzilla.redhat.com/show_bug.cgi?id=1819302
bugzilla.redhat.com/show_bug.cgi?id=1819681
bugzilla.redhat.com/show_bug.cgi?id=1820233
bugzilla.redhat.com/show_bug.cgi?id=1820272
bugzilla.redhat.com/show_bug.cgi?id=1820560
bugzilla.redhat.com/show_bug.cgi?id=1821784
bugzilla.redhat.com/show_bug.cgi?id=1822153
bugzilla.redhat.com/show_bug.cgi?id=1822328
bugzilla.redhat.com/show_bug.cgi?id=1822482
bugzilla.redhat.com/show_bug.cgi?id=1822599
bugzilla.redhat.com/show_bug.cgi?id=1822902
bugzilla.redhat.com/show_bug.cgi?id=1822905
bugzilla.redhat.com/show_bug.cgi?id=1823975
bugzilla.redhat.com/show_bug.cgi?id=1824263
bugzilla.redhat.com/show_bug.cgi?id=1825104
bugzilla.redhat.com/show_bug.cgi?id=1825149
bugzilla.redhat.com/show_bug.cgi?id=1825288
bugzilla.redhat.com/show_bug.cgi?id=1825827
bugzilla.redhat.com/show_bug.cgi?id=1825988
bugzilla.redhat.com/show_bug.cgi?id=1826884
bugzilla.redhat.com/show_bug.cgi?id=1827299
bugzilla.redhat.com/show_bug.cgi?id=1827781
bugzilla.redhat.com/show_bug.cgi?id=1827785
bugzilla.redhat.com/show_bug.cgi?id=1827789
bugzilla.redhat.com/show_bug.cgi?id=1827799
bugzilla.redhat.com/show_bug.cgi?id=1829804
bugzilla.redhat.com/show_bug.cgi?id=1831119
bugzilla.redhat.com/show_bug.cgi?id=1831285
bugzilla.redhat.com/show_bug.cgi?id=1831342
bugzilla.redhat.com/show_bug.cgi?id=1833063
bugzilla.redhat.com/show_bug.cgi?id=1834790
bugzilla.redhat.com/show_bug.cgi?id=1837206
errata.rockylinux.org/RLSA-2020:2231
9 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.8 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
41.7%