Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2023-1849-1.NASL
HistoryApr 15, 2023 - 12:00 a.m.

SUSE SLES15 / openSUSE 15 Security Update : apache2-mod_auth_openidc (SUSE-SU-2023:1849-1)

2023-04-1500:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
JSON

The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:1849-1 advisory.

  • mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when OIDCStripCookies is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using OIDCStripCookies. (CVE-2023-28625)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2023:1849-1. The text itself
# is copyright (C) SUSE.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(174376);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/14");

  script_cve_id("CVE-2023-28625");
  script_xref(name:"SuSE", value:"SUSE-SU-2023:1849-1");

  script_name(english:"SUSE SLES15 / openSUSE 15 Security Update : apache2-mod_auth_openidc (SUSE-SU-2023:1849-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES15 / SLES_SAP15 / openSUSE 15 host has a package installed that is affected by a vulnerability
as referenced in the SUSE-SU-2023:1849-1 advisory.

  - mod_auth_openidc is an authentication and authorization module for the Apache 2.x HTTP server that
    implements the OpenID Connect Relying Party functionality. In versions 2.0.0 through 2.4.13.1, when
    `OIDCStripCookies` is set and a crafted cookie supplied, a NULL pointer dereference would occur, resulting
    in a segmentation fault. This could be used in a Denial-of-Service attack and thus presents an
    availability risk. Version 2.4.13.2 contains a patch for this issue. As a workaround, avoid using
    `OIDCStripCookies`. (CVE-2023-28625)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1210073");
  script_set_attribute(attribute:"see_also", value:"https://lists.suse.com/pipermail/sle-updates/2023-April/028818.html");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-28625");
  script_set_attribute(attribute:"solution", value:
"Update the affected apache2-mod_auth_openidc package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-28625");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/04/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/04/14");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:apache2-mod_auth_openidc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES|SUSE)") audit(AUDIT_OS_NOT, "SUSE / openSUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+|SUSE([\d.]+))", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES15|SLES_SAP15|SUSE15\.4)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);

var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(1|2|3|4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES15 SP1/2/3/4", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP15" && (! preg(pattern:"^(1|2|3|4)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP15 SP1/2/3/4", os_ver + " SP" + service_pack);

var pkgs = [
    {'reference':'apache2-mod_auth_openidc-2.3.8-150100.3.25.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},
    {'reference':'apache2-mod_auth_openidc-2.3.8-150100.3.25.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.2']},
    {'reference':'apache2-mod_auth_openidc-2.3.8-150100.3.25.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'apache2-mod_auth_openidc-2.3.8-150100.3.25.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'apache2-mod_auth_openidc-2.3.8-150100.3.25.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
    {'reference':'apache2-mod_auth_openidc-2.3.8-150100.3.25.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3', 'SLE_RT-release-15.3']},
    {'reference':'apache2-mod_auth_openidc-2.3.8-150100.3.25.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},
    {'reference':'apache2-mod_auth_openidc-2.3.8-150100.3.25.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},
    {'reference':'apache2-mod_auth_openidc-2.3.8-150100.3.25.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},
    {'reference':'apache2-mod_auth_openidc-2.3.8-150100.3.25.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},
    {'reference':'apache2-mod_auth_openidc-2.3.8-150100.3.25.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},
    {'reference':'apache2-mod_auth_openidc-2.3.8-150100.3.25.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},
    {'reference':'apache2-mod_auth_openidc-2.3.8-150100.3.25.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'sle-module-server-applications-release-15.4', 'sles-release-15.4']},
    {'reference':'apache2-mod_auth_openidc-2.3.8-150100.3.25.1', 'release':'SUSE15.4', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.4']},
    {'reference':'apache2-mod_auth_openidc-2.3.8-150100.3.25.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.2']},
    {'reference':'apache2-mod_auth_openidc-2.3.8-150100.3.25.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']}
];

var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var exists_check = NULL;
  var rpm_spec_vers_cmp = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (reference && _release) {
    if (exists_check) {
      var check_flag = 0;
      foreach var check (exists_check) {
        if (!rpm_exists(release:_release, rpm:check)) continue;
        if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;
        check_flag++;
      }
      if (!check_flag) continue;
    }
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
  }
}

if (flag)
{
  var ltss_plugin_caveat = NULL;
  if(ltss_caveat_required) ltss_plugin_caveat = '\n' +
    'NOTE: This vulnerability check contains fixes that apply to\n' +
    'packages only available in SUSE Enterprise Linux Server LTSS\n' +
    'repositories. Access to these package security updates require\n' +
    'a paid SUSE LTSS subscription.\n';
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get() + ltss_plugin_caveat
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache2-mod_auth_openidc');
}
VendorProductVersionCPE
novellsuse_linuxapache2-mod_auth_openidcp-cpe:/a:novell:suse_linux:apache2-mod_auth_openidc
novellsuse_linux15cpe:/o:novell:suse_linux:15

Related

osv 5
fedora 1
veracode 1
debiancve 1
prion 1
ubuntucve 1
f5 1
cbl_mariner 1
openvas 5
nessus 7
cvelist 1
debian 2
cve 1
redhatcve 1
almalinux 2
oraclelinux 2
redhat 2
rosalinux 1
osv
osv
CVE-2023-28625
2023-04-03 14:15:07
libapache2-mod-auth-openidc - security update
2023-05-18 00:00:00
Moderate: mod_auth_openidc security and bug fix update
2023-11-07 00:00:00
fedora
fedora
[SECURITY] Fedora 38 Update: mod_auth_openidc-2.4.13.2-1.fc38
2023-05-31 17:34:01
veracode
veracode
NULL Pointer Dereference
2023-08-06 07:40:33
debiancve
debiancve
CVE-2023-28625
2023-04-03 14:15:07
prion
prion
Null pointer dereference
2023-04-03 14:15:00
ubuntucve
ubuntucve
CVE-2023-28625
2023-04-03 00:00:00
f5
f5
K000134597 : mod_auth_openidc vulnerability CVE-2023-28625
2023-05-12 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-28625 affecting package mod_auth_openidc for versions less than 2.4.14.2-1
2023-09-28 12:35:58
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:1849-1)
2023-04-17 00:00:00
Debian: Security Advisory (DSA-5405-1)
2023-05-19 00:00:00
Fedora: Security Advisory for mod_auth_openidc (FEDORA-2023-b534ca7056)
2023-06-01 00:00:00
nessus
nessus
Debian DSA-5405-1 : libapache2-mod-auth-openidc - security update
2023-05-18 00:00:00
Fedora 38 : mod_auth_openidc (2023-b534ca7056)
2023-05-31 00:00:00
Oracle Linux 9 : mod_auth_openidc (ELSA-2023-6365)
2023-11-16 00:00:00
cvelist
cvelist
CVE-2023-28625 mod_auth_openidc core dump when OIDCStripCookies is set and an empty Cookie header is supplied
2023-04-03 13:19:40
debian
debian
[SECURITY] [DSA 5405-1] libapache2-mod-auth-openidc security update
2023-05-18 13:12:59
[SECURITY] [DLA 3409-1] libapache2-mod-auth-openidc security update
2023-04-30 21:14:38
cve
cve
CVE-2023-28625
2023-04-03 14:15:07
redhatcve
redhatcve
CVE-2023-28625
2023-04-03 18:14:37
almalinux
almalinux
Moderate: mod_auth_openidc security and bug fix update
2023-11-07 00:00:00
Moderate: mod_auth_openidc:2.3 security and bug fix update
2023-11-14 00:00:00
oraclelinux
oraclelinux
mod_auth_openidc security and bug fix update
2023-11-11 00:00:00
mod_auth_openidc:2.3 security and bug fix update
2023-11-18 00:00:00
redhat
redhat
(RHSA-2023:6365) Moderate: mod_auth_openidc security and bug fix update
2023-11-07 06:03:12
(RHSA-2023:6940) Moderate: mod_auth_openidc:2.3 security and bug fix update
2023-11-14 08:40:59
rosalinux
rosalinux
Advisory ROSA-SA-2024-2362
2024-02-27 09:20:02
JSON
Related for SUSE_SU-2023-1849-1.NASL
osv5fedora1veracode1debiancve1prion1ubuntucve1f51cbl_mariner1openvas5nessus7cvelist1debian2cve1redhatcve1almalinux2oraclelinux2redhat2rosalinux1