Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ROCKY_LINUX_RLSA-2022-7185.NASLHistoryNov 07, 2023 - 12:00 a.m.
Rocky Linux 9 : device-mapper-multipath (RLSA-2022:7185)
2023-11-0700:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
rocky linux 9
vulnerability
local privilege escalation
multipath-tools
security issue
unix sockets
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.1
Confidence
High
EPSS
0
Percentile
10.1%
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7185 advisory.
- multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass access controls and manipulate the multipath setup. This can lead to local privilege escalation to root.
This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used instead of bitwise OR. (CVE-2022-41974)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Rocky Linux Security Advisory RLSA-2022:7185.
##
include('compat.inc');
if (description)
{
script_id(184823);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/07");
script_cve_id("CVE-2022-41974");
script_xref(name:"RLSA", value:"2022:7185");
script_name(english:"Rocky Linux 9 : device-mapper-multipath (RLSA-2022:7185)");
script_set_attribute(attribute:"synopsis", value:
"The remote Rocky Linux host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the
RLSA-2022:7185 advisory.
- multipath-tools 0.7.0 through 0.9.x before 0.9.2 allows local users to obtain root access, as exploited
alone or in conjunction with CVE-2022-41973. Local users able to write to UNIX domain sockets can bypass
access controls and manipulate the multipath setup. This can lead to local privilege escalation to root.
This occurs because an attacker can repeat a keyword, which is mishandled because arithmetic ADD is used
instead of bitwise OR. (CVE-2022-41974)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://errata.rockylinux.org/RLSA-2022:7185");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2133988");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-41974");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/25");
script_set_attribute(attribute:"patch_publication_date", value:"2022/10/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/07");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:device-mapper-multipath");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:device-mapper-multipath-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:device-mapper-multipath-debugsource");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:device-mapper-multipath-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:device-mapper-multipath-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:device-mapper-multipath-libs-debuginfo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:kpartx");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:kpartx-debuginfo");
script_set_attribute(attribute:"cpe", value:"cpe:/o:rocky:linux:9");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Rocky Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RockyLinux/release", "Host/RockyLinux/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RockyLinux/release');
if (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');
var os_ver = pregmatch(pattern: "Rocky(?: Linux)? release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^9([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 9.x', 'Rocky Linux ' + os_ver);
if (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);
var pkgs = [
{'reference':'device-mapper-multipath-0.8.7-7.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'device-mapper-multipath-0.8.7-7.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'device-mapper-multipath-0.8.7-7.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'device-mapper-multipath-debuginfo-0.8.7-7.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'device-mapper-multipath-debuginfo-0.8.7-7.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'device-mapper-multipath-debuginfo-0.8.7-7.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'device-mapper-multipath-debugsource-0.8.7-7.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'device-mapper-multipath-debugsource-0.8.7-7.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'device-mapper-multipath-debugsource-0.8.7-7.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'device-mapper-multipath-devel-0.8.7-7.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'device-mapper-multipath-devel-0.8.7-7.el9_0.1', 'cpu':'i686', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'device-mapper-multipath-devel-0.8.7-7.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'device-mapper-multipath-devel-0.8.7-7.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'device-mapper-multipath-libs-0.8.7-7.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'device-mapper-multipath-libs-0.8.7-7.el9_0.1', 'cpu':'i686', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'device-mapper-multipath-libs-0.8.7-7.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'device-mapper-multipath-libs-0.8.7-7.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'device-mapper-multipath-libs-debuginfo-0.8.7-7.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'device-mapper-multipath-libs-debuginfo-0.8.7-7.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'device-mapper-multipath-libs-debuginfo-0.8.7-7.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kpartx-0.8.7-7.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kpartx-0.8.7-7.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kpartx-0.8.7-7.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kpartx-debuginfo-0.8.7-7.el9_0.1', 'cpu':'aarch64', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kpartx-debuginfo-0.8.7-7.el9_0.1', 'cpu':'s390x', 'release':'9', 'rpm_spec_vers_cmp':TRUE},
{'reference':'kpartx-debuginfo-0.8.7-7.el9_0.1', 'cpu':'x86_64', 'release':'9', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'device-mapper-multipath / device-mapper-multipath-debuginfo / etc');
}
Related
nessus
nessus
GLSA-202311-06 : multipath-tools: Multiple Vulnerabilities
2023-11-27 00:00:00
EulerOS 2.0 SP11 : multipath-tools (EulerOS-SA-2023-1413)
2023-03-07 00:00:00
AlmaLinux 8 : device-mapper-multipath (ALSA-2023:2948)
2023-05-20 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for multipath-tools (EulerOS-SA-2023-1643)
2023-04-27 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3710-1)
2022-10-25 00:00:00
Huawei EulerOS: Security Advisory for multipath-tools (EulerOS-SA-2023-1925)
2023-05-16 00:00:00
osv
osv
multipath-tools - security update
2022-12-29 00:00:00
CVE-2022-41974
2022-10-29 19:15:10
CVE-2022-41973
2022-10-29 18:15:12
f5
f5
K000133058 : device-mapper-multipath vulnerability CVE-2022-41973
2023-03-18 00:00:00
K000133615 : device-mapper-multipath vulnerability CVE-2022-41974
2023-04-28 00:00:00
alpinelinux
alpinelinux
CVE-2022-41973
2022-10-29 18:15:12
CVE-2022-41974
2022-10-29 19:15:10
photon
photon
Important Photon OS Security Update - PHSA-2022-0269
2022-10-24 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0476
2022-10-24 00:00:00
Important Photon OS Security Update - PHSA-2022-0530
2022-10-24 00:00:00
ubuntucve
ubuntucve
CVE-2022-41974
2022-10-24 00:00:00
CVE-2022-41973
2022-10-24 00:00:00
debian
debian
[SECURITY] [DLA 3250-1] multipath-tools security update
2022-12-29 10:45:35
[SECURITY] [DSA 5366-1] multipath-tools security update
2023-03-01 11:29:12
rosalinux
rosalinux
Advisory ROSA-SA-2023-2218
2023-08-22 08:47:43
ubuntu
ubuntu
multipath-tools vulnerabilities
2022-11-17 00:00:00
packetstorm
packetstorm
Leeloo Multipath Authorization Bypass / Symlink Attack
2022-10-31 00:00:00
snap-confine must_mkdir_and_open_with_perms() Race Condition
2022-12-09 00:00:00
gentoo
gentoo
multipath-tools: Multiple Vulnerabilities
2023-11-25 00:00:00
suse
suse
Security update for multipath-tools (important)
2022-10-24 00:00:00
Security update for multipath-tools (important)
2022-10-24 00:00:00
Security update for multipath-tools (important)
2022-10-24 00:00:00
nvd
nvd
cve
cve
debiancve
debiancve
CVE-2022-41973
2022-10-29 18:15:12
CVE-2022-41974
2022-10-29 19:15:10
prion
prion
Privilege escalation
2022-10-29 18:15:00
Privilege escalation
2022-10-29 19:15:00
Privilege escalation
2023-03-29 21:15:00
fedora
fedora
[SECURITY] Fedora 36 Update: device-mapper-multipath-0.8.7-9.fc36
2022-11-10 16:19:06
mageia
mageia
Updated multipath-tools packages fix security vulnerabilities
2024-03-18 19:12:23
cvelist
cvelist
redhatcve
redhatcve
hivepro
hivepro
Linux flaws could be chained together to achieve root access
2022-12-09 05:58:41
amazon
amazon
Important: device-mapper-multipath
2022-12-01 20:31:00
cloudfoundry
cloudfoundry
USN-5731-1: multipath-tools vulnerabilities | Cloud Foundry
2022-12-07 00:00:00
qualysblog
qualysblog
Leeloo Multipath: Authorization bypass and symlink attack in multipathd (CVE-2022-41974 and CVE-2022-41973)
2022-10-26 01:57:00
Snapd Race Condition Vulnerability in snap-confine’s must_mkdir_and_open_with_perms() (CVE-2022-3328)
2022-11-30 23:29:05
Qualys Research Team: Threat Thursdays, October 2022
2022-10-28 00:58:53
veracode
veracode
Privilege Escalation
2022-11-19 14:27:14
Authorization Bypass
2022-11-10 00:22:58
Privilege Escalation
2023-01-18 00:45:31
oraclelinux
oraclelinux
device-mapper-multipath security and bug fix update
2023-05-24 00:00:00
device-mapper-multipath security and bug fix update
2023-05-15 00:00:00
device-mapper-multipath security update
2022-10-26 00:00:00
centos
centos
device, kpartx, libdmmp security update
2022-11-30 23:01:43
redhat
redhat
(RHSA-2024:1110) Moderate: device-mapper-multipath security update
2024-03-05 10:45:01
cbl_mariner
cbl_mariner
CVE-2022-41973 affecting package device-mapper-multipath for versions less than 0.8.6-4
2023-01-17 16:46:46
CVE-2022-41973 affecting package device-mapper-multipath 0.8.6-1
2024-09-19 09:11:54
CVE-2022-41974 affecting package device-mapper-multipath 0.8.6-1
2024-09-19 09:11:54
almalinux
almalinux
Moderate: device-mapper-multipath security and bug fix update
2023-05-16 00:00:00
Moderate: device-mapper-multipath security and bug fix update
2023-05-09 00:00:00
Important: device-mapper-multipath security update
2022-10-25 00:00:00
rocky
rocky
device-mapper-multipath security update
2022-10-25 14:41:37
device-mapper-multipath security update
2022-10-25 14:24:42
device-mapper-multipath security update
2022-11-15 15:35:59
redos
redos
ROS-20230217-01
2023-02-17 00:00:00
thn
thn
zdt
zdt
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
7.1
Confidence
High
EPSS
0
Percentile
10.1%
Related for ROCKY_LINUX_RLSA-2022-7185.NASL