Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ROCKY_LINUX_RLSA-2022-5799.NASL
HistoryFeb 06, 2023 - 12:00 a.m.

Rocky Linux 9 : go-toolset and golang (RLSA-2022:5799)

2023-02-0600:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8

8.4 High

AI Score

Confidence

Low

JSON

The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:5799 advisory.

  • Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.
    (CVE-2022-29526)

  • Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. (CVE-2022-1705)

  • Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations. (CVE-2022-1962)

  • encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. (CVE-2022-24675)

  • regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. (CVE-2022-24921)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Rocky Linux Security Advisory RLSA-2022:5799.
##

include('compat.inc');

if (description)
{
  script_id(171016);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/07");

  script_cve_id(
    "CVE-2022-1705",
    "CVE-2022-1962",
    "CVE-2022-24675",
    "CVE-2022-24921",
    "CVE-2022-28131",
    "CVE-2022-28327",
    "CVE-2022-29526",
    "CVE-2022-30629",
    "CVE-2022-30630",
    "CVE-2022-30631",
    "CVE-2022-30632",
    "CVE-2022-30633",
    "CVE-2022-30635",
    "CVE-2022-32148"
  );
  script_xref(name:"RLSA", value:"2022:5799");

  script_name(english:"Rocky Linux 9 : go-toolset and golang (RLSA-2022:5799)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Rocky Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Rocky Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the
RLSA-2022:5799 advisory.

  - Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero
    flags parameter, the Faccessat function could incorrectly report that a file is accessible.
    (CVE-2022-29526)

  - Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12
    and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly
    fails to reject the header as invalid. (CVE-2022-1705)

  - Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an
    attacker to cause a panic due to stack exhaustion via deeply nested types or declarations. (CVE-2022-1962)

  - encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount
    of PEM data. (CVE-2022-24675)

  - regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested
    expression. (CVE-2022-24921)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://errata.rockylinux.org/RLSA-2022:5799");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2107342");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2107371");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2107374");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2107376");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2107383");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2107386");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2107388");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2107390");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2107392");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-29526");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-32148");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/08/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/08/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/02/06");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:go-toolset");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:golang");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:golang-bin");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:golang-docs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:golang-misc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:golang-race");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:golang-src");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:golang-tests");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rocky:linux:9");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Rocky Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RockyLinux/release", "Host/RockyLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RockyLinux/release');
if (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');
var os_ver = pregmatch(pattern: "Rocky(?: Linux)? release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 9.x', 'Rocky Linux ' + os_ver);

if (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);

var pkgs = [
    {'reference':'go-toolset-1.17.12-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'go-toolset-1.17.12-1.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'go-toolset-1.17.12-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'golang-1.17.12-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'golang-1.17.12-1.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'golang-1.17.12-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'golang-bin-1.17.12-1.el9_0', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'golang-bin-1.17.12-1.el9_0', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'golang-bin-1.17.12-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'golang-docs-1.17.12-1.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'golang-misc-1.17.12-1.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'golang-race-1.17.12-1.el9_0', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'golang-src-1.17.12-1.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'golang-tests-1.17.12-1.el9_0', 'release':'9', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'go-toolset / golang / golang-bin / golang-docs / golang-misc / etc');
}
VendorProductVersionCPE
rockylinuxgo-toolsetp-cpe:/a:rocky:linux:go-toolset
rockylinuxgolangp-cpe:/a:rocky:linux:golang
rockylinuxgolang-binp-cpe:/a:rocky:linux:golang-bin
rockylinuxgolang-docsp-cpe:/a:rocky:linux:golang-docs
rockylinuxgolang-miscp-cpe:/a:rocky:linux:golang-misc
rockylinuxgolang-racep-cpe:/a:rocky:linux:golang-race
rockylinuxgolang-srcp-cpe:/a:rocky:linux:golang-src
rockylinuxgolang-testsp-cpe:/a:rocky:linux:golang-tests
rockylinux9cpe:/o:rocky:linux:9

References

Related

nessus 78
osv 21
redhat 22
rocky 9
altlinux 2
freebsd 1
almalinux 10
oraclelinux 12
mageia 1
openvas 13
ibm 10
amazon 11
suse 2
fedora 1
photon 4
ubuntu 2
nessus
nessus
RHEL 9 : go-toolset and golang (RHSA-2022:5799)
2022-08-01 00:00:00
RHEL 8 : go-toolset:rhel8 (RHSA-2022:5775)
2022-08-01 00:00:00
RHEL 7 : go-toolset-1.17 and go-toolset-1.17-golang (RHSA-2022:5866)
2022-08-02 00:00:00
osv
osv
Important: go-toolset and golang security and bug fix update
2022-08-01 15:29:25
Important: go-toolset and golang security and bug fix update
2022-08-01 00:00:00
Important: go-toolset:rhel8 security and bug fix update
2022-08-01 08:57:38
redhat
redhat
(RHSA-2022:5799) Important: go-toolset and golang security and bug fix update
2022-08-01 15:29:25
(RHSA-2022:6152) Important: Secondary Scheduler Operator for Red Hat OpenShift 1.1.0 security update
2022-09-01 05:38:54
(RHSA-2022:5866) Important: go-toolset-1.17 and go-toolset-1.17-golang security and bug fix update
2022-08-02 08:55:32
rocky
rocky
go-toolset and golang security and bug fix update
2022-08-01 15:29:25
go-toolset:rhel8 security and bug fix update
2022-08-01 08:57:38
grafana-pcp security update
2022-11-15 06:19:30
altlinux
altlinux
Security fix for the ALT Linux 10 package golang version 1.17.12-alt1.p10
2022-07-29 00:00:00
Security fix for the ALT Linux 10 package golang version 1.18.4-alt1
2022-07-28 00:00:00
freebsd
freebsd
go -- multiple vulnerabilities
2022-07-12 00:00:00
almalinux
almalinux
Important: go-toolset and golang security and bug fix update
2022-08-01 00:00:00
Important: go-toolset:rhel8 security and bug fix update
2022-08-01 00:00:00
Moderate: grafana-pcp security update
2022-11-15 00:00:00
oraclelinux
oraclelinux
go-toolset:ol8 security and bug fix update
2022-08-03 00:00:00
go-toolset and golang security and bug fix update
2022-08-02 00:00:00
ol8addon security update
2022-11-07 00:00:00
mageia
mageia
Updated golang packages fix security vulnerability
2022-07-16 22:58:20
openvas
openvas
Mageia: Security Advisory (MGASA-2022-0262)
2022-07-18 00:00:00
openSUSE: Security Advisory for go1.18 (SUSE-SU-2022:2672-1)
2022-08-05 00:00:00
openSUSE: Security Advisory for go1.17 (SUSE-SU-2022:2671-1)
2022-08-05 00:00:00
ibm
ibm
Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to multiple Go vulnerabilities
2022-10-07 17:42:10
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in Go
2023-01-30 16:52:23
Security Bulletin: IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of Golang Go
2023-02-01 11:07:08
amazon
amazon
Important: golist
2022-09-15 04:46:00
Important: golang-googlecode-sqlite
2022-10-17 21:46:00
Important: golang
2022-09-15 04:46:00
suse
suse
Security update for go1.18 (important)
2022-08-04 00:00:00
Security update for go1.17 (important)
2022-08-04 00:00:00
fedora
fedora
[SECURITY] Fedora 35 Update: fzf-0.29.0-2.fc35
2022-08-17 01:36:21
photon
photon
Important Photon OS Security Update - PHSA-2022-0242
2022-09-07 00:00:00
Important Photon OS Security Update - PHSA-2022-4.0-0242
2022-09-07 00:00:00
Critical Photon OS Security Update - PHSA-2022-0512
2022-09-06 00:00:00
ubuntu
ubuntu
Go vulnerabilities
2024-01-09 00:00:00
Go vulnerabilities
2023-04-25 00:00:00

8.4 High

AI Score

Confidence

Low

JSON
Related for ROCKY_LINUX_RLSA-2022-5799.NASL
nessus78osv21redhat22rocky9altlinux2freebsd1almalinux10oraclelinux12mageia1openvas13ibm10amazon11suse2fedora1photon4ubuntu2