Lucene search
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.ROCKY_LINUX_RLSA-2022-370.NASLHistoryFeb 09, 2022 - 12:00 a.m.
Rocky Linux 8 : cryptsetup (RLSA-2022:370)
2022-02-0900:00:00
This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
48
4.3 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
30.4%
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:370 advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from
# Rocky Linux Security Advisory RLSA-2022:370.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(157786);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/12/13");
script_cve_id("CVE-2021-4122");
script_xref(name:"RLSA", value:"2022:370");
script_name(english:"Rocky Linux 8 : cryptsetup (RLSA-2022:370)");
script_set_attribute(attribute:"synopsis", value:
"The remote Rocky Linux host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the
RLSA-2022:370 advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://errata.rockylinux.org/RLSA-2022:370");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2032401");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-4122");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/02/01");
script_set_attribute(attribute:"patch_publication_date", value:"2022/02/02");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/02/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:cryptsetup");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:cryptsetup-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:cryptsetup-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:cryptsetup-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:cryptsetup-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:cryptsetup-libs-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:cryptsetup-reencrypt");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:cryptsetup-reencrypt-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:integritysetup");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:integritysetup-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:veritysetup");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:veritysetup-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:rocky:linux:8");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Rocky Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RockyLinux/release", "Host/RockyLinux/rpm-list", "Host/cpu");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/RockyLinux/release');
if (isnull(release) || 'Rocky Linux' >!< release) audit(AUDIT_OS_NOT, 'Rocky Linux');
var os_ver = pregmatch(pattern: "Rocky(?: Linux)? release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');
var os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);
if (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);
var pkgs = [
{'reference':'cryptsetup-2.3.3-4.el8_5.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'cryptsetup-2.3.3-4.el8_5.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'cryptsetup-debuginfo-2.3.3-4.el8_5.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'cryptsetup-debuginfo-2.3.3-4.el8_5.1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'cryptsetup-debuginfo-2.3.3-4.el8_5.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'cryptsetup-debugsource-2.3.3-4.el8_5.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'cryptsetup-debugsource-2.3.3-4.el8_5.1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'cryptsetup-debugsource-2.3.3-4.el8_5.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'cryptsetup-devel-2.3.3-4.el8_5.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'cryptsetup-devel-2.3.3-4.el8_5.1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'cryptsetup-devel-2.3.3-4.el8_5.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'cryptsetup-libs-2.3.3-4.el8_5.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'cryptsetup-libs-2.3.3-4.el8_5.1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'cryptsetup-libs-2.3.3-4.el8_5.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'cryptsetup-libs-debuginfo-2.3.3-4.el8_5.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'cryptsetup-libs-debuginfo-2.3.3-4.el8_5.1', 'cpu':'i686', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'cryptsetup-libs-debuginfo-2.3.3-4.el8_5.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'cryptsetup-reencrypt-2.3.3-4.el8_5.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'cryptsetup-reencrypt-2.3.3-4.el8_5.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'cryptsetup-reencrypt-debuginfo-2.3.3-4.el8_5.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'cryptsetup-reencrypt-debuginfo-2.3.3-4.el8_5.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'integritysetup-2.3.3-4.el8_5.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'integritysetup-2.3.3-4.el8_5.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'integritysetup-debuginfo-2.3.3-4.el8_5.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'integritysetup-debuginfo-2.3.3-4.el8_5.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'veritysetup-2.3.3-4.el8_5.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'veritysetup-2.3.3-4.el8_5.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'veritysetup-debuginfo-2.3.3-4.el8_5.1', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'veritysetup-debuginfo-2.3.3-4.el8_5.1', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var release = NULL;
var sp = NULL;
var cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = 'Rocky-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {
if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cryptsetup / cryptsetup-debuginfo / cryptsetup-debugsource / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| rocky | linux | cryptsetup | p-cpe:/a:rocky:linux:cryptsetup |
| rocky | linux | cryptsetup-debuginfo | p-cpe:/a:rocky:linux:cryptsetup-debuginfo |
| rocky | linux | cryptsetup-debugsource | p-cpe:/a:rocky:linux:cryptsetup-debugsource |
| rocky | linux | cryptsetup-devel | p-cpe:/a:rocky:linux:cryptsetup-devel |
| rocky | linux | cryptsetup-libs | p-cpe:/a:rocky:linux:cryptsetup-libs |
| rocky | linux | cryptsetup-libs-debuginfo | p-cpe:/a:rocky:linux:cryptsetup-libs-debuginfo |
| rocky | linux | cryptsetup-reencrypt | p-cpe:/a:rocky:linux:cryptsetup-reencrypt |
| rocky | linux | cryptsetup-reencrypt-debuginfo | p-cpe:/a:rocky:linux:cryptsetup-reencrypt-debuginfo |
| rocky | linux | integritysetup | p-cpe:/a:rocky:linux:integritysetup |
| rocky | linux | integritysetup-debuginfo | p-cpe:/a:rocky:linux:integritysetup-debuginfo |
Related
nessus
nessus
EulerOS 2.0 SP9 : cryptsetup (EulerOS-SA-2022-2308)
2022-09-14 00:00:00
EulerOS 2.0 SP10 : cryptsetup (EulerOS-SA-2022-2424)
2022-10-08 00:00:00
EulerOS 2.0 SP10 : cryptsetup (EulerOS-SA-2022-2411)
2022-10-08 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: cryptsetup-2.3.7-1.fc34
2022-01-26 23:40:21
[SECURITY] Fedora 35 Update: cryptsetup-2.4.3-1.fc35
2022-01-16 01:23:06
ubuntu
ubuntu
cryptsetup vulnerability
2022-02-15 00:00:00
veracode
veracode
Insecure Cryptography
2022-01-18 20:50:21
prion
prion
Code injection
2022-08-24 16:15:00
redhatcve
redhatcve
CVE-2021-4122
2022-01-13 09:15:59
osv
osv
CVE-2021-4122
2022-08-24 16:15:09
Moderate: cryptsetup security update
2022-02-01 20:13:30
cryptsetup - security update
2022-02-10 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-5070-1)
2022-02-17 00:00:00
Huawei EulerOS: Security Advisory for cryptsetup (EulerOS-SA-2022-2411)
2022-10-10 00:00:00
Huawei EulerOS: Security Advisory for cryptsetup (EulerOS-SA-2022-2308)
2022-09-14 00:00:00
rocky
rocky
cryptsetup security update
2022-02-01 20:13:30
cryptsetup security update
2022-02-02 04:36:32
mageia
mageia
Updated cryptsetup packages fix security vulnerability
2022-02-03 23:29:44
ubuntucve
ubuntucve
CVE-2021-4122
2022-01-13 00:00:00
thn
thn
Patching the CentOS 8 Encryption Bug is Urgent – What Are Your Plans?
2022-01-27 12:50:00
cbl_mariner
cbl_mariner
CVE-2021-4122 affecting package cryptsetup 2.3.3-2
2022-10-13 00:40:13
almalinux
almalinux
Moderate: cryptsetup security update
2022-02-01 20:13:30
cvelist
cvelist
CVE-2021-4122
2022-08-24 15:08:58
cve
cve
CVE-2021-4122
2022-08-24 16:15:09
redhat
redhat
(RHSA-2022:0370) Moderate: cryptsetup security update
2022-02-01 20:13:30
(RHSA-2022:0687) Moderate: OpenShift API for Data Protection (OADP) 1.0.1 security and bug fix update
2022-02-28 09:35:55
(RHSA-2022:0476) Important: Red Hat OpenShift GitOps security update
2022-02-08 22:00:22
debian
debian
[SECURITY] [DSA 5070-1] cryptsetup security update
2022-02-10 19:33:39
nvd
nvd
CVE-2021-4122
2022-08-24 16:15:09
alpinelinux
alpinelinux
CVE-2021-4122
2022-08-24 16:15:09
oraclelinux
oraclelinux
cryptsetup security update
2022-02-02 00:00:00
debiancve
debiancve
CVE-2021-4122
2022-08-24 16:15:09
suse
suse
Security update for varnish (moderate)
2022-06-15 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2022-0353
2022-01-19 00:00:00
Critical Photon OS Security Update - PHSA-2022-3.0-0353
2022-01-19 00:00:00
Critical Photon OS Security Update - PHSA-2022-0145
2022-01-22 00:00:00
ibm
ibm
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00
4.3 Medium
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.001 Low
EPSS
Percentile
30.4%
Related for ROCKY_LINUX_RLSA-2022-370.NASL