{"id": "ELSA-2020-3898", "bulletinFamily": "unix", "title": "cloud-init security, bug fix, and enhancement update", "description": "[19.4-7.0.3]\n- Add conditional restart of NetworkManager for cloud-final. [Orabug: 31965645]\n- Correct postinstall upgrade cloud-init.service mismerge order.\n[19.4-7.0.1]\n- Add Oracle Linux variant to known distros\n- Add cloud-init hotplug event handling support [Orabug: 30485135]\n- Oracle data source should configure secondary VNICs [Orabug: 30487563]\n- Add support for netfailover detection [Orabug: 30487591]\n- Avoid hotplug handling when configure_secondary_nics is disabled [Orabug: 31086905]\n- Set per-platform default NM_CONTROLLED=no for OCI [Orabug: 31086905]\n- Remove secondary VNIC config from cache for hot unplug [Orabug: 31086905]\n- Fix OL distro specific issues and dependency compatibility [Orabug: 30435672]\n- Fix swap file size allocation logic to allocate maxsize [Orabug: 29952349]\n- Make Oracle datasource detect dracut based config files [Orabug: 29956753]\n[19.4-7.el7]\n- ci-ec2-only-redact-token-request-headers-in-logs-avoid-.patch [bz#1821999]\n- Resolves: bz#1821999\n ([RHEL7.9] Do not log IMDSv2 token values into cloud-init.log)\n[19.4-6.el7]\n- ci-Use-reload-or-try-restart-instead-of-try-reload-or-r.patch [bz#1748015]\n- ci-ec2-Do-not-log-IMDSv2-token-values-instead-use-REDAC.patch [bz#1821999]\n- Resolves: bz#1748015\n ([cloud-init][RHEL7] /etc/resolv.conf lose config after reboot (initial instance is ok))\n- Resolves: bz#1821999\n ([RHEL7.9] Do not log IMDSv2 token values into cloud-init.log)\n[19.4-5.el7]\n- ci-Remove-race-condition-between-cloud-init-and-Network-v2.patch [bz#1748015]\n- ci-cc_mounts-fix-incorrect-format-specifiers-316.patch [bz#1772505]\n- Resolves: bz#1748015\n ([cloud-init][RHEL7] /etc/resolv.conf lose config after reboot (initial instance is ok))\n- Resolves: bz#1772505\n ([RHEL7] swapon fails with 'swapfile has holes' when created on a xfs filesystem by cloud-init)\n[19.4-4.el7]\n- ci-swap-file-size-being-used-before-checked-if-str-315.patch [bz#1772505]\n- Resolves: bz#1772505\n ([RHEL7] swapon fails with 'swapfile has holes' when created on a xfs filesystem by cloud-init)\n[19.4-3.el7]\n- ci-Do-not-use-fallocate-in-swap-file-creation-on-xfs.-7.patch [bz#1772505]\n- Resolves: bz#1772505\n ([RHEL7] swapon fails with 'swapfile has holes' when created on a xfs filesystem by cloud-init)\n[19.4-2.el7]\n- ci-Removing-cloud-user-from-wheel.patch [bz#1549638]\n- ci-Remove-race-condition-between-cloud-init-and-Network.patch [bz#1748015]\n- ci-cc_set_password-increase-random-pwlength-from-9-to-2.patch [bz#1812170]\n- ci-utils-use-SystemRandom-when-generating-random-passwo.patch [bz#1812173]\n- ci-Enable-ssh_deletekeys-by-default.patch [bz#1574338]\n- Resolves: bz#1549638\n ([RHEL7]cloud-user added to wheel group and sudoers.d causes 'sudo -v' prompts for passphrase)\n- Resolves: bz#1574338\n (CVE-2018-10896 cloud-init: SSH host keys are not regenerated for the new instances [rhel-7])\n- Resolves: bz#1748015\n ([cloud-init][RHEL7] /etc/resolv.conf lose config after reboot (initial instance is ok))\n- Resolves: bz#1812170\n (CVE-2020-8632 cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py [rhel-7])\n- Resolves: bz#1812173\n (CVE-2020-8631 cloud-init: Use of random.choice when generating random password [rhel-7])\n[19.4-1.el7]\n- Rebase to 19.4 [bz#1803094]\n- Resolves: bz#1803094\n ([RHEL-7.9] cloud-init rebase to 19.4)", "published": "2020-10-06T00:00:00", "modified": "2020-10-06T00:00:00", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N"}, "href": "http://linux.oracle.com/errata/ELSA-2020-3898.html", "reporter": "Oracle", "references": [], "cvelist": ["CVE-2020-8631", "CVE-2020-8632", "CVE-2018-10896"], "type": "oraclelinux", "lastseen": "2020-10-07T06:43:57", "edition": 1, "viewCount": 7, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-10896", "CVE-2020-8632", "CVE-2020-8631"]}, {"type": "nessus", "idList": ["SL_20201001_CLOUD_INIT_ON_SL7_X.NASL", "SUSE_SU-2020-0585-1.NASL", "ORACLELINUX_ELSA-2020-4650.NASL", "NEWSTART_CGSL_NS-SA-2021-0016_CLOUD-INIT.NASL", "EULEROS_SA-2020-2333.NASL", "SUSE_SU-2020-0751-1.NASL", "EULEROS_SA-2020-1304.NASL", "REDHAT-RHSA-2020-3898.NASL", "EULEROS_SA-2020-1286.NASL", "CENTOS_RHSA-2020-3898.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-4650"]}, {"type": "amazon", "idList": ["ALAS2-2021-1576", "ALAS-2021-1486"]}, {"type": "centos", "idList": ["CESA-2020:3898"]}, {"type": "redhat", "idList": ["RHSA-2020:3898", "RHSA-2020:3050", "RHSA-2020:4650", "RHSA-2020:3644"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310892113", "OPENVAS:1361412562311220201751", "OPENVAS:1361412562311220201304", "OPENVAS:1361412562311220201286", "OPENVAS:1361412562311220201373", "OPENVAS:1361412562311220201519", "OPENVAS:1361412562311220201356", "OPENVAS:1361412562310853087"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:0400-1"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2113-1:6D037"]}], "modified": "2020-10-07T06:43:57", "rev": 2}, "score": {"value": 6.0, "vector": "NONE", "modified": "2020-10-07T06:43:57", "rev": 2}, "vulnersScore": 6.0}, "affectedPackage": [{"OS": "Oracle Linux", "OSVersion": "7", "arch": "x86_64", "operator": "lt", "packageFilename": "cloud-init-19.4-7.0.3.el7.x86_64.rpm", "packageName": "cloud-init", "packageVersion": "19.4-7.0.3.el7"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "src", "operator": "lt", "packageFilename": "cloud-init-19.4-7.0.3.el7.src.rpm", "packageName": "cloud-init", "packageVersion": "19.4-7.0.3.el7"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "src", "operator": "lt", "packageFilename": "cloud-init-19.4-7.0.3.el7.src.rpm", "packageName": "cloud-init", "packageVersion": "19.4-7.0.3.el7"}, {"OS": "Oracle Linux", "OSVersion": "7", "arch": "aarch64", "operator": "lt", "packageFilename": "cloud-init-19.4-7.0.3.el7.aarch64.rpm", "packageName": "cloud-init", "packageVersion": "19.4-7.0.3.el7"}], "immutableFields": []}

{"cve": [{"lastseen": "2021-02-02T06:52:24", "description": "The default cloud-init configuration, in cloud-init 0.6.2 and newer, included \"ssh_deletekeys: 0\", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks.", "edition": 11, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "baseScore": 7.1, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.2}, "published": "2018-08-01T17:29:00", "title": "CVE-2018-10896", "type": "cve", "cwe": ["NVD-CWE-noinfo"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 3.6, "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 4.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-10896"], "modified": "2020-10-29T20:19:00", "cpe": [], "id": "CVE-2018-10896", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-10896", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N"}, "cpe23": []}, {"lastseen": "2021-02-02T07:37:13", "description": "cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.", "edition": 9, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-02-05T14:15:00", "title": "CVE-2020-8631", "type": "cve", "cwe": ["CWE-330"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8631"], "modified": "2020-02-21T11:15:00", "cpe": ["cpe:/a:canonical:cloud-init:19.4"], "id": "CVE-2020-8631", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8631", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:canonical:cloud-init:19.4:*:*:*:*:*:*:*"]}, {"lastseen": "2021-02-02T07:37:13", "description": "In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.", "edition": 9, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-02-05T14:15:00", "title": "CVE-2020-8632", "type": "cve", "cwe": ["CWE-522"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8632"], "modified": "2020-02-21T11:15:00", "cpe": ["cpe:/a:canonical:cloud-init:19.4"], "id": "CVE-2020-8632", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8632", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}, "cpe23": ["cpe:2.3:a:canonical:cloud-init:19.4:*:*:*:*:*:*:*"]}], "nessus": [{"lastseen": "2020-10-24T09:24:47", "description": "Security Fix(es) :\n\n - cloud-init: Use of random.choice when generating random\n password (CVE-2020-8631)\n\n - cloud-init: Too short random password length in\n cc_set_password in config/cc_set_passwords.py\n (CVE-2020-8632)\n\n - cloud-init: default configuration disabled deletion of\n SSH host keys (CVE-2018-10896)", "edition": 2, "cvss3": {"score": 7.1, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2020-10-21T00:00:00", "title": "Scientific Linux Security Update : cloud-init on SL7.x x86_64 (20201001)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8631", "CVE-2020-8632", "CVE-2018-10896"], "modified": "2020-10-21T00:00:00", "cpe": ["p-cpe:/a:fermilab:scientific_linux:cloud-init", "x-cpe:/o:fermilab:scientific_linux"], "id": "SL_20201001_CLOUD_INIT_ON_SL7_X.NASL", "href": "https://www.tenable.com/plugins/nessus/141687", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text is (C) Scientific Linux.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141687);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/23\");\n\n script_cve_id(\"CVE-2018-10896\", \"CVE-2020-8631\", \"CVE-2020-8632\");\n\n script_name(english:\"Scientific Linux Security Update : cloud-init on SL7.x x86_64 (20201001)\");\n script_summary(english:\"Checks rpm output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Scientific Linux host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Security Fix(es) :\n\n - cloud-init: Use of random.choice when generating random\n password (CVE-2020-8631)\n\n - cloud-init: Too short random password length in\n cc_set_password in config/cc_set_passwords.py\n (CVE-2020-8632)\n\n - cloud-init: default configuration disabled deletion of\n SSH host keys (CVE-2018-10896)\"\n );\n # https://listserv.fnal.gov/scripts/wa.exe?A2=ind2010&L=SCIENTIFIC-LINUX-ERRATA&P=16932\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?4320c788\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected cloud-init package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fermilab:scientific_linux:cloud-init\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:fermilab:scientific_linux\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Scientific Linux Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Scientific Linux \" >!< release) audit(AUDIT_HOST_NOT, \"running Scientific Linux\");\nos_ver = pregmatch(pattern: \"Scientific Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Scientific Linux\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Scientific Linux 7.x\", \"Scientific Linux \" + os_ver);\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu >!< \"x86_64\" && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Scientific Linux\", cpu);\nif (\"x86_64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"x86_64\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"SL7\", cpu:\"x86_64\", reference:\"cloud-init-19.4-7.el7\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cloud-init\");\n}\n", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-03-12T20:25:19", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has cloud-init packages installed that are\naffected by multiple vulnerabilities:\n\n - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included ssh_deletekeys: 0,\n disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances\n created by cloning a golden master or template system, sharing ssh host keys, and being able to\n impersonate one another or conduct man-in-the-middle attacks. (CVE-2018-10896)\n\n - In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default\n pwlen value, which makes it easier for attackers to guess passwords. (CVE-2020-8632)\n\n - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for\n attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.\n (CVE-2020-8631)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 7.1, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2021-03-10T00:00:00", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : cloud-init Multiple Vulnerabilities (NS-SA-2021-0016)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8631", "CVE-2020-8632", "CVE-2018-10896"], "modified": "2021-03-10T00:00:00", "cpe": [], "id": "NEWSTART_CGSL_NS-SA-2021-0016_CLOUD-INIT.NASL", "href": "https://www.tenable.com/plugins/nessus/147387", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2021-0016. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147387);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/11\");\n\n script_cve_id(\"CVE-2018-10896\", \"CVE-2020-8631\", \"CVE-2020-8632\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : cloud-init Multiple Vulnerabilities (NS-SA-2021-0016)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote machine is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has cloud-init packages installed that are\naffected by multiple vulnerabilities:\n\n - The default cloud-init configuration, in cloud-init 0.6.2 and newer, included ssh_deletekeys: 0,\n disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances\n created by cloning a golden master or template system, sharing ssh host keys, and being able to\n impersonate one another or conduct man-in-the-middle attacks. (CVE-2018-10896)\n\n - In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default\n pwlen value, which makes it easier for attackers to guess passwords. (CVE-2020-8632)\n\n - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for\n attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.\n (CVE-2020-8631)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2021-0016\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL cloud-init packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nflag = 0;\n\npkgs = {\n 'CGSL CORE 5.04': [\n 'cloud-init-19.4-7.el7.2.cgslv5.0.3.g204af97'\n ],\n 'CGSL MAIN 5.04': [\n 'cloud-init-19.4-7.el7.2.cgslv5.0.3.g204af97'\n ]\n};\npkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cloud-init');\n}\n", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-03-25T13:47:02", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3898 advisory.\n\n - cloud-init: default configuration disabled deletion of SSH host keys (CVE-2018-10896)\n\n - cloud-init: Use of random.choice when generating random password (CVE-2020-8631)\n\n - cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py (CVE-2020-8632)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 4, "cvss3": {"score": 7.1, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2020-09-29T00:00:00", "title": "RHEL 7 : cloud-init (RHSA-2020:3898)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8631", "CVE-2020-8632", "CVE-2018-10896"], "modified": "2020-09-29T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:cloud-init", "cpe:/o:redhat:enterprise_linux:7"], "id": "REDHAT-RHSA-2020-3898.NASL", "href": "https://www.tenable.com/plugins/nessus/141025", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3898. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141025);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/24\");\n\n script_cve_id(\"CVE-2018-10896\", \"CVE-2020-8631\", \"CVE-2020-8632\");\n script_xref(name:\"RHSA\", value:\"2020:3898\");\n\n script_name(english:\"RHEL 7 : cloud-init (RHSA-2020:3898)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:3898 advisory.\n\n - cloud-init: default configuration disabled deletion of SSH host keys (CVE-2018-10896)\n\n - cloud-init: Use of random.choice when generating random password (CVE-2020-8631)\n\n - cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py (CVE-2020-8632)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/321.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/330.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2018-10896\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3898\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1574338\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1598831\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798731\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cloud-init package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(321, 330);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cloud-init\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_7_server': [\n 'rhel-7-for-system-z-a-debug-rpms',\n 'rhel-7-for-system-z-a-optional-debug-rpms',\n 'rhel-7-for-system-z-a-optional-rpms',\n 'rhel-7-for-system-z-a-optional-source-rpms',\n 'rhel-7-for-system-z-a-rpms',\n 'rhel-7-for-system-z-a-source-rpms',\n 'rhel-7-for-system-z-debug-rpms',\n 'rhel-7-for-system-z-fastrack-debug-rpms',\n 'rhel-7-for-system-z-fastrack-rpms',\n 'rhel-7-for-system-z-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-debug-rpms',\n 'rhel-7-for-system-z-optional-fastrack-rpms',\n 'rhel-7-for-system-z-optional-fastrack-source-rpms',\n 'rhel-7-for-system-z-optional-rpms',\n 'rhel-7-for-system-z-optional-source-rpms',\n 'rhel-7-for-system-z-rpms',\n 'rhel-7-for-system-z-source-rpms',\n 'rhel-7-server-debug-rpms',\n 'rhel-7-server-fastrack-debug-rpms',\n 'rhel-7-server-fastrack-rpms',\n 'rhel-7-server-fastrack-source-rpms',\n 'rhel-7-server-optional-debug-rpms',\n 'rhel-7-server-optional-fastrack-debug-rpms',\n 'rhel-7-server-optional-fastrack-rpms',\n 'rhel-7-server-optional-fastrack-source-rpms',\n 'rhel-7-server-optional-rpms',\n 'rhel-7-server-optional-source-rpms',\n 'rhel-7-server-rpms',\n 'rhel-7-server-source-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-rpms',\n 'rhel-ha-for-rhel-7-for-system-z-source-rpms',\n 'rhel-ha-for-rhel-7-server-debug-rpms',\n 'rhel-ha-for-rhel-7-server-rpms',\n 'rhel-ha-for-rhel-7-server-source-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-debug-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-rpms',\n 'rhel-rs-for-rhel-7-for-system-z-source-rpms',\n 'rhel-rs-for-rhel-7-server-debug-rpms',\n 'rhel-rs-for-rhel-7-server-rpms',\n 'rhel-rs-for-rhel-7-server-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:3898');\n}\n\npkgs = [\n {'reference':'cloud-init-19.4-7.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_server']},\n {'reference':'cloud-init-19.4-7.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_7_server']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cloud-init');\n}\n", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-12-01T09:37:32", "description": "The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2020:3898 advisory.\n\n - cloud-init: default configuration disabled deletion of SSH host keys (CVE-2018-10896)\n\n - cloud-init: Use of random.choice when generating random password (CVE-2020-8631)\n\n - cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py\n (CVE-2020-8632)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 3, "cvss3": {"score": 7.1, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N"}, "published": "2020-10-20T00:00:00", "title": "CentOS 7 : cloud-init (CESA-2020:3898)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8631", "CVE-2020-8632", "CVE-2018-10896"], "modified": "2020-10-20T00:00:00", "cpe": ["cpe:/o:centos:centos:7", "p-cpe:/a:centos:centos:cloud-init"], "id": "CENTOS_RHSA-2020-3898.NASL", "href": "https://www.tenable.com/plugins/nessus/141635", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3898 and\n# CentOS Errata and Security Advisory 2020:3898 respectively.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141635);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/30\");\n\n script_cve_id(\"CVE-2018-10896\", \"CVE-2020-8631\", \"CVE-2020-8632\");\n script_xref(name:\"RHSA\", value:\"2020:3898\");\n\n script_name(english:\"CentOS 7 : cloud-init (CESA-2020:3898)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nCESA-2020:3898 advisory.\n\n - cloud-init: default configuration disabled deletion of SSH host keys (CVE-2018-10896)\n\n - cloud-init: Use of random.choice when generating random password (CVE-2020-8631)\n\n - cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py\n (CVE-2020-8632)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-cr-announce/2020-October/012666.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c68172ec\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/321.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/330.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cloud-init package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2018-10896\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(321, 330);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2018/08/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:cloud-init\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nos_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\npkgs = [\n {'reference':'cloud-init-19.4-7.el7.centos', 'cpu':'x86_64', 'release':'CentOS-7'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n cr_plugin_caveat = '\\n' +\n 'NOTE: The security advisory associated with this vulnerability has a\\n' +\n 'fixed package version that may only be available in the continuous\\n' +\n 'release (CR) repository for CentOS, until it is present in the next\\n' +\n 'point release of CentOS.\\n\\n' +\n 'If an equal or higher package level does not exist in the baseline\\n' +\n 'repository for your major version of CentOS, then updates from the CR\\n' +\n 'repository will need to be applied in order to address the\\n' +\n 'vulnerability.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + cr_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cloud-init');\n}\n", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-01-07T09:06:52", "description": "According to the versions of the cloud-init package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In cloud-init through 19.4, rand_user_password in\n cloudinit/config/cc_set_passwords.py has a small\n default pwlen value, which makes it easier for\n attackers to guess passwords.(CVE-2020-8632)\n\n - cloud-init through 19.4 relies on Mersenne Twister for\n a random password, which makes it easier for attackers\n to predict passwords, because rand_str in\n cloudinit/util.py calls the random.choice\n function.(CVE-2020-8631)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 4, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-11-03T00:00:00", "title": "EulerOS 2.0 SP2 : cloud-init (EulerOS-SA-2020-2333)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8631", "CVE-2020-8632"], "modified": "2020-11-03T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:cloud-init", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-2333.NASL", "href": "https://www.tenable.com/plugins/nessus/142288", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142288);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-8631\",\n \"CVE-2020-8632\"\n );\n\n script_name(english:\"EulerOS 2.0 SP2 : cloud-init (EulerOS-SA-2020-2333)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the cloud-init package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - In cloud-init through 19.4, rand_user_password in\n cloudinit/config/cc_set_passwords.py has a small\n default pwlen value, which makes it easier for\n attackers to guess passwords.(CVE-2020-8632)\n\n - cloud-init through 19.4 relies on Mersenne Twister for\n a random password, which makes it easier for attackers\n to predict passwords, because rand_str in\n cloudinit/util.py calls the random.choice\n function.(CVE-2020-8631)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-2333\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1facdbbb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cloud-init packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cloud-init\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(2)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP2\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"cloud-init-0.7.6-4.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"2\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cloud-init\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-11-15T05:22:59", "description": "The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2020-4650 advisory.\n\n - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for\n attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.\n (CVE-2020-8631)\n\n - In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default\n pwlen value, which makes it easier for attackers to guess passwords. (CVE-2020-8632)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-11-12T00:00:00", "title": "Oracle Linux 8 : cloud-init (ELSA-2020-4650)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8631", "CVE-2020-8632"], "modified": "2020-11-12T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:cloud-init"], "id": "ORACLELINUX_ELSA-2020-4650.NASL", "href": "https://www.tenable.com/plugins/nessus/142783", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2020-4650.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142783);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/11/13\");\n\n script_cve_id(\"CVE-2020-8631\", \"CVE-2020-8632\");\n\n script_name(english:\"Oracle Linux 8 : cloud-init (ELSA-2020-4650)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the\nELSA-2020-4650 advisory.\n\n - cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for\n attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.\n (CVE-2020-8631)\n\n - In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default\n pwlen value, which makes it easier for attackers to guess passwords. (CVE-2020-8632)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2020-4650.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cloud-init package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8632\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:cloud-init\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nos_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\nif ('x86_64' >!< cpu) audit(AUDIT_ARCH_NOT, 'x86_64', cpu);\n\npkgs = [\n {'reference':'cloud-init-19.4-11.0.1.el8', 'release':'8'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n rpm_prefix = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['rpm_prefix'])) rpm_prefix = package_array['rpm_prefix'];\n if (reference && release) {\n if (rpm_prefix) {\n if (rpm_exists(release:release, rpm:rpm_prefix) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cloud-init');\n}", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-03-25T13:48:08", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4650 advisory.\n\n - cloud-init: Use of random.choice when generating random password (CVE-2020-8631)\n\n - cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py (CVE-2020-8632)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "edition": 4, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-11-04T00:00:00", "title": "RHEL 8 : cloud-init (RHSA-2020:4650)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8631", "CVE-2020-8632"], "modified": "2020-11-04T00:00:00", "cpe": ["p-cpe:/a:redhat:enterprise_linux:cloud-init", "cpe:/o:redhat:enterprise_linux:8"], "id": "REDHAT-RHSA-2020-4650.NASL", "href": "https://www.tenable.com/plugins/nessus/142375", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4650. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(142375);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/24\");\n\n script_cve_id(\"CVE-2020-8631\", \"CVE-2020-8632\");\n script_xref(name:\"RHSA\", value:\"2020:4650\");\n\n script_name(english:\"RHEL 8 : cloud-init (RHSA-2020:4650)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2020:4650 advisory.\n\n - cloud-init: Use of random.choice when generating random password (CVE-2020-8631)\n\n - cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py (CVE-2020-8632)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/330.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8631\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8632\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4650\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798728\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1798731\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cloud-init package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8632\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(330);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cloud-init\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:4650');\n}\n\npkgs = [\n {'reference':'cloud-init-19.4-11.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cloud-init');\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-12T09:42:09", "description": "CVE-2020-8631\n\nIn cloud-init, relies on Mersenne Twister for a random password, which\nmakes it easier for attackers to predict passwords, because rand_str\nin cloudinit/util.py calls the random.choice function.\n\nCVE-2020-8632\n\nIn cloud-init, rand_user_password in\ncloudinit/config/cc_set_passwords.py has a small default pwlen value,\nwhich makes it easier for attackers to guess passwords.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n0.7.6~bzr976-2+deb8u1.\n\nWe recommend that you upgrade your cloud-init packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.", "edition": 4, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-02-24T00:00:00", "title": "Debian DLA-2113-1 : cloud-init security update", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8631", "CVE-2020-8632"], "modified": "2020-02-24T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:8.0", "p-cpe:/a:debian:debian_linux:cloud-init"], "id": "DEBIAN_DLA-2113.NASL", "href": "https://www.tenable.com/plugins/nessus/133875", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2113-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(133875);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2020-8631\", \"CVE-2020-8632\");\n\n script_name(english:\"Debian DLA-2113-1 : cloud-init security update\");\n script_summary(english:\"Checks dpkg output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"CVE-2020-8631\n\nIn cloud-init, relies on Mersenne Twister for a random password, which\nmakes it easier for attackers to predict passwords, because rand_str\nin cloudinit/util.py calls the random.choice function.\n\nCVE-2020-8632\n\nIn cloud-init, rand_user_password in\ncloudinit/config/cc_set_passwords.py has a small default pwlen value,\nwhich makes it easier for attackers to guess passwords.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n0.7.6~bzr976-2+deb8u1.\n\nWe recommend that you upgrade your cloud-init packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/02/msg00021.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/cloud-init\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected cloud-init package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:cloud-init\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"cloud-init\", reference:\"0.7.6~bzr976-2+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:deb_report_get());\n else security_note(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-26T11:39:06", "description": "This update for cloud-init fixes the following security issues :\n\nCVE-2020-8631: Replaced the theoretically predictable deterministic\nRNG with the system RNG (bsc#1162937).\n\nCVE-2020-8632: Increased the default random password length from 9 to\n20 (bsc#1162936).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 1, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-03-24T00:00:00", "title": "SUSE SLED15 / SLES15 Security Update : cloud-init (SUSE-SU-2020:0751-1)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8631", "CVE-2020-8632"], "modified": "2020-03-24T00:00:00", "cpe": ["cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:cloud-init-doc"], "id": "SUSE_SU-2020-0751-1.NASL", "href": "https://www.tenable.com/plugins/nessus/134854", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:0751-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134854);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/25\");\n\n script_cve_id(\"CVE-2020-8631\", \"CVE-2020-8632\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : cloud-init (SUSE-SU-2020:0751-1)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"This update for cloud-init fixes the following security issues :\n\nCVE-2020-8631: Replaced the theoretically predictable deterministic\nRNG with the system RNG (bsc#1162937).\n\nCVE-2020-8632: Increased the default random password length from 9 to\n20 (bsc#1162936).\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162936\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1162937\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1163178\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8631/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8632/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20200751-1/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?aa9a85b9\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Public Cloud 15-SP1:zypper in -t\npatch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-751=1\n\nSUSE Linux Enterprise Module for Open Buildservice Development Tools\n15-SP1:zypper in -t patch\nSUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-751=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:cloud-init-doc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/02/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/03/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/03/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLED15 / SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLED15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"cloud-init-doc-19.4-8.17.1\")) flag++;\nif (rpm_check(release:\"SLED15\", sp:\"1\", reference:\"cloud-init-doc-19.4-8.17.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());\n else security_note(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cloud-init\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-01-07T09:03:33", "description": "According to the versions of the cloud-init package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - cloud-init through 19.4 relies on Mersenne Twister for\n a random password, which makes it easier for attackers\n to predict passwords, because rand_str in\n cloudinit/util.py calls the random.choice\n function.(CVE-2020-8631)\n\n - In cloud-init through 19.4, rand_user_password in\n cloudinit/config/cc_set_passwords.py has a small\n default pwlen value, which makes it easier for\n attackers to guess passwords.(CVE-2020-8632)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.", "edition": 5, "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-04-15T00:00:00", "title": "EulerOS 2.0 SP3 : cloud-init (EulerOS-SA-2020-1373)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8631", "CVE-2020-8632"], "modified": "2020-04-15T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:cloud-init", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2020-1373.NASL", "href": "https://www.tenable.com/plugins/nessus/135502", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(135502);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\n \"CVE-2020-8631\",\n \"CVE-2020-8632\"\n );\n\n script_name(english:\"EulerOS 2.0 SP3 : cloud-init (EulerOS-SA-2020-1373)\");\n script_summary(english:\"Checks the rpm output for the updated packages.\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the cloud-init package installed, the\nEulerOS installation on the remote host is affected by the following\nvulnerabilities :\n\n - cloud-init through 19.4 relies on Mersenne Twister for\n a random password, which makes it easier for attackers\n to predict passwords, because rand_str in\n cloudinit/util.py calls the random.choice\n function.(CVE-2020-8631)\n\n - In cloud-init through 19.4, rand_user_password in\n cloudinit/config/cc_set_passwords.py has a small\n default pwlen value, which makes it easier for\n attackers to guess passwords.(CVE-2020-8632)\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the EulerOS security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1373\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?6764e061\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cloud-init packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/04/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:cloud-init\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0\");\n\nsp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(3)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\");\n\nuvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP3\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nflag = 0;\n\npkgs = [\"cloud-init-0.7.6-2.h2\"];\n\nforeach (pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"3\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"cloud-init\");\n}\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "oraclelinux": [{"lastseen": "2020-11-12T03:26:48", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8631", "CVE-2020-8632", "CVE-2018-10896"], "description": "[19.4-11.0.1]\n- Forward port applicable cloud-init 18.4-2.0.3 changes to cloud-init-18-5 [Orabug: 30435672]\n- Update OCI Datasource to support IMDSv2\n- limit permissions [Orabug: 31352433]\n- Changes to ignore all enslaved interfaces [Orabug: 30092148]\n- Fix swap file size allocation logic to allocate maxsize [Orabug: 29952349]\n- Make Oracle datasource detect dracut based config files [Orabug: 29956753]\n- add modified version of enable-ec2_utils-to-stop-retrying-to-get-ec2-metadata.patch:\n 1. Enable ec2_utils.py having a way to stop retrying to get ec2 metadata\n 2. Apply stop retrying to get ec2 metadata to helper/openstack.py MetadataReader\n Resolves: Oracle-Bug:41660 (Bugzilla)\n- added OL to list of known distros\n[19.4-11.el8]\n- ci-cc_mounts-fix-incorrect-format-specifiers-316.patch [bz#1794664]\n- Resolves: bz#1794664\n ([RHEL8] swapon fails with 'swapfile has holes' when created on a xfs filesystem by cloud-init)\n[19.4-10.el8]\n- ci-Changing-notation-of-subp-call.patch [bz#1839662]\n- Resolves: bz#1839662\n ([ESXi][RHEL8.3][cloud-init]ERROR log in cloud-init.log after clone VM on ESXi platform)\n[19.4-9.el8]\n- ci-Do-not-use-fallocate-in-swap-file-creation-on-xfs.-7.patch [bz#1794664]\n- ci-swap-file-size-being-used-before-checked-if-str-315.patch [bz#1794664]\n- ci-Detect-kernel-version-before-swap-file-creation-428.patch [bz#1794664]\n- Resolves: bz#1794664\n ([RHEL8] swapon fails with 'swapfile has holes' when created on a xfs filesystem by cloud-init)\n[19.4-8.el8]\n- ci-When-tools.conf-does-not-exist-running-cmd-vmware-to.patch [bz#1839662]\n- ci-ssh-exit-with-non-zero-status-on-disabled-user-472.patch [bz#1833874]\n- Resolves: bz#1833874\n ([rhel-8.3]using root user error should cause a non-zero exit code)\n- Resolves: bz#1839662\n ([ESXi][RHEL8.3][cloud-init]ERROR log in cloud-init.log after clone VM on ESXi platform)\n[19.4-7.el8]\n- Fixing cloud-init-generator permissions [bz#1834173]\n- Resolves: bz#1834173\n ([rhel-8.3]Incorrect ds-identify check in cloud-init-generator)\n[19.4-6.el8]\n- ci-ec2-only-redact-token-request-headers-in-logs-avoid-.patch [bz#1822343]\n- Resolves: bz#1822343\n ([RHEL8.3] Do not log IMDSv2 token values into cloud-init.log)\n[19.4-5.el8]\n- ci-ec2-Do-not-log-IMDSv2-token-values-instead-use-REDAC.patch [bz#1822343]\n- ci-Render-the-generator-from-template-instead-of-cp.patch [bz#1834173]\n- ci-Change-from-redhat-to-rhel-in-systemd-generator-tmpl.patch [bz#1834173]\n- ci-cloud-init.service.tmpl-use-rhel-instead-of-redhat-4.patch [bz#1834173]\n- Resolves: bz#1822343\n ([RHEL8.3] Do not log IMDSv2 token values into cloud-init.log)\n- Resolves: bz#1834173\n ([rhel-8.3]Incorrect ds-identify check in cloud-init-generator)\n[19.4-4.el8]\n- ci-changing-ds-identify-patch-from-usr-lib-to-usr-libex.patch [bz#1834173]\n- Resolves: bz#1834173\n ([rhel-8.3]Incorrect ds-identify check in cloud-init-generator)\n[19.4-3.el8]\n- ci-Make-cloud-init.service-execute-after-network-is-up.patch [bz#1803928]\n- Resolves: bz#1803928\n ([RHEL8.3] Race condition of starting cloud-init and NetworkManager)\n[19.4-2.el8]\n- ci-cc_set_password-increase-random-pwlength-from-9-to-2.patch [bz#1812171]\n- ci-utils-use-SystemRandom-when-generating-random-passwo.patch [bz#1812174]\n- ci-Enable-ssh_deletekeys-by-default.patch [bz#1814152]\n- ci-Remove-race-condition-between-cloud-init-and-Network.patch [bz#1840648]\n- Resolves: bz#1812171\n (CVE-2020-8632 cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py [rhel-8])\n- Resolves: bz#1812174\n (CVE-2020-8631 cloud-init: Use of random.choice when generating random password [rhel-8])\n- Resolves: bz#1814152\n (CVE-2018-10896 cloud-init: default configuration disabled deletion of SSH host keys [rhel-8])\n- Resolves: bz#1840648\n ([cloud-init][RHEL-8.2.0] /etc/resolv.conf lose config after reboot (initial instance is ok))\n[19.4-1.el8]\n- Rebase to cloud-init 19.4 [bz#1803095]\n- Resolves: bz#1803095\n ([RHEL-8.3.0] cloud-init rebase to 19.4)", "edition": 1, "modified": "2020-11-10T00:00:00", "published": "2020-11-10T00:00:00", "id": "ELSA-2020-4650", "href": "http://linux.oracle.com/errata/ELSA-2020-4650.html", "title": "cloud-init security, bug fix, and enhancement update", "type": "oraclelinux", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N"}}], "amazon": [{"lastseen": "2021-01-08T01:42:42", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8631", "CVE-2020-8632", "CVE-2018-10896"], "description": "**Issue Overview:**\n\nThe default cloud-init configuration included \"ssh_deletekeys: 0\", disabling cloud-init's deletion of ssh host keys. In some environments, this could lead to instances created by cloning a golden master or template system, sharing ssh host keys, and being able to impersonate one another or conduct man-in-the-middle attacks. ([CVE-2018-10896 __](<https://access.redhat.com/security/cve/CVE-2018-10896>))\n\nA flaw was found in cloud-init, where it uses the random.choice function when creating sensitive random strings used for generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the password of the victim user. ([CVE-2020-8631 __](<https://access.redhat.com/security/cve/CVE-2020-8631>))\n\nA flaw was found in cloud-init, where it uses short passwords when generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the password of the victim user. ([CVE-2020-8632 __](<https://access.redhat.com/security/cve/CVE-2020-8632>))\n\n \n**Affected Packages:** \n\n\ncloud-init\n\n \n**Issue Correction:** \nRun _yum update cloud-init_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n noarch: \n cloud-init-19.3-4.amzn2.noarch \n \n src: \n cloud-init-19.3-4.amzn2.src \n \n \n", "edition": 1, "modified": "2021-01-05T23:34:00", "published": "2021-01-05T23:34:00", "id": "ALAS2-2021-1576", "href": "https://alas.aws.amazon.com/AL2/ALAS-2021-1576.html", "title": "Medium: cloud-init", "type": "amazon", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2021-03-20T07:30:31", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8631", "CVE-2020-8632", "CVE-2021-3429"], "description": "**Issue Overview:**\n\nA flaw was found in cloud-init, where it uses the random.choice function when creating sensitive random strings used for generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the password of the victim user. ([CVE-2020-8631 __](<https://access.redhat.com/security/cve/CVE-2020-8631>))\n\nA flaw was found in cloud-init, where it uses short passwords when generating a random password in new instances. Depending on the instance configuration, a remote or local attacker may abuse this vulnerability to guess the password of the victim user. ([CVE-2020-8632 __](<https://access.redhat.com/security/cve/CVE-2020-8632>))\n\nA vulnerability was discovered in cloud-init which can improperly disclose randomly generated passwords as part of the chpasswd module. The fix prevents the generated password from being written to a world-readable log file on the local disk. ([CVE-2021-3429 __](<https://access.redhat.com/security/cve/CVE-2021-3429>))\n\n \n**Affected Packages:** \n\n\ncloud-init\n\n \n**Issue Correction:** \nRun _yum update cloud-init_ to update your system. \n\n\n \n\n\n**New Packages:**\n \n \n noarch: \n cloud-init-0.7.6-43.23.amzn1.noarch \n \n src: \n cloud-init-0.7.6-43.23.amzn1.src \n \n \n", "edition": 1, "modified": "2021-03-18T17:22:00", "published": "2021-03-18T17:22:00", "id": "ALAS-2021-1486", "href": "https://alas.aws.amazon.com/ALAS-2021-1486.html", "title": "Medium: cloud-init", "type": "amazon", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "centos": [{"lastseen": "2020-10-20T23:08:57", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8631", "CVE-2020-8632", "CVE-2018-10896"], "description": "**CentOS Errata and Security Advisory** CESA-2020:3898\n\n\nThe cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts.\n\nThe following packages have been upgraded to a later upstream version: cloud-init (19.4). (BZ#1803094)\n\nSecurity Fix(es):\n\n* cloud-init: Use of random.choice when generating random password (CVE-2020-8631)\n\n* cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py (CVE-2020-8632)\n\n* cloud-init: default configuration disabled deletion of SSH host keys (CVE-2018-10896)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2020-October/012666.html\n\n**Affected packages:**\ncloud-init\n\n**Upstream details at:**\n", "edition": 1, "modified": "2020-10-20T17:49:47", "published": "2020-10-20T17:49:47", "id": "CESA-2020:3898", "href": "http://lists.centos.org/pipermail/centos-cr-announce/2020-October/012666.html", "title": "cloud security update", "type": "centos", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N"}}], "redhat": [{"lastseen": "2020-10-07T18:04:43", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10896", "CVE-2020-8631", "CVE-2020-8632"], "description": "The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts.\n\nThe following packages have been upgraded to a later upstream version: cloud-init (19.4). (BZ#1803094)\n\nSecurity Fix(es):\n\n* cloud-init: Use of random.choice when generating random password (CVE-2020-8631)\n\n* cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py (CVE-2020-8632)\n\n* cloud-init: default configuration disabled deletion of SSH host keys (CVE-2018-10896)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 7.9 Release Notes linked from the References section.", "modified": "2020-09-29T13:41:42", "published": "2020-09-29T11:41:44", "id": "RHSA-2020:3898", "href": "https://access.redhat.com/errata/RHSA-2020:3898", "type": "redhat", "title": "(RHSA-2020:3898) Moderate: cloud-init security, bug fix, and enhancement update", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-11-04T02:33:41", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8631", "CVE-2020-8632"], "description": "The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts.\n\nSecurity Fix(es):\n\n* cloud-init: Use of random.choice when generating random password (CVE-2020-8631)\n\n* cloud-init: Too short random password length in cc_set_password in config/cc_set_passwords.py (CVE-2020-8632)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.3 Release Notes linked from the References section.", "modified": "2020-11-04T05:03:10", "published": "2020-11-03T17:23:49", "id": "RHSA-2020:4650", "href": "https://access.redhat.com/errata/RHSA-2020:4650", "type": "redhat", "title": "(RHSA-2020:4650) Moderate: cloud-init security, bug fix, and enhancement update", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-09-08T09:42:32", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10896"], "description": "The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts.\n\nSecurity Fix(es):\n\n* cloud-init: default configuration disabled deletion of SSH host keys (CVE-2018-10896)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-09-08T11:47:53", "published": "2020-09-08T11:35:29", "id": "RHSA-2020:3644", "href": "https://access.redhat.com/errata/RHSA-2020:3644", "type": "redhat", "title": "(RHSA-2020:3644) Low: cloud-init security update", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N"}}, {"lastseen": "2020-07-27T18:03:44", "bulletinFamily": "unix", "cvelist": ["CVE-2018-10896"], "description": "The cloud-init packages provide a set of init scripts for cloud instances. Cloud instances need special scripts to run during initialization to retrieve and install SSH keys, and to let the user run various scripts.\n\nThe following packages have been upgraded to a later upstream version: cloud-init (19.4). (BZ#1811912)\n\nSecurity Fix(es):\n\n* cloud-init: default configuration disabled deletion of SSH host keys (CVE-2018-10896)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.2 Release Notes linked from the References section.", "modified": "2020-07-21T19:15:22", "published": "2020-07-21T19:01:15", "id": "RHSA-2020:3050", "href": "https://access.redhat.com/errata/RHSA-2020:3050", "type": "redhat", "title": "(RHSA-2020:3050) Low: cloud-init security, bug fix, and enhancement update", "cvss": {"score": 3.6, "vector": "AV:L/AC:L/Au:N/C:P/I:P/A:N"}}], "suse": [{"lastseen": "2020-03-29T08:37:26", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8631", "CVE-2020-8632"], "description": "This update for cloud-init fixes the following security issues:\n\n - CVE-2020-8631: Replaced the theoretically predictable deterministic RNG\n with the system RNG (bsc#1162937).\n - CVE-2020-8632: Increased the default random password length from 9 to 20\n (bsc#1162936).\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n", "edition": 1, "modified": "2020-03-29T06:14:43", "published": "2020-03-29T06:14:43", "id": "OPENSUSE-SU-2020:0400-1", "href": "http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00042.html", "title": "Security update for cloud-init (moderate)", "type": "suse", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "openvas": [{"lastseen": "2020-04-15T14:44:53", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8631", "CVE-2020-8632"], "description": "The remote host is missing an update for the ", "modified": "2020-04-07T00:00:00", "published": "2020-03-30T00:00:00", "id": "OPENVAS:1361412562310853087", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310853087", "type": "openvas", "title": "openSUSE: Security Advisory for cloud-init (openSUSE-SU-2020:0400-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.853087\");\n script_version(\"2020-04-07T12:33:10+0000\");\n script_cve_id(\"CVE-2020-8631\", \"CVE-2020-8632\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-04-07 12:33:10 +0000 (Tue, 07 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-30 03:00:36 +0000 (Mon, 30 Mar 2020)\");\n script_name(\"openSUSE: Security Advisory for cloud-init (openSUSE-SU-2020:0400-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"SuSE Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/suse\", \"ssh/login/rpms\", re:\"ssh/login/release=openSUSELeap15\\.1\");\n\n script_xref(name:\"openSUSE-SU\", value:\"2020:0400-1\");\n script_xref(name:\"URL\", value:\"http://lists.opensuse.org/opensuse-security-announce/2020-03/msg00042.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cloud-init'\n package(s) announced via the openSUSE-SU-2020:0400-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"This update for cloud-init fixes the following security issues:\n\n - CVE-2020-8631: Replaced the theoretically predictable deterministic RNG\n with the system RNG (bsc#1162937).\n\n - CVE-2020-8632: Increased the default random password length from 9 to 20\n (bsc#1162936).\n\n This update was imported from the SUSE:SLE-15-SP1:Update update project.\n\n\n Patch Instructions:\n\n To install this openSUSE Security Update use the SUSE recommended\n installation methods\n like YaST online_update or 'zypper patch'.\n\n Alternatively you can run the command listed for your product:\n\n - openSUSE Leap 15.1:\n\n zypper in -t patch openSUSE-2020-400=1\");\n\n script_tag(name:\"affected\", value:\"'cloud-init' package(s) on openSUSE Leap 15.1.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"openSUSELeap15.1\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"cloud-init\", rpm:\"cloud-init~19.4~lp151.2.15.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloud-init-config-suse\", rpm:\"cloud-init-config-suse~19.4~lp151.2.15.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(!isnull(res = isrpmvuln(pkg:\"cloud-init-doc\", rpm:\"cloud-init-doc~19.4~lp151.2.15.1\", rls:\"openSUSELeap15.1\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-02-25T16:53:43", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8631", "CVE-2020-8632"], "description": "The remote host is missing an update for the ", "modified": "2020-02-22T00:00:00", "published": "2020-02-22T00:00:00", "id": "OPENVAS:1361412562310892113", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892113", "type": "openvas", "title": "Debian LTS: Security Advisory for cloud-init (DLA-2113-1)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892113\");\n script_version(\"2020-02-22T04:00:05+0000\");\n script_cve_id(\"CVE-2020-8631\", \"CVE-2020-8632\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-02-22 04:00:05 +0000 (Sat, 22 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-22 04:00:05 +0000 (Sat, 22 Feb 2020)\");\n script_name(\"Debian LTS: Security Advisory for cloud-init (DLA-2113-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2020/02/msg00021.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2113-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/951362\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/951363\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'cloud-init'\n package(s) announced via the DLA-2113-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"CVE-2020-8631\n\nIn cloud-init, relies on Mersenne Twister for a random password,\nwhich makes it easier for attackers to predict passwords, because\nrand_str in cloudinit/util.py calls the random.choice function.\n\nCVE-2020-8632\n\nIn cloud-init, rand_user_password in\ncloudinit/config/cc_set_passwords.py has a small default pwlen\nvalue, which makes it easier for attackers to guess passwords.\");\n\n script_tag(name:\"affected\", value:\"'cloud-init' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n0.7.6~bzr976-2+deb8u1.\n\nWe recommend that you upgrade your cloud-init packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"cloud-init\", ver:\"0.7.6~bzr976-2+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-04-17T17:00:25", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8631", "CVE-2020-8632"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-04-16T00:00:00", "published": "2020-04-16T00:00:00", "id": "OPENVAS:1361412562311220201373", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201373", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2020-1373)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from the referenced\n# advisories, and are Copyright (C) by the respective right holder(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1373\");\n script_version(\"2020-04-16T05:45:46+0000\");\n script_cve_id(\"CVE-2020-8631\", \"CVE-2020-8632\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-04-16 05:45:46 +0000 (Thu, 16 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-16 05:45:46 +0000 (Thu, 16 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2020-1373)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP3\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1373\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1373\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'cloud-init' package(s) announced via the EulerOS-SA-2020-1373 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.(CVE-2020-8631)\n\nIn cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.(CVE-2020-8632)\");\n\n script_tag(name:\"affected\", value:\"'cloud-init' package(s) on Huawei EulerOS V2.0SP3.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP3\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"cloud-init\", rpm:\"cloud-init~0.7.6~2.h2\", rls:\"EULEROS-2.0SP3\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-24T16:51:46", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8631", "CVE-2020-8632"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-03-23T00:00:00", "published": "2020-03-23T00:00:00", "id": "OPENVAS:1361412562311220201286", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201286", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2020-1286)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1286\");\n script_version(\"2020-03-23T07:39:53+0000\");\n script_cve_id(\"CVE-2020-8631\", \"CVE-2020-8632\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-03-23 07:39:53 +0000 (Mon, 23 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-23 07:39:53 +0000 (Mon, 23 Mar 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2020-1286)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP8\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1286\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1286\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'cloud-init' package(s) announced via the EulerOS-SA-2020-1286 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.(CVE-2020-8631)\n\nIn cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.(CVE-2020-8632)\");\n\n script_tag(name:\"affected\", value:\"'cloud-init' package(s) on Huawei EulerOS V2.0SP8.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP8\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"cloud-init\", rpm:\"cloud-init~17.1~7.h13.eulerosv2r8\", rls:\"EULEROS-2.0SP8\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-03-24T16:53:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8631", "CVE-2020-8632"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-03-24T00:00:00", "published": "2020-03-24T00:00:00", "id": "OPENVAS:1361412562311220201304", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201304", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2020-1304)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1304\");\n script_version(\"2020-03-24T07:29:31+0000\");\n script_cve_id(\"CVE-2020-8631\", \"CVE-2020-8632\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-03-24 07:29:31 +0000 (Tue, 24 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-24 07:29:31 +0000 (Tue, 24 Mar 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2020-1304)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROS-2\\.0SP5\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1304\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1304\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'cloud-init' package(s) announced via the EulerOS-SA-2020-1304 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"In cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.(CVE-2020-8632)\n\ncloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.(CVE-2020-8631)\");\n\n script_tag(name:\"affected\", value:\"'cloud-init' package(s) on Huawei EulerOS V2.0SP5.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROS-2.0SP5\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"cloud-init\", rpm:\"cloud-init~0.7.9~24.1.h5.eulerosv2r7\", rls:\"EULEROS-2.0SP5\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-07-21T19:58:07", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8631", "CVE-2020-8632", "CVE-2019-0816"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-07-03T00:00:00", "published": "2020-07-03T00:00:00", "id": "OPENVAS:1361412562311220201751", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201751", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2020-1751)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1751\");\n script_version(\"2020-07-03T06:22:37+0000\");\n script_cve_id(\"CVE-2019-0816\", \"CVE-2020-8631\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-07-03 06:22:37 +0000 (Fri, 03 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-03 06:22:37 +0000 (Fri, 03 Jul 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2020-1751)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRT-3\\.0\\.6\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1751\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1751\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'cloud-init' package(s) announced via the EulerOS-SA-2020-1751 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"A security feature bypass exists in Azure SSH Keypairs, due to a change in the provisioning logic for some Linux images that use cloud-init, aka 'Azure SSH Keypairs Security Feature Bypass Vulnerability'.(CVE-2019-0816)\n\ncloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.(CVE-2020-8631)\n\nIn cloud-init through 19.4, rand_user_password in cloudinit/config/cc_set_passwords.py has a small default pwlen value, which makes it easier for attackers to guess passwords.(CVE-2020-8632)\");\n\n script_tag(name:\"affected\", value:\"'cloud-init' package(s) on Huawei EulerOS Virtualization 3.0.6.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRT-3.0.6.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"cloud-init\", rpm:\"cloud-init~0.7.9~24.1.h5.eulerosv2r7\", rls:\"EULEROSVIRT-3.0.6.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-04-03T17:02:44", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8631"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-04-01T00:00:00", "published": "2020-04-01T00:00:00", "id": "OPENVAS:1361412562311220201356", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201356", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2020-1356)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1356\");\n script_version(\"2020-04-01T13:54:45+0000\");\n script_cve_id(\"CVE-2020-8631\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-04-01 13:54:45 +0000 (Wed, 01 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-01 13:54:45 +0000 (Wed, 01 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2020-1356)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.6\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1356\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1356\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'cloud-init' package(s) announced via the EulerOS-SA-2020-1356 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.(CVE-2020-8631)\");\n\n script_tag(name:\"affected\", value:\"'cloud-init' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.6.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.6.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"cloud-init\", rpm:\"cloud-init~17.1~7.h13.eulerosv2r8\", rls:\"EULEROSVIRTARM64-3.0.6.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-05-06T01:06:34", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8631"], "description": "The remote host is missing an update for the Huawei EulerOS\n ", "modified": "2020-04-30T00:00:00", "published": "2020-04-30T00:00:00", "id": "OPENVAS:1361412562311220201519", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562311220201519", "type": "openvas", "title": "Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2020-1519)", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.1.2.2020.1519\");\n script_version(\"2020-04-30T12:11:22+0000\");\n script_cve_id(\"CVE-2020-8631\");\n script_tag(name:\"cvss_base\", value:\"2.1\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:L/AC:L/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-04-30 12:11:22 +0000 (Thu, 30 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-04-30 12:11:22 +0000 (Thu, 30 Apr 2020)\");\n script_name(\"Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2020-1519)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Huawei EulerOS Local Security Checks\");\n script_dependencies(\"gb_huawei_euleros_consolidation.nasl\");\n script_mandatory_keys(\"ssh/login/euleros\", \"ssh/login/rpms\", re:\"ssh/login/release=EULEROSVIRTARM64-3\\.0\\.2\\.0\");\n\n script_xref(name:\"EulerOS-SA\", value:\"2020-1519\");\n script_xref(name:\"URL\", value:\"https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2020-1519\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the Huawei EulerOS\n 'cloud-init' package(s) announced via the EulerOS-SA-2020-1519 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"cloud-init through 19.4 relies on Mersenne Twister for a random password, which makes it easier for attackers to predict passwords, because rand_str in cloudinit/util.py calls the random.choice function.(CVE-2020-8631)\");\n\n script_tag(name:\"affected\", value:\"'cloud-init' package(s) on Huawei EulerOS Virtualization for ARM 64 3.0.2.0.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"EULEROSVIRTARM64-3.0.2.0\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"cloud-init\", rpm:\"cloud-init~0.7.9~24.1.h5\", rls:\"EULEROSVIRTARM64-3.0.2.0\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2020-02-21T14:47:07", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8631", "CVE-2020-8632"], "description": "Package : cloud-init\nVersion : 0.7.6~bzr976-2+deb8u1\nCVE ID : CVE-2020-8631 CVE-2020-8632\nDebian Bug : 951362 951363\n\n\nCVE-2020-8631\n\n In cloud-init, relies on Mersenne Twister for a random password,\n which makes it easier for attackers to predict passwords, because\n rand_str in cloudinit/util.py calls the random.choice function.\n\nCVE-2020-8632\n\n In cloud-init, rand_user_password in\n cloudinit/config/cc_set_passwords.py has a small default pwlen\n value, which makes it easier for attackers to guess passwords.\n\nFor Debian 8 &quot;Jessie&quot;, these problems have been fixed in version\n0.7.6~bzr976-2+deb8u1.\n\nWe recommend that you upgrade your cloud-init packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS\n\n\nBest,\nUtkarsh\n", "edition": 1, "modified": "2020-02-21T09:02:32", "published": "2020-02-21T09:02:32", "id": "DEBIAN:DLA-2113-1:6D037", "href": "https://lists.debian.org/debian-lts-announce/2020/debian-lts-announce-202002/msg00021.html", "title": "[SECURITY] [DLA 2113-1] cloud-init security update", "type": "debian", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:P/I:N/A:N"}}]}