DATABASE RESOURCES PRICING ABOUT US

{"id": "PHSA-2021-0113", "vendorId": null, "type": "photon", "bulletinFamily": "unix", "title": "Important Photon OS Security Update - PHSA-2021-0113", "description": "Updates of ['vim', 'openssh', 'containerd', 'docker'] packages of Photon OS have been released.\n", "published": "2021-10-09T00:00:00", "modified": "2021-10-09T00:00:00", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "accessVector": "LOCAL", "accessComplexity": "LOW", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 7.2}, "severity": "HIGH", "exploitabilityScore": 3.9, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {"cvssV3": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH"}, "exploitabilityScore": 1.8, "impactScore": 5.9}, "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-113", "reporter": "Photon", "references": [], "cvelist": ["CVE-2016-20012", "CVE-2021-3796", "CVE-2021-41089", "CVE-2021-41103", "CVE-2021-41617"], "immutableFields": [], "lastseen": "2022-05-12T18:54:10", "viewCount": 10, "enchantments": {"dependencies": {"references": [{"type": "aix", "idList": ["OPENSSH_ADVISORY14.ASC"]}, {"type": "almalinux", "idList": ["ALSA-2021:4517", "ALSA-2022:2013"]}, {"type": "amazon", "idList": ["ALAS-2021-1537", "ALAS-2021-1540", "ALAS-2022-1565", "ALAS2-2021-1728", "ALAS2-2022-1748"]}, {"type": "centos", "idList": ["CESA-2021:4782"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:2678661DA7C206FDBAA0DA5F4E04CEEF"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1633965229", "CLSA-2021:1634745118"]}, {"type": "cve", "idList": ["CVE-2016-20012", "CVE-2021-3796", "CVE-2021-41089", "CVE-2021-41103", "CVE-2021-41617"]}, {"type": "debian", "idList": ["DEBIAN:DLA-2876-1:15A8F", "DEBIAN:DSA-5002-1:C91D8", "DEBIAN:DSA-5002-1:FE3C9"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2016-20012", "DEBIANCVE:CVE-2021-3796", "DEBIANCVE:CVE-2021-41089", "DEBIANCVE:CVE-2021-41103", "DEBIANCVE:CVE-2021-41617"]}, {"type": "f5", "idList": ["F5:K12705583"]}, {"type": "fedora", "idList": ["FEDORA:0BF24309C5AE", "FEDORA:2FB853059E16", "FEDORA:3FEE7311CDD5", "FEDORA:439553083D01", "FEDORA:4863E3093F4C", "FEDORA:4EA9B30FC826", "FEDORA:7D74530758FB", "FEDORA:AFC9E304C77D", "FEDORA:B14C530A6A1B", "FEDORA:EE81630584D8"]}, {"type": "freebsd", "idList": ["2A1B931F-2B86-11EC-8ACD-C80AA9043978"]}, {"type": "github", "idList": ["GHSA-C2H3-6MXW-7MVQ"]}, {"type": "huntr", "idList": ["AB60B7F3-6FB1-4AC2-A4FA-4D592E08008D"]}, {"type": "ibm", "idList": ["2EF9066BA5F11D9986048F871CB871CE5CBCDF5603AD3266C94B320BA0759BAD", "352F9618283C7CC1BC53906B3D16053CDCA2EF2DACE3A32E57418C711B4759E9", "375F993925076109F4ED4A2246256503830844B0B6CD8891257D937104088390", "4DD5D3CC0219293B9D9372E7F3521DE5C5C8537003D51999A85956C9A525CD8E", "5CF5E501F33F27E00550D56AF2E8B4DD49ABBF9F37122E58BF4BBEBB4CE88ECC", "72AD5D71FF571D991FCA51BDAC7D0D303109A868FA89340C6F8CD492F9F038E3", "90CF485116A952ADEC5B5A85E722DF33D1556D18AE9C7D1F5699712F4EB9F66A", "97D5F772EC68BDCD260FBB9DFB7A322AAAC657E9360305DF11F9C6A6A40D1B85", "B1F38841711B061F8325E6A13E1E3F81E4E873531F7552A557FA24AA06AA1148", "DF84FCF323E024866FDD23E02AEC61C6C6A2158E8837A17D58751EFE1AD29BFB", "ED1E746B4A444761DF86B7BD074E2911879CE51C4CFBB278424F2A23E63071FA", "F5EB55E6DBF388E7CB6C76AFCD8A50A86C1FE6B41E6933749DC88EF56B7E408E"]}, {"type": "ics", "idList": ["ICSA-22-167-09"]}, {"type": "mageia", "idList": ["MGASA-2021-0481", "MGASA-2021-0484", "MGASA-2021-0500", "MGASA-2021-0561"]}, {"type": "nessus", "idList": ["AL2_ALAS-2021-1728.NASL", "AL2_ALAS-2022-016.NASL", "AL2_ALAS-2022-017.NASL", "AL2_ALAS-2022-1748.NASL", "AL2_ALASDOCKER-2022-016.NASL", "AL2_ALASDOCKER-2022-017.NASL", "AL2_ALASNITRO-ENCLAVES-2022-016.NASL", "AL2_ALASNITRO-ENCLAVES-2022-017.NASL", "ALA_ALAS-2021-1537.NASL", "ALA_ALAS-2021-1540.NASL", "ALA_ALAS-2022-1565.NASL", "ALMA_LINUX_ALSA-2021-4517.NASL", "ALMA_LINUX_ALSA-2022-2013.NASL", "CENTOS8_RHSA-2021-4517.NASL", "CENTOS_RHSA-2021-4782.NASL", "DEBIAN_DLA-2876.NASL", "DEBIAN_DSA-5002.NASL", "EULEROS_SA-2021-2809.NASL", "EULEROS_SA-2021-2817.NASL", "EULEROS_SA-2021-2845.NASL", "EULEROS_SA-2021-2853.NASL", "EULEROS_SA-2021-2913.NASL", "EULEROS_SA-2021-2918.NASL", "EULEROS_SA-2021-2921.NASL", "EULEROS_SA-2021-2926.NASL", "EULEROS_SA-2021-2937.NASL", "EULEROS_SA-2022-1049.NASL", "EULEROS_SA-2022-1054.NASL", "EULEROS_SA-2022-1153.NASL", "EULEROS_SA-2022-1193.NASL", "EULEROS_SA-2022-1212.NASL", "EULEROS_SA-2022-1217.NASL", "EULEROS_SA-2022-1231.NASL", "EULEROS_SA-2022-1236.NASL", "EULEROS_SA-2022-1239.NASL", "EULEROS_SA-2022-1251.NASL", "EULEROS_SA-2022-1280.NASL", "EULEROS_SA-2022-1384.NASL", "EULEROS_SA-2022-1389.NASL", "EULEROS_SA-2022-1410.NASL", "EULEROS_SA-2022-1415.NASL", "EULEROS_SA-2022-1680.NASL", "EULEROS_SA-2022-1886.NASL", "EULEROS_SA-2022-1926.NASL", "FEDORA_2021-968F57EC98.NASL", "FREEBSD_PKG_2A1B931F2B8611EC8ACDC80AA9043978.NASL", "NEWSTART_CGSL_NS-SA-2022-0001_OPENSSH-LATEST.NASL", "NEWSTART_CGSL_NS-SA-2022-0018_DOCKER-CE.NASL", "NEWSTART_CGSL_NS-SA-2022-0070_OPENSSH.NASL", "NEWSTART_CGSL_NS-SA-2022-0071_DOCKER-CE.NASL", "OPENSSH_88.NASL", "OPENSSH_PCI_DISPUTED.NASL", "OPENSUSE-2021-1404.NASL", "OPENSUSE-2021-3506.NASL", "OPENSUSE-2021-3950.NASL", "OPENSUSE-2022-0334-1.NASL", "OPENSUSE-2022-0736-1.NASL", "ORACLELINUX_ELSA-2021-4517.NASL", "ORACLELINUX_ELSA-2021-4782.NASL", "ORACLELINUX_ELSA-2021-9575.NASL", "ORACLELINUX_ELSA-2022-2013.NASL", "PHOTONOS_PHSA-2021-1_0-0439_DOCKER.NASL", "PHOTONOS_PHSA-2021-1_0-0440_OPENSSH.NASL", "PHOTONOS_PHSA-2021-2_0-0402_CONTAINERD.NASL", "PHOTONOS_PHSA-2021-2_0-0402_DOCKER.NASL", "PHOTONOS_PHSA-2021-2_0-0403_VIM.NASL", "PHOTONOS_PHSA-2021-3_0-0311_CONTAINERD.NASL", "PHOTONOS_PHSA-2021-3_0-0311_DOCKER.NASL", "PHOTONOS_PHSA-2021-3_0-0312_VIM.NASL", "PHOTONOS_PHSA-2021-4_0-0113_CONTAINERD.NASL", "PHOTONOS_PHSA-2021-4_0-0113_DOCKER.NASL", "PHOTONOS_PHSA-2021-4_0-0113_OPENSSH.NASL", "PHOTONOS_PHSA-2021-4_0-0113_VIM.NASL", "REDHAT-RHSA-2021-4517.NASL", "REDHAT-RHSA-2021-4782.NASL", "REDHAT-RHSA-2022-2013.NASL", "ROCKY_LINUX_RLSA-2021-4517.NASL", "ROCKY_LINUX_RLSA-2022-2013.NASL", "SUSE_SU-2021-14847-1.NASL", "SUSE_SU-2021-14870-1.NASL", "SUSE_SU-2021-3336-1.NASL", "SUSE_SU-2021-3506-1.NASL", "SUSE_SU-2021-3875-1.NASL", "SUSE_SU-2021-3887-1.NASL", "SUSE_SU-2021-3947-1.NASL", "SUSE_SU-2021-3950-1.NASL", "SUSE_SU-2021-3951-1.NASL", "SUSE_SU-2022-0213-1.NASL", "SUSE_SU-2022-0334-1.NASL", "SUSE_SU-2022-0736-1.NASL", "SUSE_SU-2022-0805-1.NASL", "SUSE_SU-2022-2102-1.NASL", "UBUNTU_USN-5093-1.NASL", "UBUNTU_USN-5100-1.NASL", "UBUNTU_USN-5103-1.NASL"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2022", "ORACLE:CPUJUL2022"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-4517", "ELSA-2021-4782", "ELSA-2021-9575", "ELSA-2022-2013"]}, {"type": "osv", "idList": ["OSV:DLA-2876-1", "OSV:DSA-5002-1", "OSV:GHSA-C2H3-6MXW-7MVQ"]}, {"type": "paloalto", "idList": ["PA-CVE-2021-41617"]}, {"type": "photon", "idList": ["PHSA-2021-0311", "PHSA-2021-0312", "PHSA-2021-0313", "PHSA-2021-0402", "PHSA-2021-0439", "PHSA-2021-0440", "PHSA-2021-1.0-0439", "PHSA-2021-1.0-0440", "PHSA-2021-2.0-0402", "PHSA-2021-2.0-0403", "PHSA-2021-3.0-0311", "PHSA-2021-3.0-0312", "PHSA-2021-4.0-0113"]}, {"type": "redhat", "idList": ["RHSA-2021:4032", "RHSA-2021:4517", "RHSA-2021:4627", "RHSA-2021:4782", "RHSA-2021:4845", "RHSA-2021:4848", "RHSA-2021:4914", "RHSA-2021:5038", "RHSA-2021:5128", "RHSA-2021:5137", "RHSA-2022:0202", "RHSA-2022:0318", "RHSA-2022:0735", "RHSA-2022:2013", "RHSA-2022:4671", "RHSA-2022:4690", "RHSA-2022:4691", "RHSA-2022:4692", "RHSA-2022:4814", "RHSA-2022:5201", "RHSA-2022:5392", "RHSA-2022:5483", "RHSA-2022:5673", "RHSA-2022:5840"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-3796", "RH:CVE-2021-41089", "RH:CVE-2021-41103", "RH:CVE-2021-41617"]}, {"type": "rocky", "idList": ["RLSA-2021:4517", "RLSA-2022:2013"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:1404-1", "OPENSUSE-SU-2021:3506-1", "OPENSUSE-SU-2021:3950-1", "OPENSUSE-SU-2022:0334-1", "OPENSUSE-SU-2022:0736-1", "SUSE-SU-2022:2102-1"]}, {"type": "ubuntu", "idList": ["USN-5093-1", "USN-5100-1", "USN-5103-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-20012", "UB:CVE-2021-3796", "UB:CVE-2021-41089", "UB:CVE-2021-41103", "UB:CVE-2021-41617"]}, {"type": "veracode", "idList": ["VERACODE:32328", "VERACODE:32367", "VERACODE:32374", "VERACODE:32400"]}]}, "score": {"value": 1.7, "vector": "NONE"}, "backreferences": {"references": [{"type": "aix", "idList": ["OPENSSH_ADVISORY14.ASC"]}, {"type": "almalinux", "idList": ["ALSA-2021:4517"]}, {"type": "amazon", "idList": ["ALAS-2021-1537", "ALAS-2021-1540"]}, {"type": "centos", "idList": ["CESA-2021:4782"]}, {"type": "cloudfoundry", "idList": ["CFOUNDRY:2678661DA7C206FDBAA0DA5F4E04CEEF"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1633965229"]}, {"type": "cve", "idList": ["CVE-2016-20012", "CVE-2021-3796", "CVE-2021-41089", "CVE-2021-41103", "CVE-2021-41617"]}, {"type": "debian", "idList": ["DEBIAN:DSA-5002-1:C91D8", "DEBIAN:DSA-5002-1:FE3C9"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2021-41089", "DEBIANCVE:CVE-2021-41103"]}, {"type": "f5", "idList": ["F5:K12705583"]}, {"type": "fedora", "idList": ["FEDORA:0BF24309C5AE", "FEDORA:2FB853059E16", "FEDORA:3FEE7311CDD5", "FEDORA:4863E3093F4C", "FEDORA:4EA9B30FC826", "FEDORA:EE81630584D8"]}, {"type": "freebsd", "idList": ["2A1B931F-2B86-11EC-8ACD-C80AA9043978"]}, {"type": "github", "idList": ["GHSA-C2H3-6MXW-7MVQ"]}, {"type": "ibm", "idList": ["352F9618283C7CC1BC53906B3D16053CDCA2EF2DACE3A32E57418C711B4759E9", "375F993925076109F4ED4A2246256503830844B0B6CD8891257D937104088390", "4DD5D3CC0219293B9D9372E7F3521DE5C5C8537003D51999A85956C9A525CD8E"]}, {"type": "nessus", "idList": ["ALA_ALAS-2021-1537.NASL", "ALA_ALAS-2021-1540.NASL", "CENTOS8_RHSA-2021-4517.NASL", "CENTOS_RHSA-2021-4782.NASL", "DEBIAN_DSA-5002.NASL", "FREEBSD_PKG_2A1B931F2B8611EC8ACDC80AA9043978.NASL", "OPENSUSE-2021-3506.NASL", "OPENSUSE-2021-3950.NASL", "ORACLELINUX_ELSA-2021-4517.NASL", "ORACLELINUX_ELSA-2021-9575.NASL", "PHOTONOS_PHSA-2021-1_0-0439_DOCKER.NASL", "PHOTONOS_PHSA-2021-1_0-0440_OPENSSH.NASL", "PHOTONOS_PHSA-2021-2_0-0402_CONTAINERD.NASL", "PHOTONOS_PHSA-2021-2_0-0402_DOCKER.NASL", "PHOTONOS_PHSA-2021-2_0-0403_VIM.NASL", "PHOTONOS_PHSA-2021-3_0-0311_CONTAINERD.NASL", "PHOTONOS_PHSA-2021-3_0-0311_DOCKER.NASL", "PHOTONOS_PHSA-2021-3_0-0312_VIM.NASL", "PHOTONOS_PHSA-2021-4_0-0113_CONTAINERD.NASL", "PHOTONOS_PHSA-2021-4_0-0113_DOCKER.NASL", "PHOTONOS_PHSA-2021-4_0-0113_OPENSSH.NASL", "PHOTONOS_PHSA-2021-4_0-0113_VIM.NASL", "REDHAT-RHSA-2021-4517.NASL", "SUSE_SU-2021-14847-1.NASL", "SUSE_SU-2021-3336-1.NASL", "SUSE_SU-2021-3506-1.NASL", "SUSE_SU-2021-3875-1.NASL", "SUSE_SU-2021-3887-1.NASL", "SUSE_SU-2021-3947-1.NASL", "SUSE_SU-2021-3950-1.NASL", "SUSE_SU-2021-3951-1.NASL", "UBUNTU_USN-5093-1.NASL", "UBUNTU_USN-5100-1.NASL", "UBUNTU_USN-5103-1.NASL"]}, {"type": "oraclelinux", "idList": ["ELSA-2021-4517", "ELSA-2021-4782", "ELSA-2021-9575"]}, {"type": "paloalto", "idList": ["PA-CVE-2021-41617"]}, {"type": "photon", "idList": ["PHSA-2021-0403", "PHSA-2021-0404", "PHSA-2021-1.0-0439", "PHSA-2021-1.0-0440", "PHSA-2021-2.0-0402", "PHSA-2021-2.0-0403", "PHSA-2021-3.0-0311", "PHSA-2021-3.0-0312", "PHSA-2021-4.0-0113"]}, {"type": "redhat", "idList": ["RHSA-2021:4914"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-3796", "RH:CVE-2021-41089", "RH:CVE-2021-41103", "RH:CVE-2021-41617"]}, {"type": "rocky", "idList": ["RLSA-2021:4517"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2021:3506-1", "OPENSUSE-SU-2021:3950-1"]}, {"type": "ubuntu", "idList": ["USN-5093-1", "USN-5100-1", "USN-5103-1"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2016-20012", "UB:CVE-2021-3796", "UB:CVE-2021-41089", "UB:CVE-2021-41103", "UB:CVE-2021-41617"]}]}, "exploitation": null, "epss": [{"cve": "CVE-2016-20012", "epss": "0.003270000", "percentile": "0.662390000", "modified": "2023-03-17"}, {"cve": "CVE-2021-3796", "epss": "0.000870000", "percentile": "0.351210000", "modified": "2023-03-17"}, {"cve": "CVE-2021-41089", "epss": "0.000470000", "percentile": "0.144010000", "modified": "2023-03-17"}, {"cve": "CVE-2021-41103", "epss": "0.000450000", "percentile": "0.120240000", "modified": "2023-03-17"}, {"cve": "CVE-2021-41617", "epss": "0.000570000", "percentile": "0.215880000", "modified": "2023-03-17"}], "vulnersScore": 1.7}, "_state": {"dependencies": 1660032824, "score": 1698844284, "epss": 1679176287}, "_internal": {"score_hash": "9cc444e509c5832530f52682d82b838b"}, "affectedPackage": [{"OS": "Photon", "OSVersion": "4.0", "arch": "x86_64", "packageVersion": "8.8p1-1.ph4", "packageFilename": "openssh-server-8.8p1-1.ph4.x86_64.rpm", "operator": "lt", "packageName": "openssh-server"}, {"OS": "Photon", "OSVersion": "4.0", "arch": "x86_64", "packageVersion": "19.03.15-5.ph4", "packageFilename": "docker-19.03.15-5.ph4.x86_64.rpm", "operator": "lt", "packageName": "docker"}, {"OS": "Photon", "OSVersion": "4.0", "arch": "x86_64", "packageVersion": "1.4.4-6.ph4", "packageFilename": "containerd-1.4.4-6.ph4.x86_64.rpm", "operator": "lt", "packageName": "containerd"}, {"OS": "Photon", "OSVersion": "4.0", "arch": "x86_64", "packageVersion": "19.03.15-5.ph4", "packageFilename": "docker-doc-19.03.15-5.ph4.x86_64.rpm", "operator": "lt", "packageName": "docker-doc"}, {"OS": "Photon", "OSVersion": "4.0", "arch": "x86_64", "packageVersion": "1.4.4-6.ph4", "packageFilename": "containerd-doc-1.4.4-6.ph4.x86_64.rpm", "operator": "lt", "packageName": "containerd-doc"}, {"OS": "Photon", "OSVersion": "4.0", "arch": "x86_64", "packageVersion": "8.8p1-1.ph4", "packageFilename": "openssh-clients-8.8p1-1.ph4.x86_64.rpm", "operator": "lt", "packageName": "openssh-clients"}, {"OS": "Photon", "OSVersion": "4.0", "arch": "x86_64", "packageVersion": "8.2.3428-1.ph4", "packageFilename": "vim-extra-8.2.3428-1.ph4.x86_64.rpm", "operator": "lt", "packageName": "vim-extra"}, {"OS": "Photon", "OSVersion": "4.0", "arch": "x86_64", "packageVersion": "19.03.15-5.ph4", "packageFilename": "docker-engine-19.03.15-5.ph4.x86_64.rpm", "operator": "lt", "packageName": "docker-engine"}, {"OS": "Photon", "OSVersion": "4.0", "arch": "x86_64", "packageVersion": "1.4.4-6.ph4", "packageFilename": "containerd-extras-1.4.4-6.ph4.x86_64.rpm", "operator": "lt", "packageName": "containerd-extras"}, {"OS": "Photon", "OSVersion": "4.0", "arch": "x86_64", "packageVersion": "8.8p1-1.ph4", "packageFilename": "openssh-8.8p1-1.ph4.x86_64.rpm", "operator": "lt", "packageName": "openssh"}, {"OS": "Photon", "OSVersion": "4.0", "arch": "x86_64", "packageVersion": "19.03.15-5.ph4", "packageFilename": "docker-cli-19.03.15-5.ph4.x86_64.rpm", "operator": "lt", "packageName": "docker-cli"}, {"OS": "Photon", "OSVersion": "4.0", "arch": "x86_64", "packageVersion": "8.2.3428-1.ph4", "packageFilename": "vim-8.2.3428-1.ph4.x86_64.rpm", "operator": "lt", "packageName": "vim"}], "vendorCvss": {"severity": "important"}}

{"photon": [{"lastseen": "2023-12-02T17:51:32", "description": "Updates of ['vim', 'containerd', 'openssh', 'docker'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-10-09T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-4.0-0113", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2016-20012", "CVE-2021-3796", "CVE-2021-41089", "CVE-2021-41103", "CVE-2021-41617", "CVE-2023-34060"], "modified": "2021-10-09T00:00:00", "id": "PHSA-2021-4.0-0113", "href": "https://github.com/vmware/photon/wiki/Security-Update-4.0-113", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-26T23:49:41", "description": "An update of {'docker', 'containerd'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-10-08T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2021-2.0-0402", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41089", "CVE-2021-41103"], "modified": "2021-10-08T00:00:00", "id": "PHSA-2021-2.0-0402", "href": "https://github.com/vmware/photon/wiki/Security-Updates-2-402", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-11-26T20:49:52", "description": "An update of {'docker'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.8, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-10-07T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2021-1.0-0439", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41089", "CVE-2021-41103"], "modified": "2021-10-07T00:00:00", "id": "PHSA-2021-1.0-0439", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-439", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2022-05-12T18:39:53", "description": "Updates of ['containerd', 'docker'] packages of Photon OS have been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "baseScore": 7.8, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2021-10-05T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-0311", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 7.2, "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "impactScore": 10.0, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41089", "CVE-2021-41103"], "modified": "2021-10-05T00:00:00", "id": "PHSA-2021-0311", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-311", "cvss": {"score": 7.2, "vector": "AV:L/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2023-12-02T18:32:36", "description": "Updates of ['containerd', 'docker'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-10-08T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-0402", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41089", "CVE-2021-41103", "CVE-2023-34060"], "modified": "2021-10-08T00:00:00", "id": "PHSA-2021-0402", "href": "https://github.com/vmware/photon/wiki/Security-Update-2.0-402", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T18:11:42", "description": "Updates of ['containerd', 'docker'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-10-05T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-3.0-0311", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41089", "CVE-2021-41103", "CVE-2023-34060"], "modified": "2021-10-05T00:00:00", "id": "PHSA-2021-3.0-0311", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-311", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T18:53:33", "description": "Updates of ['docker'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-10-07T00:00:00", "type": "photon", "title": "Moderate Photon OS Security Update - PHSA-2021-0439", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41089", "CVE-2021-41103", "CVE-2023-34060"], "modified": "2021-10-07T00:00:00", "id": "PHSA-2021-0439", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-439", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-26T20:50:20", "description": "An update of {'openssh'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 1.0, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 7.0, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2021-10-10T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2021-1.0-0440", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 3.4, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 4.4, "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41617"], "modified": "2021-10-10T00:00:00", "id": "PHSA-2021-1.0-0440", "href": "https://github.com/vmware/photon/wiki/Security-Updates-1.0-440", "cvss": {"score": 4.4, "vector": "AV:L/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-26T23:48:29", "description": "An update of {'vim'} packages of Photon OS has been released.\n", "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "LOW", "baseScore": 7.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 5.5}, "published": "2021-10-12T00:00:00", "type": "photon", "title": "Home\nDownload Photon OS\nUser Documentation\nFAQ\nSecurity Advisories\nRelated Information\n\nLightwave - PHSA-2021-2.0-0403", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-3796"], "modified": "2021-10-12T00:00:00", "id": "PHSA-2021-2.0-0403", "href": "https://github.com/vmware/photon/wiki/Security-Updates-2-403", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T18:53:36", "description": "Updates of ['openssh'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-10-10T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-0440", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41617", "CVE-2023-34060"], "modified": "2021-10-10T00:00:00", "id": "PHSA-2021-0440", "href": "https://github.com/vmware/photon/wiki/Security-Update-1.0-440", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2023-12-02T18:11:30", "description": "Updates of ['openssh'] packages of Photon OS have been released.\n", "cvss3": {"cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}}, "published": "2021-10-15T00:00:00", "type": "photon", "title": "Important Photon OS Security Update - PHSA-2021-3.0-0313", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2021-41617", "CVE-2023-34060"], "modified": "2021-10-15T00:00:00", "id": "PHSA-2021-3.0-0313", "href": "https://github.com/vmware/photon/wiki/Security-Update-3.0-313", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2023-11-29T19:36:43", "description": "An update of the openssh package has been released.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\n - OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a challenge is sent only when that combination could be valid for a login session. (CVE-2016-20012)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-10T00:00:00", "type": "nessus", "title": "Photon OS 4.0: Openssh PHSA-2021-4.0-0113", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2016-20012", "CVE-2021-41617"], "modified": "2023-11-28T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:openssh", "cpe:/o:vmware:photonos:4.0"], "id": "PHOTONOS_PHSA-2021-4_0-0113_OPENSSH.NASL", "href": "https://www.tenable.com/plugins/nessus/153972", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-4.0-0113. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153972);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/28\");\n\n script_cve_id(\"CVE-2016-20012\", \"CVE-2021-41617\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"Photon OS 4.0: Openssh PHSA-2021-4.0-0113\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the openssh package has been released.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\n - OpenSSH through 8.7 allows remote attackers, who have a suspicion that a certain combination of username\n and public key is known to an SSH server, to test whether this suspicion is correct. This occurs because a\n challenge is sent only when that combination could be valid for a login session. (CVE-2016-20012)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-4.0-113.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:4.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 4\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 4.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nvar flag = 0;\n\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'openssh-8.8p1-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'openssh-clients-8.8p1-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'openssh-server-8.8p1-1.ph4')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssh');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:58:54", "description": "An update of the docker package has been released.\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the hosts filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-07T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Docker PHSA-2021-1.0-0439", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41089", "CVE-2021-41103"], "modified": "2021-10-19T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:docker", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2021-1_0-0439_DOCKER.NASL", "href": "https://www.tenable.com/plugins/nessus/153929", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-1.0-0439. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153929);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/19\");\n\n script_cve_id(\"CVE-2021-41089\", \"CVE-2021-41103\");\n\n script_name(english:\"Photon OS 1.0: Docker PHSA-2021-1.0-0439\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the docker package has been released.\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container\n can result in Unix file permission changes for existing files in the hosts filesystem, widening access\n to others. This bug does not directly allow files to be read, modified, or executed without an additional\n cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this\n version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-439.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 1.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nvar flag = 0;\n\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'docker-18.09.9-7.ph1')) flag++;\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'docker-doc-18.09.9-7.ph1')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'docker');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:59:01", "description": "An update of the containerd package has been released.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-08T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Containerd PHSA-2021-3.0-0311", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41103"], "modified": "2021-10-19T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:containerd", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2021-3_0-0311_CONTAINERD.NASL", "href": "https://www.tenable.com/plugins/nessus/153945", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-3.0-0311. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153945);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/19\");\n\n script_cve_id(\"CVE-2021-41103\");\n\n script_name(english:\"Photon OS 3.0: Containerd PHSA-2021-3.0-0311\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the containerd package has been released.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-311.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nvar flag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'containerd-1.4.4-6.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'containerd-doc-1.4.4-6.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'containerd-extras-1.4.4-6.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:46:14", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0213-1 advisory.\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.\n (CVE-2021-41091)\n\n - Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.\n (CVE-2021-41092)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\n - The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both manifests and layers fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. The OCI Distribution Specification has been updated to require that a mediaType value present in a manifest or index match the Content-Type header used during the push and pull operations. Clients pulling from a registry may distrust the Content-Type header and reject an ambiguous document that contains both manifests and layers fields or manifests and config fields if they are unable to update to version 1.0.1 of the spec. (CVE-2021-41190)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-01-28T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : containerd, docker (SUSE-SU-2022:0213-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41089", "CVE-2021-41091", "CVE-2021-41092", "CVE-2021-41103", "CVE-2021-41190"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:containerd", "p-cpe:/a:novell:suse_linux:docker", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2022-0213-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157188", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0213-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157188);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-41089\",\n \"CVE-2021-41091\",\n \"CVE-2021-41092\",\n \"CVE-2021-41103\",\n \"CVE-2021-41190\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0213-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : containerd, docker (SUSE-SU-2022:0213-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:0213-1 advisory.\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container\n can result in Unix file permission changes for existing files in the host's filesystem, widening access to\n others. This bug does not directly allow files to be read, modified, or executed without an additional\n cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this\n version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with\n insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory\n contents and execute programs. When containers included executable programs with extended permission bits\n (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed\n in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running\n containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade\n limit access to the host to trusted users. Limit access to host volumes to trusted containers.\n (CVE-2021-41091)\n\n - Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker\n CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file\n (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed\n would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended\n private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as\n soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries\n in the configuration file reference an installed credential helper that is executable and on the PATH.\n (CVE-2021-41092)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\n - The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution\n of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone\n was used to determine the type of document during push and pull operations. Documents that contain both\n manifests and layers fields could be interpreted as either a manifest or an index in the absence of an\n accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a\n client may interpret the resulting content differently. The OCI Distribution Specification has been\n updated to require that a mediaType value present in a manifest or index match the Content-Type header\n used during the push and pull operations. Clients pulling from a registry may distrust the Content-Type\n header and reject an ambiguous document that contains both manifests and layers fields or manifests\n and config fields if they are unable to update to version 1.0.1 of the spec. (CVE-2021-41190)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191334\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193273\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41089\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41103\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41190\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-January/010123.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8c3ae313\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected containerd and / or docker packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/01/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/01/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP0/3/4/5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'containerd-1.4.12-16.49.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'containerd-1.4.12-16.49.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'containerd-1.4.12-16.49.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'containerd-1.4.12-16.49.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'docker-20.10.12_ce-98.75.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'docker-20.10.12_ce-98.75.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'docker-20.10.12_ce-98.75.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'docker-20.10.12_ce-98.75.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd / docker');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:34:21", "description": "An update of the docker package has been released.\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the hosts filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-10T00:00:00", "type": "nessus", "title": "Photon OS 4.0: Docker PHSA-2021-4.0-0113", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41089"], "modified": "2021-10-12T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:docker", "cpe:/o:vmware:photonos:4.0"], "id": "PHOTONOS_PHSA-2021-4_0-0113_DOCKER.NASL", "href": "https://www.tenable.com/plugins/nessus/153973", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-4.0-0113. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153973);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\"CVE-2021-41089\");\n\n script_name(english:\"Photon OS 4.0: Docker PHSA-2021-4.0-0113\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the docker package has been released.\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container\n can result in Unix file permission changes for existing files in the hosts filesystem, widening access\n to others. This bug does not directly allow files to be read, modified, or executed without an additional\n cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this\n version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-4.0-113.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41089\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:4.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 4\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 4.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nvar flag = 0;\n\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'docker-19.03.15-5.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'docker-cli-19.03.15-5.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'docker-doc-19.03.15-5.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'docker-engine-19.03.15-5.ph4')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'docker');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:58:59", "description": "The version of containerd installed on the remote host is prior to 1.4.6-3.9. It is, therefore, affected by a vulnerability as referenced in the ALAS-2021-1540 advisory.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-04T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : containerd (ALAS-2021-1540)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41103"], "modified": "2021-10-19T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:containerd", "p-cpe:/a:amazon:linux:containerd-debuginfo", "p-cpe:/a:amazon:linux:containerd-stress", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2021-1540.NASL", "href": "https://www.tenable.com/plugins/nessus/153864", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2021-1540.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153864);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/19\");\n\n script_cve_id(\"CVE-2021-41103\");\n script_xref(name:\"ALAS\", value:\"2021-1540\");\n\n script_name(english:\"Amazon Linux AMI : containerd (ALAS-2021-1540)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of containerd installed on the remote host is prior to 1.4.6-3.9. It is, therefore, affected by a\nvulnerability as referenced in the ALAS-2021-1540 advisory.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2021-1540.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-41103\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update containerd' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-stress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'containerd-1.4.6-3.9.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.6-3.9.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.6-3.9.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"containerd / containerd-debuginfo / containerd-stress\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-27T19:45:26", "description": "The version of containerd installed on the remote host is prior to 1.4.6-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2ECS-2023-027 advisory.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-11-16T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : containerd (ALASECS-2023-027)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41103"], "modified": "2023-11-16T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:containerd", "p-cpe:/a:amazon:linux:containerd-debuginfo", "p-cpe:/a:amazon:linux:containerd-stress", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASECS-2023-027.NASL", "href": "https://www.tenable.com/plugins/nessus/185922", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASECS-2023-027.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(185922);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/16\");\n\n script_cve_id(\"CVE-2021-41103\");\n\n script_name(english:\"Amazon Linux 2 : containerd (ALASECS-2023-027)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of containerd installed on the remote host is prior to 1.4.6-3. It is, therefore, affected by a\nvulnerability as referenced in the ALAS2ECS-2023-027 advisory.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASECS-2023-027.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-41103.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/faqs.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update containerd' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/11/16\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-stress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'containerd-1.4.6-3.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-1.4.6-3.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.6-3.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.6-3.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.6-3.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.6-3.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"containerd / containerd-debuginfo / containerd-stress\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:44:59", "description": "The version of containerd installed on the remote host is prior to 1.4.6-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2DOCKER-2022-016 advisory.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-02T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : containerd (ALASDOCKER-2022-016)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41103"], "modified": "2022-05-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:containerd", "p-cpe:/a:amazon:linux:containerd-debuginfo", "p-cpe:/a:amazon:linux:containerd-stress", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASDOCKER-2022-016.NASL", "href": "https://www.tenable.com/plugins/nessus/160406", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASDOCKER-2022-016.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160406);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/02\");\n\n script_cve_id(\"CVE-2021-41103\");\n\n script_name(english:\"Amazon Linux 2 : containerd (ALASDOCKER-2022-016)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of containerd installed on the remote host is prior to 1.4.6-3. It is, therefore, affected by a\nvulnerability as referenced in the ALAS2DOCKER-2022-016 advisory.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASDOCKER-2022-016.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-41103.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update containerd' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-stress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'containerd-1.4.6-3.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-1.4.6-3.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.6-3.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.6-3.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.6-3.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.6-3.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"containerd / containerd-debuginfo / containerd-stress\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-19T15:12:45", "description": "The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.04 host has packages installed that are affected by a vulnerability as referenced in the USN-5100-1 advisory.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-04T00:00:00", "type": "nessus", "title": "Ubuntu 18.04 LTS / 20.04 LTS : containerd vulnerability (USN-5100-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41103"], "modified": "2023-10-16T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:containerd", "p-cpe:/a:canonical:ubuntu_linux:golang-github-containerd-containerd-dev"], "id": "UBUNTU_USN-5100-1.NASL", "href": "https://www.tenable.com/plugins/nessus/153854", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5100-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153854);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\"CVE-2021-41103\");\n script_xref(name:\"USN\", value:\"5100-1\");\n\n script_name(english:\"Ubuntu 18.04 LTS / 20.04 LTS : containerd vulnerability (USN-5100-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 18.04 LTS / 20.04 LTS / 21.04 host has packages installed that are affected by a vulnerability as\nreferenced in the USN-5100-1 advisory.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5100-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected containerd and / or golang-github-containerd-containerd-dev packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:golang-github-containerd-containerd-dev\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '18.04', 'pkgname': 'containerd', 'pkgver': '1.5.2-0ubuntu1~18.04.3'},\n {'osver': '18.04', 'pkgname': 'golang-github-containerd-containerd-dev', 'pkgver': '1.5.2-0ubuntu1~18.04.3'},\n {'osver': '20.04', 'pkgname': 'containerd', 'pkgver': '1.5.2-0ubuntu1~20.04.3'},\n {'osver': '20.04', 'pkgname': 'golang-github-containerd-containerd-dev', 'pkgver': '1.5.2-0ubuntu1~20.04.3'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd / golang-github-containerd-containerd-dev');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:42:45", "description": "This plugin has been deprecated following detection of an issue with overlapping filenames. Deprecated by al2_ALASDOCKER-2022-016.nasl (plugin ID 160406)", "cvss3": {}, "published": "2022-03-09T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : containerd (ALAS-2022-016) (deprecated)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41103"], "modified": "2022-05-02T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:containerd", "p-cpe:/a:amazon:linux:containerd-debuginfo", "p-cpe:/a:amazon:linux:containerd-stress", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2022-016.NASL", "href": "https://www.tenable.com/plugins/nessus/158725", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2022-016.\n#\n# @DEPRECATED@\n#\n# Disabled on 2022/05/02. Deprecated by al2_ALASDOCKER-2022-016.nasl (plugin ID 160406)\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158725);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/05/02\");\n\n script_cve_id(\"CVE-2021-41103\");\n script_xref(name:\"ALAS\", value:\"2022-016\");\n\n script_name(english:\"Amazon Linux 2 : containerd (ALAS-2022-016) (deprecated)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"This plugin has been deprecated.\");\n script_set_attribute(attribute:\"description\", value:\n\"This plugin has been deprecated following detection of an issue with overlapping filenames. \nDeprecated by al2_ALASDOCKER-2022-016.nasl (plugin ID 160406)\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASDOCKER-2022-016.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-41103.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"N/A\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-stress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\nexit(0, 'This plugin has been deprecated. Use al2_ALASDOCKER-2022-016.nasl (plugin ID 160406) instead.');\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:35:01", "description": "The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5002 advisory.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-06T00:00:00", "type": "nessus", "title": "Debian DSA-5002-1 : containerd - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41103"], "modified": "2021-11-06T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:containerd", "p-cpe:/a:debian:debian_linux:golang-github-containerd-containerd-dev", "cpe:/o:debian:debian_linux:11.0"], "id": "DEBIAN_DSA-5002.NASL", "href": "https://www.tenable.com/plugins/nessus/154949", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory dsa-5002. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154949);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/06\");\n\n script_cve_id(\"CVE-2021-41103\");\n\n script_name(english:\"Debian DSA-5002-1 : containerd - security update\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Debian host is missing a security-related update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Debian 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5002\nadvisory.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/source-package/containerd\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.debian.org/security/2021/dsa-5002\");\n script_set_attribute(attribute:\"see_also\", value:\"https://security-tracker.debian.org/tracker/CVE-2021-41103\");\n script_set_attribute(attribute:\"see_also\", value:\"https://packages.debian.org/source/bullseye/containerd\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the containerd packages.\n\nFor the stable distribution (bullseye), this problem has been fixed in version 1.4.5~ds1-2+deb11u1.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:golang-github-containerd-containerd-dev\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:11.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Debian Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('debian_package.inc');\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar release = get_kb_item('Host/Debian/release');\nif ( isnull(release) ) audit(AUDIT_OS_NOT, 'Debian');\nvar release = chomp(release);\nif (! preg(pattern:\"^(11)\\.[0-9]+\", string:release)) audit(AUDIT_OS_NOT, 'Debian 11.0', 'Debian ' + release);\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Debian', cpu);\n\nvar pkgs = [\n {'release': '11.0', 'prefix': 'containerd', 'reference': '1.4.5~ds1-2+deb11u1'},\n {'release': '11.0', 'prefix': 'golang-github-containerd-containerd-dev', 'reference': '1.4.5~ds1-2+deb11u1'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var release = NULL;\n var prefix = NULL;\n var reference = NULL;\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['prefix'])) prefix = package_array['prefix'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (release && prefix && reference) {\n if (deb_check(release:release, prefix:prefix, reference:reference)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : deb_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = deb_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd / golang-github-containerd-containerd-dev');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:41:14", "description": "According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-02-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-1251)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41103"], "modified": "2022-02-25T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:docker-engine", "p-cpe:/a:huawei:euleros:docker-engine-selinux", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1251.NASL", "href": "https://www.tenable.com/plugins/nessus/158404", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158404);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/25\");\n\n script_cve_id(\"CVE-2021-41103\");\n\n script_name(english:\"EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-1251)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is\naffected by the following vulnerabilities :\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1251\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5ab81ed0\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected docker-engine packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:docker-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:docker-engine-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"docker-engine-18.09.0.200-200.h34.23.12.eulerosv2r10\",\n \"docker-engine-selinux-18.09.0.200-200.h34.23.12.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker-engine\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-18T15:21:10", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2022:0334-1 advisory.\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.\n (CVE-2021-41091)\n\n - Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.\n (CVE-2021-41092)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\n - The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both manifests and layers fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. The OCI Distribution Specification has been updated to require that a mediaType value present in a manifest or index match the Content-Type header used during the push and pull operations. Clients pulling from a registry may distrust the Content-Type header and reject an ambiguous document that contains both manifests and layers fields or manifests and config fields if they are unable to update to version 1.0.1 of the spec. (CVE-2021-41190)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-05T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : containerd, docker (openSUSE-SU-2022:0334-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41089", "CVE-2021-41091", "CVE-2021-41092", "CVE-2021-41103", "CVE-2021-41190"], "modified": "2023-11-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:containerd", "p-cpe:/a:novell:opensuse:containerd-ctr", "p-cpe:/a:novell:opensuse:docker", "p-cpe:/a:novell:opensuse:docker-bash-completion", "p-cpe:/a:novell:opensuse:docker-fish-completion", "p-cpe:/a:novell:opensuse:docker-kubic", "p-cpe:/a:novell:opensuse:docker-kubic-bash-completion", "p-cpe:/a:novell:opensuse:docker-kubic-fish-completion", "p-cpe:/a:novell:opensuse:docker-kubic-kubeadm-criconfig", "p-cpe:/a:novell:opensuse:docker-kubic-zsh-completion", "p-cpe:/a:novell:opensuse:docker-zsh-completion", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2022-0334-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157398", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2022:0334-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157398);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/17\");\n\n script_cve_id(\n \"CVE-2021-41089\",\n \"CVE-2021-41091\",\n \"CVE-2021-41092\",\n \"CVE-2021-41103\",\n \"CVE-2021-41190\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : containerd, docker (openSUSE-SU-2022:0334-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2022:0334-1 advisory.\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container\n can result in Unix file permission changes for existing files in the host's filesystem, widening access to\n others. This bug does not directly allow files to be read, modified, or executed without an additional\n cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this\n version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with\n insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory\n contents and execute programs. When containers included executable programs with extended permission bits\n (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed\n in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running\n containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade\n limit access to the host to trusted users. Limit access to host volumes to trusted containers.\n (CVE-2021-41091)\n\n - Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker\n CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file\n (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed\n would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended\n private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as\n soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries\n in the configuration file reference an installed credential helper that is executable and on the PATH.\n (CVE-2021-41092)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\n - The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution\n of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone\n was used to determine the type of document during push and pull operations. Documents that contain both\n manifests and layers fields could be interpreted as either a manifest or an index in the absence of an\n accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a\n client may interpret the resulting content differently. The OCI Distribution Specification has been\n updated to require that a mediaType value present in a manifest or index match the Content-Type header\n used during the push and pull operations. Clients pulling from a registry may distrust the Content-Type\n header and reject an ambiguous document that contains both manifests and layers fields or manifests\n and config fields if they are unable to update to version 1.0.1 of the spec. (CVE-2021-41190)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191334\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193273\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ULRUJXC3YBVKDKJAERWLY6BKJ7U3246G/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?d043fabc\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41089\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41103\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41190\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:containerd-ctr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-fish-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-kubic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-kubic-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-kubic-fish-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-kubic-kubeadm-criconfig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-kubic-zsh-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-zsh-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'containerd-1.4.12-60.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-ctr-1.4.12-60.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-20.10.12_ce-159.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-bash-completion-20.10.12_ce-159.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-fish-completion-20.10.12_ce-159.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-kubic-20.10.12_ce-159.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-kubic-bash-completion-20.10.12_ce-159.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-kubic-fish-completion-20.10.12_ce-159.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-kubic-kubeadm-criconfig-20.10.12_ce-159.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-kubic-zsh-completion-20.10.12_ce-159.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-zsh-completion-20.10.12_ce-159.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd / containerd-ctr / docker / docker-bash-completion / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-16T14:43:52", "description": "The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2022:0334-1 advisory.\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.\n (CVE-2021-41091)\n\n - Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.\n (CVE-2021-41092)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\n - The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone was used to determine the type of document during push and pull operations. Documents that contain both manifests and layers fields could be interpreted as either a manifest or an index in the absence of an accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a client may interpret the resulting content differently. The OCI Distribution Specification has been updated to require that a mediaType value present in a manifest or index match the Content-Type header used during the push and pull operations. Clients pulling from a registry may distrust the Content-Type header and reject an ambiguous document that contains both manifests and layers fields or manifests and config fields if they are unable to update to version 1.0.1 of the spec. (CVE-2021-41190)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-05T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : containerd, docker (SUSE-SU-2022:0334-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41089", "CVE-2021-41091", "CVE-2021-41092", "CVE-2021-41103", "CVE-2021-41190"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:containerd", "p-cpe:/a:novell:suse_linux:docker", "p-cpe:/a:novell:suse_linux:docker-bash-completion", "p-cpe:/a:novell:suse_linux:docker-fish-completion", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-0334-1.NASL", "href": "https://www.tenable.com/plugins/nessus/157388", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0334-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157388);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-41089\",\n \"CVE-2021-41091\",\n \"CVE-2021-41092\",\n \"CVE-2021-41103\",\n \"CVE-2021-41190\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0334-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : containerd, docker (SUSE-SU-2022:0334-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2022:0334-1 advisory.\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container\n can result in Unix file permission changes for existing files in the host's filesystem, widening access to\n others. This bug does not directly allow files to be read, modified, or executed without an additional\n cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this\n version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with\n insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory\n contents and execute programs. When containers included executable programs with extended permission bits\n (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed\n in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running\n containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade\n limit access to the host to trusted users. Limit access to host volumes to trusted containers.\n (CVE-2021-41091)\n\n - Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker\n CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file\n (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed\n would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended\n private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as\n soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries\n in the configuration file reference an installed credential helper that is executable and on the PATH.\n (CVE-2021-41092)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\n - The OCI Distribution Spec project defines an API protocol to facilitate and standardize the distribution\n of content. In the OCI Distribution Specification version 1.0.0 and prior, the Content-Type header alone\n was used to determine the type of document during push and pull operations. Documents that contain both\n manifests and layers fields could be interpreted as either a manifest or an index in the absence of an\n accompanying Content-Type header. If a Content-Type header changed between two pulls of the same digest, a\n client may interpret the resulting content differently. The OCI Distribution Specification has been\n updated to require that a mediaType value present in a manifest or index match the Content-Type header\n used during the push and pull operations. Clients pulling from a registry may distrust the Content-Type\n header and reject an ambiguous document that contains both manifests and layers fields or manifests\n and config fields if they are unable to update to version 1.0.1 of the spec. (CVE-2021-41190)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191334\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1193273\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41089\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41103\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41190\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-February/010185.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5451e638\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected containerd, docker, docker-bash-completion and / or docker-fish-completion packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:docker-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:docker-fish-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'containerd-1.4.12-60.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-15.3']},\n {'reference':'docker-20.10.12_ce-159.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-15.3']},\n {'reference':'docker-bash-completion-20.10.12_ce-159.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-15.3']},\n {'reference':'docker-fish-completion-20.10.12_ce-159.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd / docker / docker-bash-completion / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:41:58", "description": "According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-02-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : openssh (EulerOS-SA-2022-1231)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssh", "p-cpe:/a:huawei:euleros:openssh-clients", "p-cpe:/a:huawei:euleros:openssh-server", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1231.NASL", "href": "https://www.tenable.com/plugins/nessus/158410", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158410);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"EulerOS 2.0 SP10 : openssh (EulerOS-SA-2022-1231)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1231\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?40fc7e7a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssh packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"openssh-8.2p1-9.h26.eulerosv2r10\",\n \"openssh-clients-8.2p1-9.h26.eulerosv2r10\",\n \"openssh-server-8.2p1-9.h26.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:36:23", "description": "The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-9575 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-08T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : openssh (ELSA-2021-9575)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-02-09T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:openssh", "p-cpe:/a:oracle:linux:openssh-askpass", "p-cpe:/a:oracle:linux:openssh-cavs", "p-cpe:/a:oracle:linux:openssh-clients", "p-cpe:/a:oracle:linux:openssh-keycat", "p-cpe:/a:oracle:linux:openssh-ldap", "p-cpe:/a:oracle:linux:openssh-server", "p-cpe:/a:oracle:linux:openssh-server-sysvinit", "p-cpe:/a:oracle:linux:pam_ssh_agent_auth"], "id": "ORACLELINUX_ELSA-2021-9575.NASL", "href": "https://www.tenable.com/plugins/nessus/155926", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-9575.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155926);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"Oracle Linux 7 : openssh (ELSA-2021-9575)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2021-9575 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-9575.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-cavs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-keycat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-server-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pam_ssh_agent_auth\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'openssh-7.4p1-22.0.1.el7_9_fips', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_9_fips', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10'},\n {'reference':'openssh-askpass-7.4p1-22.0.1.el7_9_fips', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_9_fips', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10'},\n {'reference':'openssh-cavs-7.4p1-22.0.1.el7_9_fips', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_9_fips', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10'},\n {'reference':'openssh-clients-7.4p1-22.0.1.el7_9_fips', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_9_fips', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10'},\n {'reference':'openssh-keycat-7.4p1-22.0.1.el7_9_fips', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_9_fips', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10'},\n {'reference':'openssh-ldap-7.4p1-22.0.1.el7_9_fips', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_9_fips', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10'},\n {'reference':'openssh-server-7.4p1-22.0.1.el7_9_fips', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_9_fips', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10'},\n {'reference':'openssh-server-sysvinit-7.4p1-22.0.1.el7_9_fips', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_9_fips', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10'},\n {'reference':'pam_ssh_agent_auth-0.10.3-2.22.0.1.el7_9_fips', 'cpu':'i686', 'release':'7', 'el_string':'el7_9_fips', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10'},\n {'reference':'pam_ssh_agent_auth-0.10.3-2.22.0.1.el7_9_fips', 'cpu':'x86_64', 'release':'7', 'el_string':'el7_9_fips', 'rpm_spec_vers_cmp':TRUE, 'epoch':'10'}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssh / openssh-askpass / openssh-cavs / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-15T18:48:09", "description": "The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3950-1 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-07T00:00:00", "type": "nessus", "title": "SUSE SLED15 / SLES15 Security Update : openssh (SUSE-SU-2021:3950-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssh-common", "p-cpe:/a:novell:suse_linux:openssh-fips", "p-cpe:/a:novell:suse_linux:openssh-helpers", "p-cpe:/a:novell:suse_linux:openssh-server", "cpe:/o:novell:suse_linux:15", "p-cpe:/a:novell:suse_linux:openssh", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome", "p-cpe:/a:novell:suse_linux:openssh-clients"], "id": "SUSE_SU-2021-3950-1.NASL", "href": "https://www.tenable.com/plugins/nessus/155896", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3950-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155896);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3950-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"SUSE SLED15 / SLES15 Security Update : openssh (SUSE-SU-2021:3950-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLED15 / SLES15 host has packages installed that are affected by a vulnerability as referenced in\nthe SUSE-SU-2021:3950-1 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41617\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-December/009857.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?282e2402\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLED15|SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLED15 / SLES15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLED15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLED15 SP3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'openssh-8.4p1-3.6.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'openssh-8.4p1-3.6.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'openssh-clients-8.4p1-3.6.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'openssh-clients-8.4p1-3.6.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'openssh-common-8.4p1-3.6.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'openssh-common-8.4p1-3.6.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'openssh-fips-8.4p1-3.6.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'openssh-fips-8.4p1-3.6.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-module-basesystem-release-15.3', 'sle-module-server-applications-release-15.3']},\n {'reference':'openssh-helpers-8.4p1-3.6.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'openssh-helpers-8.4p1-3.6.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'openssh-server-8.4p1-3.6.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'openssh-server-8.4p1-3.6.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-module-basesystem-release-15.3']},\n {'reference':'openssh-askpass-gnome-8.4p1-3.6.1', 'sp':'3', 'release':'SLED15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.3']},\n {'reference':'openssh-askpass-gnome-8.4p1-3.6.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sle-module-desktop-applications-release-15.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssh / openssh-askpass-gnome / openssh-clients / openssh-common / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:42:07", "description": "The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3951-1 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-07T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : openssh (SUSE-SU-2021:3951-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssh", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome", "p-cpe:/a:novell:suse_linux:openssh-fips", "p-cpe:/a:novell:suse_linux:openssh-helpers", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-3951-1.NASL", "href": "https://www.tenable.com/plugins/nessus/155901", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3951-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155901);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3951-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"SUSE SLES12 Security Update : openssh (SUSE-SU-2021:3951-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced\nin the SUSE-SU-2021:3951-1 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41617\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-December/009848.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?975ec421\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssh, openssh-askpass-gnome, openssh-fips and / or openssh-helpers packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES_SAP12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP2/3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP12\" && (! preg(pattern:\"^(3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP12 SP3\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'openssh-7.2p2-74.60.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'openssh-askpass-gnome-7.2p2-74.60.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'openssh-fips-7.2p2-74.60.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'openssh-helpers-7.2p2-74.60.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLES_SAP-release-12.3']},\n {'reference':'openssh-7.2p2-74.60.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'openssh-askpass-gnome-7.2p2-74.60.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'openssh-fips-7.2p2-74.60.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'openssh-helpers-7.2p2-74.60.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-release-12.2']},\n {'reference':'openssh-7.2p2-74.60.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'openssh-7.2p2-74.60.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'openssh-askpass-gnome-7.2p2-74.60.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'openssh-askpass-gnome-7.2p2-74.60.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'openssh-fips-7.2p2-74.60.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'openssh-fips-7.2p2-74.60.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'openssh-helpers-7.2p2-74.60.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-release-12.3']},\n {'reference':'openssh-helpers-7.2p2-74.60.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-release-12.3']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssh / openssh-askpass-gnome / openssh-fips / openssh-helpers');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:39:39", "description": "The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2021:14847-1 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-02T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : openssh (SUSE-SU-2021:14847-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssh", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome", "p-cpe:/a:novell:suse_linux:openssh-fips", "p-cpe:/a:novell:suse_linux:openssh-helpers", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2021-14847-1.NASL", "href": "https://www.tenable.com/plugins/nessus/155819", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:14847-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155819);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:14847-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"SUSE SLES11 Security Update : openssh (SUSE-SU-2021:14847-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE-\nSU-2021:14847-1 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41617\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-December/009807.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?c570f2c1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssh, openssh-askpass-gnome, openssh-fips and / or openssh-helpers packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/02\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(4)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES11 SP4\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'openssh-6.6p1-36.26.1', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-release-11.4']},\n {'reference':'openssh-askpass-gnome-6.6p1-36.26.1', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-release-11.4']},\n {'reference':'openssh-fips-6.6p1-36.26.1', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-release-11.4']},\n {'reference':'openssh-helpers-6.6p1-36.26.1', 'sp':'4', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-release-11.4']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssh / openssh-askpass-gnome / openssh-fips / openssh-helpers');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:45:58", "description": "The remote NewStart CGSL host, running version MAIN 4.05, has openssh-latest packages installed that are affected by a vulnerability:\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 4.05 : openssh-latest Vulnerability (NS-SA-2022-0001)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_main:openssh-latest", "p-cpe:/a:zte:cgsl_main:openssh-latest-askpass", "p-cpe:/a:zte:cgsl_main:openssh-latest-clients", "p-cpe:/a:zte:cgsl_main:openssh-latest-debuginfo", "p-cpe:/a:zte:cgsl_main:openssh-latest-keycat", "p-cpe:/a:zte:cgsl_main:openssh-latest-server", "cpe:/o:zte:cgsl_main:4"], "id": "NEWSTART_CGSL_NS-SA-2022-0001_OPENSSH-LATEST.NASL", "href": "https://www.tenable.com/plugins/nessus/160810", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0001. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160810);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"NewStart CGSL MAIN 4.05 : openssh-latest Vulnerability (NS-SA-2022-0001)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 4.05, has openssh-latest packages installed that are affected by a\nvulnerability:\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0001\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-41617\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL openssh-latest packages. Note that updated packages may not be available yet. Please contact\nZTE for more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:openssh-latest\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:openssh-latest-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:openssh-latest-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:openssh-latest-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:openssh-latest-keycat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:openssh-latest-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:4\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 4.05\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 4.05');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL MAIN 4.05': [\n 'openssh-latest-8.5p1-2.el6.cgslv4_6.0.7.g0b22f39',\n 'openssh-latest-askpass-8.5p1-2.el6.cgslv4_6.0.7.g0b22f39',\n 'openssh-latest-clients-8.5p1-2.el6.cgslv4_6.0.7.g0b22f39',\n 'openssh-latest-debuginfo-8.5p1-2.el6.cgslv4_6.0.7.g0b22f39',\n 'openssh-latest-keycat-8.5p1-2.el6.cgslv4_6.0.7.g0b22f39',\n 'openssh-latest-server-8.5p1-2.el6.cgslv4_6.0.7.g0b22f39'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssh-latest');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:34:53", "description": "sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-15T00:00:00", "type": "nessus", "title": "OpenSSH 6.2 < 8.8", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-02-09T00:00:00", "cpe": ["cpe:/a:openbsd:openssh"], "id": "OPENSSH_88.NASL", "href": "https://www.tenable.com/plugins/nessus/154174", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154174);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"OpenSSH 6.2 < 8.8\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The SSH server running on the remote host is affected by a privilege escalation vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege\nescalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and\nAuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the\nconfiguration specifies running the command as a different user.\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported\nversion number.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openwall.com/lists/oss-security/2021/09/26/1\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssh.com/txt/release-8.8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to OpenSSH version 8.8 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/15\");\n\n script_set_attribute(attribute:\"potential_vulnerability\", value:\"true\");\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:openbsd:openssh\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Misc.\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_detect.nasl\");\n script_require_keys(\"Settings/ParanoidReport\");\n script_require_ports(\"Services/ssh\");\n\n exit(0);\n}\n\ninclude('backport.inc');\n\n# Ensure the port is open.\nvar port = get_service(svc:'ssh', exit_on_fail:TRUE);\n\n# Get banner for service.\nvar banner = get_kb_item_or_exit('SSH/banner/' + port);\n\nvar bp_banner = tolower(get_backport_banner(banner:banner));\nif ('openssh' >!< bp_banner) audit(AUDIT_NOT_LISTEN, 'OpenSSH', port);\nif (report_paranoia < 2) audit(AUDIT_PARANOID);\nif (backported) audit(code:0, AUDIT_BACKPORT_SERVICE, port, 'OpenSSH');\n\n# Check the version in the backported banner.\nvar match = pregmatch(string:bp_banner, pattern:\"openssh[-_]([0-9][-._0-9a-z]+)\");\nif (isnull(match)) audit(AUDIT_SERVICE_VER_FAIL, 'OpenSSH', port);\nvar version = match[1];\n\nvar minver = '6.2';\nvar fix = '8.8';\nif (ver_compare(ver:version, minver:minver, fix:fix) >=0)\n audit(AUDIT_LISTEN_NOT_VULN, 'OpenSSH', port, version);\n\nvar items = make_array('Version source', banner,\n 'Installed version', version,\n 'Fixed version', fix);\nvar order = make_list('Version source', 'Installed version', 'Fixed version');\nvar report = report_items_str(report_items:items, ordered_fields:order);\n\nsecurity_report_v4(port:port, extra:report, severity:SECURITY_WARNING);\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:34:51", "description": "An update of the docker package has been released.\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the hosts filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-11T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Docker PHSA-2021-2.0-0402", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41089"], "modified": "2021-10-12T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:docker", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2021-2_0-0402_DOCKER.NASL", "href": "https://www.tenable.com/plugins/nessus/153979", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-2.0-0402. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153979);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\"CVE-2021-41089\");\n\n script_name(english:\"Photon OS 2.0: Docker PHSA-2021-2.0-0402\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the docker package has been released.\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container\n can result in Unix file permission changes for existing files in the hosts filesystem, widening access\n to others. This bug does not directly allow files to be read, modified, or executed without an additional\n cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this\n version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-402.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41089\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 2.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nvar flag = 0;\n\nif (rpm_exists(rpm:'docker-18.09', release:'PhotonOS-2.0') && rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'docker-18.09.9-6.ph2')) flag++;\nif (rpm_exists(rpm:'docker-19.03', release:'PhotonOS-2.0') && rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'docker-19.03.15-2.ph2')) flag++;\nif (rpm_exists(rpm:'docker-cli-18.09', release:'PhotonOS-2.0') && rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'docker-cli-18.09.9-6.ph2')) flag++;\nif (rpm_exists(rpm:'docker-cli-19.03', release:'PhotonOS-2.0') && rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'docker-cli-19.03.15-2.ph2')) flag++;\nif (rpm_exists(rpm:'docker-doc-18.09', release:'PhotonOS-2.0') && rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'docker-doc-18.09.9-6.ph2')) flag++;\nif (rpm_exists(rpm:'docker-doc-19.03', release:'PhotonOS-2.0') && rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'docker-doc-19.03.15-2.ph2')) flag++;\nif (rpm_exists(rpm:'docker-engine-18.09', release:'PhotonOS-2.0') && rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'docker-engine-18.09.9-6.ph2')) flag++;\nif (rpm_exists(rpm:'docker-engine-19.03', release:'PhotonOS-2.0') && rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'docker-engine-19.03.15-2.ph2')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'docker');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:58:55", "description": "An update of the docker package has been released.\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the hosts filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-08T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Docker PHSA-2021-3.0-0311", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41089"], "modified": "2021-10-12T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:docker", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2021-3_0-0311_DOCKER.NASL", "href": "https://www.tenable.com/plugins/nessus/153946", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-3.0-0311. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153946);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\"CVE-2021-41089\");\n\n script_name(english:\"Photon OS 3.0: Docker PHSA-2021-3.0-0311\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the docker package has been released.\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container\n can result in Unix file permission changes for existing files in the hosts filesystem, widening access\n to others. This bug does not directly allow files to be read, modified, or executed without an additional\n cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this\n version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-311.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41089\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/08\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nvar flag = 0;\n\nif (rpm_exists(rpm:'docker-18.09', release:'PhotonOS-3.0') && rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'docker-18.09.9-12.ph3')) flag++;\nif (rpm_exists(rpm:'docker-19.03', release:'PhotonOS-3.0') && rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'docker-19.03.15-8.ph3')) flag++;\nif (rpm_exists(rpm:'docker-cli-18.09', release:'PhotonOS-3.0') && rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'docker-cli-18.09.9-12.ph3')) flag++;\nif (rpm_exists(rpm:'docker-cli-19.03', release:'PhotonOS-3.0') && rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'docker-cli-19.03.15-8.ph3')) flag++;\nif (rpm_exists(rpm:'docker-doc-18.09', release:'PhotonOS-3.0') && rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'docker-doc-18.09.9-12.ph3')) flag++;\nif (rpm_exists(rpm:'docker-doc-19.03', release:'PhotonOS-3.0') && rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'docker-doc-19.03.15-8.ph3')) flag++;\nif (rpm_exists(rpm:'docker-engine-18.09', release:'PhotonOS-3.0') && rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'docker-engine-18.09.9-12.ph3')) flag++;\nif (rpm_exists(rpm:'docker-engine-19.03', release:'PhotonOS-3.0') && rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'docker-engine-19.03.15-8.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'docker');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:41:13", "description": "According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-02-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-1239)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41103"], "modified": "2022-02-25T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:docker-engine", "p-cpe:/a:huawei:euleros:docker-engine-selinux", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1239.NASL", "href": "https://www.tenable.com/plugins/nessus/158427", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158427);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/25\");\n\n script_cve_id(\"CVE-2021-41103\");\n\n script_name(english:\"EulerOS 2.0 SP10 : docker-engine (EulerOS-SA-2022-1239)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is\naffected by the following vulnerabilities :\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1239\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?471a1581\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected docker-engine packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:docker-engine\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:docker-engine-selinux\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"docker-engine-18.09.0.200-200.h34.23.12.eulerosv2r10\",\n \"docker-engine-selinux-18.09.0.200-200.h34.23.12.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"docker-engine\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-08-15T16:13:06", "description": "The version of containerd installed on the remote host is prior to 1.4.6-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2NITRO-ENCLAVES-2022-016 advisory.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-11T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : containerd (ALASNITRO-ENCLAVES-2022-016)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41103"], "modified": "2023-08-14T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:containerd", "p-cpe:/a:amazon:linux:containerd-debuginfo", "p-cpe:/a:amazon:linux:containerd-stress", "cpe:/o:amazon:linux:2"], "id": "AL2_ALASNITRO-ENCLAVES-2022-016.NASL", "href": "https://www.tenable.com/plugins/nessus/160975", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALASNITRO-ENCLAVES-2022-016.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160975);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/08/14\");\n\n script_cve_id(\"CVE-2021-41103\");\n\n script_name(english:\"Amazon Linux 2 : containerd (ALASNITRO-ENCLAVES-2022-016)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of containerd installed on the remote host is prior to 1.4.6-3. It is, therefore, affected by a\nvulnerability as referenced in the ALAS2NITRO-ENCLAVES-2022-016 advisory.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALASNITRO-ENCLAVES-2022-016.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-41103.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update containerd' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:containerd-stress\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar alas_release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d+|-\\d+)\", string:alas_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nos_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'containerd-1.4.6-3.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-1.4.6-3.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.6-3.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-debuginfo-1.4.6-3.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.6-3.amzn2', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-stress-1.4.6-3.amzn2', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"containerd / containerd-debuginfo / containerd-stress\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:46:30", "description": "The version of moby-containerd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2021-41103 advisory.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2023-03-20T00:00:00", "type": "nessus", "title": "CBL Mariner 2.0 Security Update: moby-containerd (CVE-2021-41103)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41103"], "modified": "2023-03-28T00:00:00", "cpe": ["p-cpe:/a:microsoft:cbl-mariner:moby-containerd", "x-cpe:/o:microsoft:cbl-mariner"], "id": "MARINER_MOBY-CONTAINERD_CVE-2021-41103.NASL", "href": "https://www.tenable.com/plugins/nessus/172774", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(172774);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/03/28\");\n\n script_cve_id(\"CVE-2021-41103\");\n\n script_name(english:\"CBL Mariner 2.0 Security Update: moby-containerd (CVE-2021-41103)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CBL Mariner host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of moby-containerd installed on the remote CBL Mariner 2.0 host is prior to tested version. It is,\ntherefore, affected by a vulnerability as referenced in the CVE-2021-41103 advisory.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://nvd.nist.gov/vuln/detail/CVE-2021-41103\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/03/20\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:microsoft:cbl-mariner:moby-containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"x-cpe:/o:microsoft:cbl-mariner\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"MarinerOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CBLMariner/release\", \"Host/CBLMariner/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CBLMariner/release');\nif (isnull(release) || 'CBL-Mariner' >!< release) audit(AUDIT_OS_NOT, 'CBL-Mariner');\nvar os_ver = pregmatch(pattern: \"CBL-Mariner ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CBL-Mariner');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^2([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'CBL-Mariner 2.0', 'CBL-Mariner ' + os_ver);\n\nif (!get_kb_item('Host/CBLMariner/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu)\n audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CBL-Mariner', cpu);\n\nvar pkgs = [\n {'reference':'moby-containerd-1.4.4+azure-4.cm2', 'cpu':'x86_64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'moby-containerd-1.4.4+azure-4.cm2', 'cpu':'aarch64', 'release':'2.0', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'CBLMariner-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'moby-containerd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:59:01", "description": "An update of the containerd package has been released.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-11T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Containerd PHSA-2021-2.0-0402", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41103"], "modified": "2021-10-19T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:containerd", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2021-2_0-0402_CONTAINERD.NASL", "href": "https://www.tenable.com/plugins/nessus/153980", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-2.0-0402. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153980);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/19\");\n\n script_cve_id(\"CVE-2021-41103\");\n\n script_name(english:\"Photon OS 2.0: Containerd PHSA-2021-2.0-0402\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the containerd package has been released.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-402.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 2.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nvar flag = 0;\n\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'containerd-1.4.4-3.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'containerd-doc-1.4.4-3.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'containerd-extras-1.4.4-3.ph2')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:59:01", "description": "An update of the containerd package has been released.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-10T00:00:00", "type": "nessus", "title": "Photon OS 4.0: Containerd PHSA-2021-4.0-0113", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41103"], "modified": "2021-10-19T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:containerd", "cpe:/o:vmware:photonos:4.0"], "id": "PHOTONOS_PHSA-2021-4_0-0113_CONTAINERD.NASL", "href": "https://www.tenable.com/plugins/nessus/153974", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-4.0-0113. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153974);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/19\");\n\n script_cve_id(\"CVE-2021-41103\");\n\n script_name(english:\"Photon OS 4.0: Containerd PHSA-2021-4.0-0113\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the containerd package has been released.\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-4.0-113.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:4.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 4\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 4.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nvar flag = 0;\n\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'containerd-1.4.4-6.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'containerd-doc-1.4.4-6.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'containerd-extras-1.4.4-6.ph4')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-19T15:15:15", "description": "An update of the openssh package has been released.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-10T00:00:00", "type": "nessus", "title": "Photon OS 1.0: Openssh PHSA-2021-1.0-0440", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:openssh", "cpe:/o:vmware:photonos:1.0"], "id": "PHOTONOS_PHSA-2021-1_0-0440_OPENSSH.NASL", "href": "https://www.tenable.com/plugins/nessus/153975", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-1.0-0440. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153975);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"Photon OS 1.0: Openssh PHSA-2021-1.0-0440\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the openssh package has been released.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-1.0-440.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:1.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 1\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 1.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nvar flag = 0;\n\nif (rpm_check(release:'PhotonOS-1.0', cpu:'x86_64', reference:'openssh-7.4p1-13.ph1')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssh');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:42:11", "description": "The version of openssh installed on the remote host is prior to 7.4p1-22.77. It is, therefore, affected by a vulnerability as referenced in the ALAS-2022-1565 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-19T00:00:00", "type": "nessus", "title": "Amazon Linux AMI : openssh (ALAS-2022-1565)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssh", "p-cpe:/a:amazon:linux:openssh-cavs", "p-cpe:/a:amazon:linux:openssh-clients", "p-cpe:/a:amazon:linux:openssh-debuginfo", "p-cpe:/a:amazon:linux:openssh-ldap", "p-cpe:/a:amazon:linux:openssh-keycat", "p-cpe:/a:amazon:linux:openssh-server", "p-cpe:/a:amazon:linux:pam_ssh_agent_auth", "cpe:/o:amazon:linux"], "id": "ALA_ALAS-2022-1565.NASL", "href": "https://www.tenable.com/plugins/nessus/158177", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux AMI Security Advisory ALAS-2022-1565.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158177);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n script_xref(name:\"ALAS\", value:\"2022-1565\");\n\n script_name(english:\"Amazon Linux AMI : openssh (ALAS-2022-1565)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux AMI host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of openssh installed on the remote host is prior to 7.4p1-22.77. It is, therefore, affected by a\nvulnerability as referenced in the ALAS-2022-1565 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/ALAS-2022-1565.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-41617.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update openssh' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/19\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssh-cavs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssh-keycat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssh-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:pam_ssh_agent_auth\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"A\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux AMI\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'openssh-7.4p1-22.77.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-7.4p1-22.77.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-cavs-7.4p1-22.77.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-cavs-7.4p1-22.77.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-clients-7.4p1-22.77.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-clients-7.4p1-22.77.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-debuginfo-7.4p1-22.77.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-debuginfo-7.4p1-22.77.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-keycat-7.4p1-22.77.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-keycat-7.4p1-22.77.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-ldap-7.4p1-22.77.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-ldap-7.4p1-22.77.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-server-7.4p1-22.77.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-server-7.4p1-22.77.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pam_ssh_agent_auth-0.10.3-2.22.77.amzn1', 'cpu':'i686', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pam_ssh_agent_auth-0.10.3-2.22.77.amzn1', 'cpu':'x86_64', 'release':'ALA', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-cavs / openssh-clients / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:44:00", "description": "According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-04-18T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.10.1 : openssh (EulerOS-SA-2022-1384)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssh", "p-cpe:/a:huawei:euleros:openssh-clients", "p-cpe:/a:huawei:euleros:openssh-server", "cpe:/o:huawei:euleros:uvp:2.10.1"], "id": "EULEROS_SA-2022-1384.NASL", "href": "https://www.tenable.com/plugins/nessus/159834", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159834);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"EulerOS Virtualization 2.10.1 : openssh (EulerOS-SA-2022-1384)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1384\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?5ca1c6c1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssh packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.10.1\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.10.1\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.10.1\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"openssh-8.2p1-9.h29.eulerosv2r10\",\n \"openssh-clients-8.2p1-9.h29.eulerosv2r10\",\n \"openssh-server-8.2p1-9.h29.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:42:07", "description": "According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-03-01T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP5 : openssh (EulerOS-SA-2022-1280)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssh-7.4p1", "p-cpe:/a:huawei:euleros:openssh-askpass-7.4p1", "p-cpe:/a:huawei:euleros:openssh-clients-7.4p1", "p-cpe:/a:huawei:euleros:openssh-keycat-7.4p1", "p-cpe:/a:huawei:euleros:openssh-server-7.4p1", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1280.NASL", "href": "https://www.tenable.com/plugins/nessus/158468", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158468);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"EulerOS 2.0 SP5 : openssh (EulerOS-SA-2022-1280)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1280\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?60bc4b8b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssh packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-7.4p1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-askpass-7.4p1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-clients-7.4p1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-keycat-7.4p1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-server-7.4p1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(5)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP5\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"openssh-7.4p1-16.h25.eulerosv2r7\",\n \"openssh-askpass-7.4p1-16.h25.eulerosv2r7\",\n \"openssh-clients-7.4p1-16.h25.eulerosv2r7\",\n \"openssh-keycat-7.4p1-16.h25.eulerosv2r7\",\n \"openssh-server-7.4p1-16.h25.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"5\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:40:04", "description": "According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2023-01-06T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.6 : openssh (EulerOS-SA-2023-1059)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-01-06T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssh-7.4p1", "p-cpe:/a:huawei:euleros:openssh-clients-7.4p1", "p-cpe:/a:huawei:euleros:openssh-keycat-7.4p1", "p-cpe:/a:huawei:euleros:openssh-server-7.4p1", "p-cpe:/a:huawei:euleros:pam_ssh_agent_auth", "cpe:/o:huawei:euleros:uvp:3.0.2.6"], "id": "EULEROS_SA-2023-1059.NASL", "href": "https://www.tenable.com/plugins/nessus/169667", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(169667);\n script_version(\"1.0\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/01/06\");\n\n script_cve_id(\"CVE-2021-41617\");\n\n script_name(english:\"EulerOS Virtualization 3.0.2.6 : openssh (EulerOS-SA-2023-1059)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2023-1059\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?b698a8ff\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssh packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2023/01/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2023/01/06\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-7.4p1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-clients-7.4p1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-keycat-7.4p1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-server-7.4p1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:pam_ssh_agent_auth\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.6\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar _release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(_release) || _release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu && \"x86\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"x86\" >!< cpu) audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"openssh-7.4p1-16.h25.eulerosv2r7\",\n \"openssh-clients-7.4p1-16.h25.eulerosv2r7\",\n \"openssh-keycat-7.4p1-16.h25.eulerosv2r7\",\n \"openssh-server-7.4p1-16.h25.eulerosv2r7\",\n \"pam_ssh_agent_auth-0.10.3-2.16.h25.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:40:20", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3887-1 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-04T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : openssh (SUSE-SU-2021:3887-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssh", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome", "p-cpe:/a:novell:suse_linux:openssh-fips", "p-cpe:/a:novell:suse_linux:openssh-helpers", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-3887-1.NASL", "href": "https://www.tenable.com/plugins/nessus/155855", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3887-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155855);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3887-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"SUSE SLES15 Security Update : openssh (SUSE-SU-2021:3887-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced\nin the SUSE-SU-2021:3887-1 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41617\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-December/009823.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8f96f3f8\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssh, openssh-askpass-gnome, openssh-fips and / or openssh-helpers packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/04\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(0)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP0\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'openssh-7.6p1-9.44.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'openssh-askpass-gnome-7.6p1-9.44.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'openssh-fips-7.6p1-9.44.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'openssh-helpers-7.6p1-9.44.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'openssh-7.6p1-9.44.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'openssh-7.6p1-9.44.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'openssh-7.6p1-9.44.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'openssh-7.6p1-9.44.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'openssh-askpass-gnome-7.6p1-9.44.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'openssh-askpass-gnome-7.6p1-9.44.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'openssh-askpass-gnome-7.6p1-9.44.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'openssh-askpass-gnome-7.6p1-9.44.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'openssh-fips-7.6p1-9.44.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'openssh-fips-7.6p1-9.44.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'openssh-fips-7.6p1-9.44.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'openssh-fips-7.6p1-9.44.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'openssh-helpers-7.6p1-9.44.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'openssh-helpers-7.6p1-9.44.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'openssh-helpers-7.6p1-9.44.1', 'sp':'0', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'openssh-helpers-7.6p1-9.44.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'openssh-7.6p1-9.44.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'openssh-askpass-gnome-7.6p1-9.44.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'openssh-fips-7.6p1-9.44.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'openssh-helpers-7.6p1-9.44.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-ltss-release-15']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssh / openssh-askpass-gnome / openssh-fips / openssh-helpers');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-26T14:41:44", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:2013 advisory.\n\n - openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configured (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-11T00:00:00", "type": "nessus", "title": "RHEL 8 : openssh (RHSA-2022:2013)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-05-25T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "cpe:/o:redhat:rhel_aus:8.6", "cpe:/o:redhat:rhel_e4s:8.6", "cpe:/o:redhat:rhel_eus:8.6", "cpe:/o:redhat:rhel_tus:8.6", "p-cpe:/a:redhat:enterprise_linux:openssh", "p-cpe:/a:redhat:enterprise_linux:openssh-askpass", "p-cpe:/a:redhat:enterprise_linux:openssh-cavs", "p-cpe:/a:redhat:enterprise_linux:openssh-clients", "p-cpe:/a:redhat:enterprise_linux:openssh-keycat", "p-cpe:/a:redhat:enterprise_linux:openssh-ldap", "p-cpe:/a:redhat:enterprise_linux:openssh-server", "p-cpe:/a:redhat:enterprise_linux:pam_ssh_agent_auth"], "id": "REDHAT-RHSA-2022-2013.NASL", "href": "https://www.tenable.com/plugins/nessus/161048", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2022:2013. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161048);\n script_version(\"1.8\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/25\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"RHSA\", value:\"2022:2013\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"RHEL 8 : openssh (RHSA-2022:2013)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2022:2013 advisory.\n\n - openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configured\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-41617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2022:2013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2008291\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(273);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_aus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_e4s:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_eus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:rhel_tus:8.6\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-cavs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-keycat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pam_ssh_agent_auth\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/aus/rhel8/8.6/x86_64/appstream/debug',\n 'content/aus/rhel8/8.6/x86_64/appstream/os',\n 'content/aus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/aus/rhel8/8.6/x86_64/baseos/debug',\n 'content/aus/rhel8/8.6/x86_64/baseos/os',\n 'content/aus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/debug',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/os',\n 'content/e4s/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/debug',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/os',\n 'content/e4s/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/os',\n 'content/e4s/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/ppc64le/sap/debug',\n 'content/e4s/rhel8/8.6/ppc64le/sap/os',\n 'content/e4s/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/appstream/debug',\n 'content/e4s/rhel8/8.6/x86_64/appstream/os',\n 'content/e4s/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/baseos/debug',\n 'content/e4s/rhel8/8.6/x86_64/baseos/os',\n 'content/e4s/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/debug',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/os',\n 'content/e4s/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/e4s/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/e4s/rhel8/8.6/x86_64/sap/debug',\n 'content/e4s/rhel8/8.6/x86_64/sap/os',\n 'content/e4s/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/appstream/debug',\n 'content/eus/rhel8/8.6/aarch64/appstream/os',\n 'content/eus/rhel8/8.6/aarch64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/baseos/debug',\n 'content/eus/rhel8/8.6/aarch64/baseos/os',\n 'content/eus/rhel8/8.6/aarch64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/os',\n 'content/eus/rhel8/8.6/aarch64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/highavailability/debug',\n 'content/eus/rhel8/8.6/aarch64/highavailability/os',\n 'content/eus/rhel8/8.6/aarch64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/aarch64/supplementary/debug',\n 'content/eus/rhel8/8.6/aarch64/supplementary/os',\n 'content/eus/rhel8/8.6/aarch64/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/appstream/debug',\n 'content/eus/rhel8/8.6/ppc64le/appstream/os',\n 'content/eus/rhel8/8.6/ppc64le/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/baseos/debug',\n 'content/eus/rhel8/8.6/ppc64le/baseos/os',\n 'content/eus/rhel8/8.6/ppc64le/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/debug',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/os',\n 'content/eus/rhel8/8.6/ppc64le/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/debug',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/os',\n 'content/eus/rhel8/8.6/ppc64le/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/debug',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/os',\n 'content/eus/rhel8/8.6/ppc64le/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/os',\n 'content/eus/rhel8/8.6/ppc64le/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/sap/debug',\n 'content/eus/rhel8/8.6/ppc64le/sap/os',\n 'content/eus/rhel8/8.6/ppc64le/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/debug',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/os',\n 'content/eus/rhel8/8.6/ppc64le/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/appstream/debug',\n 'content/eus/rhel8/8.6/s390x/appstream/os',\n 'content/eus/rhel8/8.6/s390x/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/baseos/debug',\n 'content/eus/rhel8/8.6/s390x/baseos/os',\n 'content/eus/rhel8/8.6/s390x/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/debug',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/os',\n 'content/eus/rhel8/8.6/s390x/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/highavailability/debug',\n 'content/eus/rhel8/8.6/s390x/highavailability/os',\n 'content/eus/rhel8/8.6/s390x/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/debug',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/os',\n 'content/eus/rhel8/8.6/s390x/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/sap/debug',\n 'content/eus/rhel8/8.6/s390x/sap/os',\n 'content/eus/rhel8/8.6/s390x/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/s390x/supplementary/debug',\n 'content/eus/rhel8/8.6/s390x/supplementary/os',\n 'content/eus/rhel8/8.6/s390x/supplementary/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/appstream/debug',\n 'content/eus/rhel8/8.6/x86_64/appstream/os',\n 'content/eus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/baseos/debug',\n 'content/eus/rhel8/8.6/x86_64/baseos/os',\n 'content/eus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/debug',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/os',\n 'content/eus/rhel8/8.6/x86_64/codeready-builder/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/eus/rhel8/8.6/x86_64/highavailability/os',\n 'content/eus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/debug',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/os',\n 'content/eus/rhel8/8.6/x86_64/resilientstorage/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/debug',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/os',\n 'content/eus/rhel8/8.6/x86_64/sap-solutions/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/sap/debug',\n 'content/eus/rhel8/8.6/x86_64/sap/os',\n 'content/eus/rhel8/8.6/x86_64/sap/source/SRPMS',\n 'content/eus/rhel8/8.6/x86_64/supplementary/debug',\n 'content/eus/rhel8/8.6/x86_64/supplementary/os',\n 'content/eus/rhel8/8.6/x86_64/supplementary/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/appstream/debug',\n 'content/tus/rhel8/8.6/x86_64/appstream/os',\n 'content/tus/rhel8/8.6/x86_64/appstream/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/baseos/debug',\n 'content/tus/rhel8/8.6/x86_64/baseos/os',\n 'content/tus/rhel8/8.6/x86_64/baseos/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/highavailability/debug',\n 'content/tus/rhel8/8.6/x86_64/highavailability/os',\n 'content/tus/rhel8/8.6/x86_64/highavailability/source/SRPMS',\n 'content/tus/rhel8/8.6/x86_64/rt/os',\n 'content/tus/rhel8/8.6/x86_64/rt/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'openssh-8.0p1-13.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-askpass-8.0p1-13.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-cavs-8.0p1-13.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-clients-8.0p1-13.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-keycat-8.0p1-13.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-ldap-8.0p1-13.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-server-8.0p1-13.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'pam_ssh_agent_auth-0.10.3-7.13.el8', 'sp':'6', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n },\n {\n 'repo_relative_urls': [\n 'content/dist/rhel8/8/aarch64/appstream/debug',\n 'content/dist/rhel8/8/aarch64/appstream/os',\n 'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/baseos/debug',\n 'content/dist/rhel8/8/aarch64/baseos/os',\n 'content/dist/rhel8/8/aarch64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/codeready-builder/debug',\n 'content/dist/rhel8/8/aarch64/codeready-builder/os',\n 'content/dist/rhel8/8/aarch64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/highavailability/debug',\n 'content/dist/rhel8/8/aarch64/highavailability/os',\n 'content/dist/rhel8/8/aarch64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/aarch64/supplementary/debug',\n 'content/dist/rhel8/8/aarch64/supplementary/os',\n 'content/dist/rhel8/8/aarch64/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/appstream/debug',\n 'content/dist/rhel8/8/ppc64le/appstream/os',\n 'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/baseos/debug',\n 'content/dist/rhel8/8/ppc64le/baseos/os',\n 'content/dist/rhel8/8/ppc64le/baseos/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/debug',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/os',\n 'content/dist/rhel8/8/ppc64le/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/highavailability/debug',\n 'content/dist/rhel8/8/ppc64le/highavailability/os',\n 'content/dist/rhel8/8/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/debug',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/os',\n 'content/dist/rhel8/8/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/debug',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/os',\n 'content/dist/rhel8/8/ppc64le/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/sap/debug',\n 'content/dist/rhel8/8/ppc64le/sap/os',\n 'content/dist/rhel8/8/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel8/8/ppc64le/supplementary/debug',\n 'content/dist/rhel8/8/ppc64le/supplementary/os',\n 'content/dist/rhel8/8/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/s390x/appstream/debug',\n 'content/dist/rhel8/8/s390x/appstream/os',\n 'content/dist/rhel8/8/s390x/appstream/source/SRPMS',\n 'content/dist/rhel8/8/s390x/baseos/debug',\n 'content/dist/rhel8/8/s390x/baseos/os',\n 'content/dist/rhel8/8/s390x/baseos/source/SRPMS',\n 'content/dist/rhel8/8/s390x/codeready-builder/debug',\n 'content/dist/rhel8/8/s390x/codeready-builder/os',\n 'content/dist/rhel8/8/s390x/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/s390x/highavailability/debug',\n 'content/dist/rhel8/8/s390x/highavailability/os',\n 'content/dist/rhel8/8/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/s390x/resilientstorage/debug',\n 'content/dist/rhel8/8/s390x/resilientstorage/os',\n 'content/dist/rhel8/8/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/s390x/sap/debug',\n 'content/dist/rhel8/8/s390x/sap/os',\n 'content/dist/rhel8/8/s390x/sap/source/SRPMS',\n 'content/dist/rhel8/8/s390x/supplementary/debug',\n 'content/dist/rhel8/8/s390x/supplementary/os',\n 'content/dist/rhel8/8/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/appstream/debug',\n 'content/dist/rhel8/8/x86_64/appstream/os',\n 'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/baseos/debug',\n 'content/dist/rhel8/8/x86_64/baseos/os',\n 'content/dist/rhel8/8/x86_64/baseos/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/codeready-builder/debug',\n 'content/dist/rhel8/8/x86_64/codeready-builder/os',\n 'content/dist/rhel8/8/x86_64/codeready-builder/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/highavailability/debug',\n 'content/dist/rhel8/8/x86_64/highavailability/os',\n 'content/dist/rhel8/8/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/nfv/debug',\n 'content/dist/rhel8/8/x86_64/nfv/os',\n 'content/dist/rhel8/8/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/resilientstorage/debug',\n 'content/dist/rhel8/8/x86_64/resilientstorage/os',\n 'content/dist/rhel8/8/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/rt/debug',\n 'content/dist/rhel8/8/x86_64/rt/os',\n 'content/dist/rhel8/8/x86_64/rt/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap-solutions/debug',\n 'content/dist/rhel8/8/x86_64/sap-solutions/os',\n 'content/dist/rhel8/8/x86_64/sap-solutions/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/sap/debug',\n 'content/dist/rhel8/8/x86_64/sap/os',\n 'content/dist/rhel8/8/x86_64/sap/source/SRPMS',\n 'content/dist/rhel8/8/x86_64/supplementary/debug',\n 'content/dist/rhel8/8/x86_64/supplementary/os',\n 'content/dist/rhel8/8/x86_64/supplementary/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'openssh-8.0p1-13.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-askpass-8.0p1-13.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-cavs-8.0p1-13.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-clients-8.0p1-13.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-keycat-8.0p1-13.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-ldap-8.0p1-13.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-server-8.0p1-13.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'pam_ssh_agent_auth-0.10.3-7.13.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp']) && !enterprise_linux_flag) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssh / openssh-askpass / openssh-cavs / openssh-clients / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-07T16:35:07", "description": "The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:2013 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-18T00:00:00", "type": "nessus", "title": "Rocky Linux 8 : openssh (RLSA-2022:2013)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-11-06T00:00:00", "cpe": ["cpe:/o:rocky:linux:8", "p-cpe:/a:rocky:linux:openssh", "p-cpe:/a:rocky:linux:openssh-askpass", "p-cpe:/a:rocky:linux:openssh-askpass-debuginfo", "p-cpe:/a:rocky:linux:openssh-cavs", "p-cpe:/a:rocky:linux:openssh-cavs-debuginfo", "p-cpe:/a:rocky:linux:openssh-clients", "p-cpe:/a:rocky:linux:openssh-clients-debuginfo", "p-cpe:/a:rocky:linux:openssh-debuginfo", "p-cpe:/a:rocky:linux:openssh-debugsource", "p-cpe:/a:rocky:linux:openssh-keycat", "p-cpe:/a:rocky:linux:openssh-keycat-debuginfo", "p-cpe:/a:rocky:linux:openssh-ldap", "p-cpe:/a:rocky:linux:openssh-ldap-debuginfo", "p-cpe:/a:rocky:linux:openssh-server", "p-cpe:/a:rocky:linux:openssh-server-debuginfo", "p-cpe:/a:rocky:linux:pam_ssh_agent_auth", "p-cpe:/a:rocky:linux:pam_ssh_agent_auth-debuginfo"], "id": "ROCKY_LINUX_RLSA-2022-2013.NASL", "href": "https://www.tenable.com/plugins/nessus/161342", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# Rocky Linux Security Advisory RLSA-2022:2013.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161342);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/06\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"RLSA\", value:\"2022:2013\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"Rocky Linux 8 : openssh (RLSA-2022:2013)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Rocky Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nRLSA-2022:2013 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.rockylinux.org/RLSA-2022:2013\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2008291\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/show_bug.cgi?id=2015828\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:openssh-askpass-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:openssh-cavs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:openssh-cavs-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:openssh-clients-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:openssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:openssh-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:openssh-keycat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:openssh-keycat-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:openssh-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:openssh-ldap-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:openssh-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:pam_ssh_agent_auth\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:rocky:linux:pam_ssh_agent_auth-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:rocky:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Rocky Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RockyLinux/release\", \"Host/RockyLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RockyLinux/release');\nif (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');\nvar os_ver = pregmatch(pattern: \"Rocky(?: Linux)? release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);\n\nif (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);\n\nvar pkgs = [\n {'reference':'openssh-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-askpass-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-askpass-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-askpass-debuginfo-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-askpass-debuginfo-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-cavs-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-cavs-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-cavs-debuginfo-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-cavs-debuginfo-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-clients-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-clients-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-clients-debuginfo-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-clients-debuginfo-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-debuginfo-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-debuginfo-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-debugsource-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-debugsource-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-keycat-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-keycat-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-keycat-debuginfo-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-keycat-debuginfo-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-ldap-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-ldap-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-ldap-debuginfo-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-ldap-debuginfo-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-server-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-server-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-server-debuginfo-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-server-debuginfo-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'pam_ssh_agent_auth-0.10.3-7.13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pam_ssh_agent_auth-0.10.3-7.13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pam_ssh_agent_auth-debuginfo-0.10.3-7.13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pam_ssh_agent_auth-debuginfo-0.10.3-7.13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssh / openssh-askpass / openssh-askpass-debuginfo / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-10-18T15:04:12", "description": "The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 21.04 host has a package installed that is affected by a vulnerability as referenced in the USN-5103-1 advisory.\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-05T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : docker.io vulnerability (USN-5103-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41089"], "modified": "2023-10-16T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:esm", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:20.04:-:lts", "p-cpe:/a:canonical:ubuntu_linux:docker.io"], "id": "UBUNTU_USN-5103-1.NASL", "href": "https://www.tenable.com/plugins/nessus/153866", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5103-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153866);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/16\");\n\n script_cve_id(\"CVE-2021-41089\");\n script_xref(name:\"USN\", value:\"5103-1\");\n\n script_name(english:\"Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS : docker.io vulnerability (USN-5103-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 21.04 host has a package installed that is affected by a\nvulnerability as referenced in the USN-5103-1 advisory.\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container\n can result in Unix file permission changes for existing files in the host's filesystem, widening access to\n others. This bug does not directly allow files to be read, modified, or executed without an additional\n cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this\n version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5103-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected docker.io package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41089\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/05\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:20.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:docker.io\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2021-2023 Canonical, Inc. / NASL script (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release || '18.04' >< os_release || '20.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04 / 18.04 / 20.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'docker.io', 'pkgver': '18.09.7-0ubuntu1~16.04.9+esm1'},\n {'osver': '18.04', 'pkgname': 'docker.io', 'pkgver': '20.10.7-0ubuntu1~18.04.2'},\n {'osver': '20.04', 'pkgname': 'docker.io', 'pkgver': '20.10.7-0ubuntu1~20.04.2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'docker.io');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:43:57", "description": "According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-04-18T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 2.10.0 : openssh (EulerOS-SA-2022-1410)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssh-server", "cpe:/o:huawei:euleros:uvp:2.10.0", "p-cpe:/a:huawei:euleros:openssh", "p-cpe:/a:huawei:euleros:openssh-clients"], "id": "EULEROS_SA-2022-1410.NASL", "href": "https://www.tenable.com/plugins/nessus/159860", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(159860);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"EulerOS Virtualization 2.10.0 : openssh (EulerOS-SA-2022-1410)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1410\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?087e35fb\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssh packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/04/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/04/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:2.10.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"2.10.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 2.10.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"openssh-8.2p1-9.h29.eulerosv2r10\",\n \"openssh-clients-8.2p1-9.h29.eulerosv2r10\",\n \"openssh-server-8.2p1-9.h29.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:35:49", "description": "The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2021-4782 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-24T00:00:00", "type": "nessus", "title": "Oracle Linux 7 : openssh (ELSA-2021-4782)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-02-09T00:00:00", "cpe": ["cpe:/o:oracle:linux:7", "p-cpe:/a:oracle:linux:openssh", "p-cpe:/a:oracle:linux:openssh-askpass", "p-cpe:/a:oracle:linux:openssh-cavs", "p-cpe:/a:oracle:linux:openssh-clients", "p-cpe:/a:oracle:linux:openssh-keycat", "p-cpe:/a:oracle:linux:openssh-ldap", "p-cpe:/a:oracle:linux:openssh-server", "p-cpe:/a:oracle:linux:openssh-server-sysvinit", "p-cpe:/a:oracle:linux:pam_ssh_agent_auth"], "id": "ORACLELINUX_ELSA-2021-4782.NASL", "href": "https://www.tenable.com/plugins/nessus/155695", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-4782.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155695);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"Oracle Linux 7 : openssh (ELSA-2021-4782)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2021-4782 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-4782.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-cavs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-keycat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-server-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pam_ssh_agent_auth\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^7([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 7', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'openssh-7.4p1-22.0.1.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-7.4p1-22.0.1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-askpass-7.4p1-22.0.1.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-askpass-7.4p1-22.0.1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-cavs-7.4p1-22.0.1.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-cavs-7.4p1-22.0.1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-clients-7.4p1-22.0.1.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-clients-7.4p1-22.0.1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-keycat-7.4p1-22.0.1.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-keycat-7.4p1-22.0.1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-ldap-7.4p1-22.0.1.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-ldap-7.4p1-22.0.1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-server-7.4p1-22.0.1.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-server-7.4p1-22.0.1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-server-sysvinit-7.4p1-22.0.1.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-server-sysvinit-7.4p1-22.0.1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pam_ssh_agent_auth-0.10.3-2.22.0.1.el7_9', 'cpu':'aarch64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pam_ssh_agent_auth-0.10.3-2.22.0.1.el7_9', 'cpu':'i686', 'release':'7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pam_ssh_agent_auth-0.10.3-2.22.0.1.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssh / openssh-askpass / openssh-cavs / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:44:47", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has openssh packages installed that are affected by a vulnerability:\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : openssh Vulnerability (NS-SA-2022-0070)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_main:openssh", "p-cpe:/a:zte:cgsl_main:openssh-askpass", "p-cpe:/a:zte:cgsl_main:openssh-clients", "p-cpe:/a:zte:cgsl_main:openssh-server", "cpe:/o:zte:cgsl_main:6"], "id": "NEWSTART_CGSL_NS-SA-2022-0070_OPENSSH.NASL", "href": "https://www.tenable.com/plugins/nessus/160731", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0070. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160731);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : openssh Vulnerability (NS-SA-2022-0070)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by a vulnerability.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has openssh packages installed that are affected by a\nvulnerability:\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0070\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-41617\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL openssh packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:6\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL MAIN 6.02': [\n 'openssh-8.5p1-2.el8.cgslv6_2.9.gedf8db5',\n 'openssh-askpass-8.5p1-2.el8.cgslv6_2.9.gedf8db5',\n 'openssh-clients-8.5p1-2.el8.cgslv6_2.9.gedf8db5',\n 'openssh-server-8.5p1-2.el8.cgslv6_2.9.gedf8db5'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssh');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:41:40", "description": "According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-02-11T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.0 : openssh (EulerOS-SA-2022-1049)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssh", "p-cpe:/a:huawei:euleros:openssh-askpass", "p-cpe:/a:huawei:euleros:openssh-cavs", "p-cpe:/a:huawei:euleros:openssh-clients", "p-cpe:/a:huawei:euleros:openssh-keycat", "p-cpe:/a:huawei:euleros:openssh-ldap", "p-cpe:/a:huawei:euleros:openssh-server", "cpe:/o:huawei:euleros:uvp:3.0.6.0"], "id": "EULEROS_SA-2022-1049.NASL", "href": "https://www.tenable.com/plugins/nessus/157916", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157916);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"EulerOS Virtualization 3.0.6.0 : openssh (EulerOS-SA-2022-1049)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1049\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0b4dfe39\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssh packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/11\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-cavs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-keycat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"openssh-7.8p1-3.h52.eulerosv2r8\",\n \"openssh-askpass-7.8p1-3.h52.eulerosv2r8\",\n \"openssh-cavs-7.8p1-3.h52.eulerosv2r8\",\n \"openssh-clients-7.8p1-3.h52.eulerosv2r8\",\n \"openssh-keycat-7.8p1-3.h52.eulerosv2r8\",\n \"openssh-ldap-7.8p1-3.h52.eulerosv2r8\",\n \"openssh-server-7.8p1-3.h52.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:42:02", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3947-1 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-07T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : openssh (SUSE-SU-2021:3947-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssh", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome", "p-cpe:/a:novell:suse_linux:openssh-fips", "p-cpe:/a:novell:suse_linux:openssh-helpers", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-3947-1.NASL", "href": "https://www.tenable.com/plugins/nessus/155897", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3947-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155897);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3947-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"SUSE SLES15 Security Update : openssh (SUSE-SU-2021:3947-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced\nin the SUSE-SU-2021:3947-1 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41617\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-December/009854.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?57d88d2a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssh, openssh-askpass-gnome, openssh-fips and / or openssh-helpers packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP1\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'openssh-7.9p1-6.28.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'openssh-askpass-gnome-7.9p1-6.28.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'openssh-fips-7.9p1-6.28.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'openssh-helpers-7.9p1-6.28.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'openssh-7.9p1-6.28.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'openssh-7.9p1-6.28.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'openssh-askpass-gnome-7.9p1-6.28.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'openssh-askpass-gnome-7.9p1-6.28.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'openssh-fips-7.9p1-6.28.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'openssh-fips-7.9p1-6.28.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'openssh-helpers-7.9p1-6.28.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'openssh-helpers-7.9p1-6.28.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'openssh-7.9p1-6.28.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'openssh-7.9p1-6.28.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'openssh-askpass-gnome-7.9p1-6.28.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'openssh-askpass-gnome-7.9p1-6.28.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'openssh-fips-7.9p1-6.28.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'openssh-fips-7.9p1-6.28.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'openssh-helpers-7.9p1-6.28.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'openssh-helpers-7.9p1-6.28.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'openssh-7.9p1-6.28.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'openssh-askpass-gnome-7.9p1-6.28.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'openssh-fips-7.9p1-6.28.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'openssh-helpers-7.9p1-6.28.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-ltss-release-15.1']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssh / openssh-askpass-gnome / openssh-fips / openssh-helpers');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:39:41", "description": "The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE- SU-2021:14870-1 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-25T00:00:00", "type": "nessus", "title": "SUSE SLES11 Security Update : openssh-openssl1 (SUSE-SU-2021:14870-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssh-openssl1", "p-cpe:/a:novell:suse_linux:openssh-openssl1-helpers", "cpe:/o:novell:suse_linux:11"], "id": "SUSE_SU-2021-14870-1.NASL", "href": "https://www.tenable.com/plugins/nessus/156290", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:14870-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156290);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:14870-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"SUSE SLES11 Security Update : openssh-openssl1 (SUSE-SU-2021:14870-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES11 host has packages installed that are affected by a vulnerability as referenced in the SUSE-\nSU-2021:14870-1 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41617\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-December/009937.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?587306da\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssh-openssl1 and / or openssh-openssl1-helpers packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-openssl1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-openssl1-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:11\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES11)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES11', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES11\" && (! preg(pattern:\"^(0)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES11 SP0\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'openssh-openssl1-6.6p1-19.12.1', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-release-11.3-0']},\n {'reference':'openssh-openssl1-helpers-6.6p1-19.12.1', 'sp':'0', 'release':'SLES11', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-release-11.3-0']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssh-openssl1 / openssh-openssl1-helpers');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:59:16", "description": "OpenBSD Project reports :\n\nsshd(8) from OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or AuthorizedPrincipalsCommandUser directive has been set to run the command as a different user. Instead these commands would inherit the groups that sshd(8) was started with.\n\nDepending on system configuration, inherited groups may allow AuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to gain unintended privilege.\n\nNeither AuthorizedKeysCommand nor AuthorizedPrincipalsCommand are enabled by default in sshd_config(5).", "cvss3": {}, "published": "2021-10-14T00:00:00", "type": "nessus", "title": "FreeBSD : OpenSSH -- OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand (2a1b931f-2b86-11ec-8acd-c80aa9043978)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:openssh-portable", "p-cpe:/a:freebsd:freebsd:openssh-portable-gssapi", "p-cpe:/a:freebsd:freebsd:openssh-portable-hpn", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_2A1B931F2B8611EC8ACDC80AA9043978.NASL", "href": "https://www.tenable.com/plugins/nessus/154139", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2021 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154139);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"FreeBSD : OpenSSH -- OpenSSH 6.2 through 8.7 failed to correctly initialise supplemental groups when executing an AuthorizedKeysCommand or AuthorizedPrincipalsCommand (2a1b931f-2b86-11ec-8acd-c80aa9043978)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\");\n script_set_attribute(attribute:\"description\", value:\n\"OpenBSD Project reports :\n\nsshd(8) from OpenSSH 6.2 through 8.7 failed to correctly initialise\nsupplemental groups when executing an AuthorizedKeysCommand or\nAuthorizedPrincipalsCommand, where a AuthorizedKeysCommandUser or\nAuthorizedPrincipalsCommandUser directive has been set to run the\ncommand as a different user. Instead these commands would inherit the\ngroups that sshd(8) was started with.\n\nDepending on system configuration, inherited groups may allow\nAuthorizedKeysCommand/AuthorizedPrincipalsCommand helper programs to\ngain unintended privilege.\n\nNeither AuthorizedKeysCommand nor AuthorizedPrincipalsCommand are\nenabled by default in sshd_config(5).\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.openssh.com/txt/release-8.8\");\n # https://vuxml.freebsd.org/freebsd/2a1b931f-2b86-11ec-8acd-c80aa9043978.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?933f297b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/14\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssh-portable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssh-portable-gssapi\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:openssh-portable-hpn\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"openssh-portable>=6.2.p1,1<8.7.p1_2,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"openssh-portable-hpn>=6.2.p1,1<8.7.p1_2,1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"openssh-portable-gssapi>=6.2.p1,1<8.7.p1_2,1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:35:27", "description": "The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the CESA-2021:4782 advisory.\n\n - openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configured (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-01T00:00:00", "type": "nessus", "title": "CentOS 7 : openssh (CESA-2021:4782)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:centos:centos:openssh", "p-cpe:/a:centos:centos:openssh-askpass", "p-cpe:/a:centos:centos:openssh-cavs", "p-cpe:/a:centos:centos:openssh-clients", "p-cpe:/a:centos:centos:openssh-keycat", "p-cpe:/a:centos:centos:openssh-ldap", "p-cpe:/a:centos:centos:openssh-server", "p-cpe:/a:centos:centos:openssh-server-sysvinit", "p-cpe:/a:centos:centos:pam_ssh_agent_auth", "cpe:/o:centos:centos:7"], "id": "CENTOS_RHSA-2021-4782.NASL", "href": "https://www.tenable.com/plugins/nessus/155757", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:4782 and\n# CentOS Errata and Security Advisory 2021:4782 respectively.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155757);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n script_xref(name:\"RHSA\", value:\"2021:4782\");\n\n script_name(english:\"CentOS 7 : openssh (CESA-2021:4782)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 7 host has packages installed that are affected by a vulnerability as referenced in the\nCESA-2021:4782 advisory.\n\n - openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configured\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n # https://lists.centos.org/pipermail/centos-announce/2021-December/048411.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?bae03048\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/273.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(273);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-cavs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-keycat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:openssh-server-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:pam_ssh_agent_auth\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:7\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'CentOS 7.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'openssh-7.4p1-22.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-askpass-7.4p1-22.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-cavs-7.4p1-22.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-clients-7.4p1-22.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-keycat-7.4p1-22.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-ldap-7.4p1-22.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-server-7.4p1-22.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-server-sysvinit-7.4p1-22.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pam_ssh_agent_auth-0.10.3-2.22.el7_9', 'sp':'9', 'cpu':'i686', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pam_ssh_agent_auth-0.10.3-2.22.el7_9', 'sp':'9', 'cpu':'x86_64', 'release':'CentOS-7', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssh / openssh-askpass / openssh-cavs / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:41:58", "description": "According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-02-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP10 : openssh (EulerOS-SA-2022-1212)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssh", "p-cpe:/a:huawei:euleros:openssh-clients", "p-cpe:/a:huawei:euleros:openssh-server", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2022-1212.NASL", "href": "https://www.tenable.com/plugins/nessus/158423", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158423);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"EulerOS 2.0 SP10 : openssh (EulerOS-SA-2022-1212)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1212\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fbab93ae\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssh packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(10)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP10\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"openssh-8.2p1-9.h26.eulerosv2r10\",\n \"openssh-clients-8.2p1-9.h26.eulerosv2r10\",\n \"openssh-server-8.2p1-9.h26.eulerosv2r10\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"10\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:36:20", "description": "According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-12-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : openssh (EulerOS-SA-2021-2926)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssh", "p-cpe:/a:huawei:euleros:openssh-clients", "p-cpe:/a:huawei:euleros:openssh-server", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2926.NASL", "href": "https://www.tenable.com/plugins/nessus/156402", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156402);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"EulerOS 2.0 SP9 : openssh (EulerOS-SA-2021-2926)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2926\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?8d3d42e6\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssh packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"openssh-8.2p1-2.h36.eulerosv2r9\",\n \"openssh-clients-8.2p1-2.h36.eulerosv2r9\",\n \"openssh-server-8.2p1-2.h36.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:36:21", "description": "According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-12-30T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP9 : openssh (EulerOS-SA-2021-2918)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssh", "p-cpe:/a:huawei:euleros:openssh-clients", "p-cpe:/a:huawei:euleros:openssh-server", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2918.NASL", "href": "https://www.tenable.com/plugins/nessus/156409", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156409);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"EulerOS 2.0 SP9 : openssh (EulerOS-SA-2021-2918)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2918\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9a08d71e\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssh packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(9)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP9\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"openssh-8.2p1-2.h36.eulerosv2r9\",\n \"openssh-clients-8.2p1-2.h36.eulerosv2r9\",\n \"openssh-server-8.2p1-2.h36.eulerosv2r9\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"9\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:36:28", "description": "According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-12-25T00:00:00", "type": "nessus", "title": "EulerOS 2.0 SP8 : openssh (EulerOS-SA-2021-2809)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssh", "p-cpe:/a:huawei:euleros:openssh-askpass", "p-cpe:/a:huawei:euleros:openssh-cavs", "p-cpe:/a:huawei:euleros:openssh-clients", "p-cpe:/a:huawei:euleros:openssh-keycat", "p-cpe:/a:huawei:euleros:openssh-ldap", "p-cpe:/a:huawei:euleros:openssh-server", "cpe:/o:huawei:euleros:2.0"], "id": "EULEROS_SA-2021-2809.NASL", "href": "https://www.tenable.com/plugins/nessus/156295", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156295);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"EulerOS 2.0 SP8 : openssh (EulerOS-SA-2021-2809)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssh packages installed, the EulerOS installation on the remote host is affected by\nthe following vulnerabilities :\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2809\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?240087ef\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssh packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/25\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-cavs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-keycat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/sp\");\n script_exclude_keys(\"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (release !~ \"^EulerOS release 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nvar sp = get_kb_item(\"Host/EulerOS/sp\");\nif (isnull(sp) || sp !~ \"^(8)$\") audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\");\n\nif (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, \"EulerOS 2.0 SP8\", \"EulerOS UVP \" + uvp);\n\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"openssh-7.8p1-3.h52.eulerosv2r8\",\n \"openssh-askpass-7.8p1-3.h52.eulerosv2r8\",\n \"openssh-cavs-7.8p1-3.h52.eulerosv2r8\",\n \"openssh-clients-7.8p1-3.h52.eulerosv2r8\",\n \"openssh-keycat-7.8p1-3.h52.eulerosv2r8\",\n \"openssh-ldap-7.8p1-3.h52.eulerosv2r8\",\n \"openssh-server-7.8p1-3.h52.eulerosv2r8\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", sp:\"8\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-30T14:30:12", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:4782 advisory.\n\n - openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configured (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-23T00:00:00", "type": "nessus", "title": "RHEL 7 : openssh (RHSA-2021:4782)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-05-29T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:openssh", "p-cpe:/a:redhat:enterprise_linux:openssh-askpass", "p-cpe:/a:redhat:enterprise_linux:openssh-clients", "p-cpe:/a:redhat:enterprise_linux:openssh-server", "p-cpe:/a:redhat:enterprise_linux:openssh-ldap", "p-cpe:/a:redhat:enterprise_linux:pam_ssh_agent_auth", "p-cpe:/a:redhat:enterprise_linux:openssh-cavs", "p-cpe:/a:redhat:enterprise_linux:openssh-keycat", "p-cpe:/a:redhat:enterprise_linux:openssh-server-sysvinit"], "id": "REDHAT-RHSA-2021-4782.NASL", "href": "https://www.tenable.com/plugins/nessus/155685", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:4782. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155685);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/05/29\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"RHSA\", value:\"2021:4782\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"RHEL 7 : openssh (RHSA-2021:4782)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2021:4782 advisory.\n\n - openssh: privilege escalation when AuthorizedKeysCommand or AuthorizedPrincipalsCommand are configured\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-41617\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/2008291\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(273);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-cavs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-keycat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openssh-server-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:pam_ssh_agent_auth\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/RedHat/release');\nif (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar constraints = [\n {\n 'repo_relative_urls': [\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/os',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/debug',\n 'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/debug',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/optional/source/SRPMS',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/os',\n 'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/os',\n 'content/dist/rhel/client/7/7Client/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/client/7/7Client/x86_64/os',\n 'content/dist/rhel/client/7/7Client/x86_64/source/SRPMS',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/debug',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/os',\n 'content/dist/rhel/client/7/7Client/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/source/SRPMS',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/debug',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/os',\n 'content/dist/rhel/computenode/7/7ComputeNode/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/highavailability/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/optional/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/resilientstorage/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap-hana/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/sap/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/source/SRPMS',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/debug',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/os',\n 'content/dist/rhel/power-le/7/7Server/ppc64le/supplementary/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/os',\n 'content/dist/rhel/power/7/7Server/ppc64/optional/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/os',\n 'content/dist/rhel/power/7/7Server/ppc64/sap/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/source/SRPMS',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/debug',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/os',\n 'content/dist/rhel/power/7/7Server/ppc64/supplementary/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/os',\n 'content/dist/rhel/server/7/7Server/x86_64/highavailability/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/os',\n 'content/dist/rhel/server/7/7Server/x86_64/nfv/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/os',\n 'content/dist/rhel/server/7/7Server/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/server/7/7Server/x86_64/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/os',\n 'content/dist/rhel/server/7/7Server/x86_64/resilientstorage/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/os',\n 'content/dist/rhel/server/7/7Server/x86_64/rt/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap-hana/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/os',\n 'content/dist/rhel/server/7/7Server/x86_64/sap/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/source/SRPMS',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/debug',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/os',\n 'content/dist/rhel/server/7/7Server/x86_64/supplementary/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/highavailability/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/optional/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/resilientstorage/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/sap/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/source/SRPMS',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/debug',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/os',\n 'content/dist/rhel/system-z/7/7Server/s390x/supplementary/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/optional/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/oracle-java-rm/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/source/SRPMS',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/debug',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/os',\n 'content/dist/rhel/workstation/7/7Workstation/x86_64/supplementary/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/debug',\n 'content/fastrack/rhel/client/7/x86_64/optional/os',\n 'content/fastrack/rhel/client/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/client/7/x86_64/os',\n 'content/fastrack/rhel/client/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/debug',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/os',\n 'content/fastrack/rhel/computenode/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/computenode/7/x86_64/os',\n 'content/fastrack/rhel/computenode/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/debug',\n 'content/fastrack/rhel/power/7/ppc64/optional/os',\n 'content/fastrack/rhel/power/7/ppc64/optional/source/SRPMS',\n 'content/fastrack/rhel/power/7/ppc64/os',\n 'content/fastrack/rhel/power/7/ppc64/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/debug',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/os',\n 'content/fastrack/rhel/server/7/x86_64/highavailability/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/optional/debug',\n 'content/fastrack/rhel/server/7/x86_64/optional/os',\n 'content/fastrack/rhel/server/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/debug',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/os',\n 'content/fastrack/rhel/server/7/x86_64/resilientstorage/source/SRPMS',\n 'content/fastrack/rhel/server/7/x86_64/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/debug',\n 'content/fastrack/rhel/system-z/7/s390x/optional/os',\n 'content/fastrack/rhel/system-z/7/s390x/optional/source/SRPMS',\n 'content/fastrack/rhel/system-z/7/s390x/os',\n 'content/fastrack/rhel/system-z/7/s390x/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/debug',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/os',\n 'content/fastrack/rhel/workstation/7/x86_64/optional/source/SRPMS',\n 'content/fastrack/rhel/workstation/7/x86_64/os',\n 'content/fastrack/rhel/workstation/7/x86_64/source/SRPMS'\n ],\n 'pkgs': [\n {'reference':'openssh-7.4p1-22.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-7.4p1-22.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-7.4p1-22.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-7.4p1-22.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-askpass-7.4p1-22.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-askpass-7.4p1-22.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-askpass-7.4p1-22.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-askpass-7.4p1-22.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-cavs-7.4p1-22.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-cavs-7.4p1-22.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-cavs-7.4p1-22.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-cavs-7.4p1-22.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-clients-7.4p1-22.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-clients-7.4p1-22.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-clients-7.4p1-22.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-clients-7.4p1-22.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-keycat-7.4p1-22.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-keycat-7.4p1-22.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-keycat-7.4p1-22.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-keycat-7.4p1-22.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-ldap-7.4p1-22.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-ldap-7.4p1-22.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-ldap-7.4p1-22.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-ldap-7.4p1-22.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-server-7.4p1-22.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-server-7.4p1-22.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-server-7.4p1-22.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-server-7.4p1-22.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-server-sysvinit-7.4p1-22.el7_9', 'cpu':'ppc64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-server-sysvinit-7.4p1-22.el7_9', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-server-sysvinit-7.4p1-22.el7_9', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'openssh-server-sysvinit-7.4p1-22.el7_9', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},\n {'reference':'pam_ssh_agent_auth-0.10.3-2.22.el7_9', 'release':'7', 'rpm_spec_vers_cmp':TRUE}\n ]\n }\n];\n\nvar applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);\nif(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);\n\nvar flag = 0;\nforeach var constraint_array ( constraints ) {\n var repo_relative_urls = NULL;\n if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];\n foreach var pkg ( constraint_array['pkgs'] ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];\n if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];\n if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];\n if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];\n if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];\n if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];\n if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];\n if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];\n if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];\n if (reference &&\n _release &&\n rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&\n (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&\n rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(applicable_repo_urls)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssh / openssh-askpass / openssh-cavs / openssh-clients / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T19:37:36", "description": "An update of the vim package has been released.\n\n - vim is vulnerable to Use After Free (CVE-2021-3796)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-11T00:00:00", "type": "nessus", "title": "Photon OS 3.0: Vim PHSA-2021-3.0-0312", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3796"], "modified": "2023-11-28T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:vim", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2021-3_0-0312_VIM.NASL", "href": "https://www.tenable.com/plugins/nessus/153987", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-3.0-0312. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153987);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/28\");\n\n script_cve_id(\"CVE-2021-3796\");\n\n script_name(english:\"Photon OS 3.0: Vim PHSA-2021-3.0-0312\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the vim package has been released.\n\n - vim is vulnerable to Use After Free (CVE-2021-3796)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-312.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3796\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:vim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nvar flag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'vim-8.2.3408-4.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'vim-extra-8.2.3408-4.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'vim');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:36:43", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the openSUSE-SU-2021:3950-1 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-07T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : openssh (openSUSE-SU-2021:3950-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:openssh", "p-cpe:/a:novell:opensuse:openssh-askpass-gnome", "p-cpe:/a:novell:opensuse:openssh-cavs", "p-cpe:/a:novell:opensuse:openssh-clients", "p-cpe:/a:novell:opensuse:openssh-common", "p-cpe:/a:novell:opensuse:openssh-fips", "p-cpe:/a:novell:opensuse:openssh-helpers", "p-cpe:/a:novell:opensuse:openssh-server", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-3950.NASL", "href": "https://www.tenable.com/plugins/nessus/155884", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:3950-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155884);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"openSUSE 15 Security Update : openssh (openSUSE-SU-2021:3950-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by a vulnerability as referenced in the\nopenSUSE-SU-2021:3950-1 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190975\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/BEK24NI33V77MMNQQN72LO2RGAF23X76/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?4ae84fd9\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41617\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/06\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-cavs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'openssh-8.4p1-3.6.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-askpass-gnome-8.4p1-3.6.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-cavs-8.4p1-3.6.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-clients-8.4p1-3.6.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-common-8.4p1-3.6.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-fips-8.4p1-3.6.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-helpers-8.4p1-3.6.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-server-8.4p1-3.6.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssh / openssh-askpass-gnome / openssh-cavs / openssh-clients / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:31:06", "description": "The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2022-2013 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-18T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : openssh (ELSA-2022-2013)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-02-09T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:openssh", "p-cpe:/a:oracle:linux:openssh-askpass", "p-cpe:/a:oracle:linux:openssh-cavs", "p-cpe:/a:oracle:linux:openssh-clients", "p-cpe:/a:oracle:linux:openssh-keycat", "p-cpe:/a:oracle:linux:openssh-ldap", "p-cpe:/a:oracle:linux:openssh-server", "p-cpe:/a:oracle:linux:pam_ssh_agent_auth"], "id": "ORACLELINUX_ELSA-2022-2013.NASL", "href": "https://www.tenable.com/plugins/nessus/161320", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2022-2013.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161320);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"Oracle Linux 8 : openssh (ELSA-2022-2013)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the\nELSA-2022-2013 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2022-2013.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/18\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-cavs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-keycat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:pam_ssh_agent_auth\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'openssh-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-askpass-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-askpass-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-cavs-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-cavs-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-clients-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-clients-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-keycat-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-keycat-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-ldap-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-ldap-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-server-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-server-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pam_ssh_agent_auth-0.10.3-7.13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pam_ssh_agent_auth-0.10.3-7.13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssh / openssh-askpass / openssh-cavs / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-11T07:02:37", "description": "The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5666-1 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-10-11T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 ESM : OpenSSH vulnerability (USN-5666-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-07-10T00:00:00", "cpe": ["cpe:/o:canonical:ubuntu_linux:16.04:-:esm", "p-cpe:/a:canonical:ubuntu_linux:openssh-client", "p-cpe:/a:canonical:ubuntu_linux:openssh-client-ssh1", "p-cpe:/a:canonical:ubuntu_linux:openssh-server", "p-cpe:/a:canonical:ubuntu_linux:openssh-sftp-server", "p-cpe:/a:canonical:ubuntu_linux:ssh", "p-cpe:/a:canonical:ubuntu_linux:ssh-askpass-gnome", "p-cpe:/a:canonical:ubuntu_linux:ssh-krb5"], "id": "UBUNTU_USN-5666-1.NASL", "href": "https://www.tenable.com/plugins/nessus/166010", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-5666-1. The text\n# itself is copyright (C) Canonical, Inc. See\n# <https://ubuntu.com/security/notices>. Ubuntu(R) is a registered\n# trademark of Canonical, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(166010);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/10\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"USN\", value:\"5666-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"Ubuntu 16.04 ESM : OpenSSH vulnerability (USN-5666-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Ubuntu host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the\nUSN-5666-1 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://ubuntu.com/security/notices/USN-5666-1\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04:-:esm\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openssh-client\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openssh-client-ssh1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:openssh-sftp-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:ssh-krb5\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_copyright(english:\"Ubuntu Security Notice (C) 2022-2023 Canonical, Inc. / NASL script (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\ninclude('debian_package.inc');\n\nif ( ! get_kb_item('Host/local_checks_enabled') ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item('Host/Ubuntu/release');\nif ( isnull(os_release) ) audit(AUDIT_OS_NOT, 'Ubuntu');\nos_release = chomp(os_release);\nif (! ('16.04' >< os_release)) audit(AUDIT_OS_NOT, 'Ubuntu 16.04', 'Ubuntu ' + os_release);\nif ( ! get_kb_item('Host/Debian/dpkg-l') ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Ubuntu', cpu);\n\nvar pkgs = [\n {'osver': '16.04', 'pkgname': 'openssh-client', 'pkgver': '1:7.2p2-4ubuntu2.10+esm2'},\n {'osver': '16.04', 'pkgname': 'openssh-client-ssh1', 'pkgver': '1:7.2p2-4ubuntu2.10+esm2'},\n {'osver': '16.04', 'pkgname': 'openssh-server', 'pkgver': '1:7.2p2-4ubuntu2.10+esm2'},\n {'osver': '16.04', 'pkgname': 'openssh-sftp-server', 'pkgver': '1:7.2p2-4ubuntu2.10+esm2'},\n {'osver': '16.04', 'pkgname': 'ssh', 'pkgver': '1:7.2p2-4ubuntu2.10+esm2'},\n {'osver': '16.04', 'pkgname': 'ssh-askpass-gnome', 'pkgver': '1:7.2p2-4ubuntu2.10+esm2'},\n {'osver': '16.04', 'pkgname': 'ssh-krb5', 'pkgver': '1:7.2p2-4ubuntu2.10+esm2'}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var osver = NULL;\n var pkgname = NULL;\n var pkgver = NULL;\n if (!empty_or_null(package_array['osver'])) osver = package_array['osver'];\n if (!empty_or_null(package_array['pkgname'])) pkgname = package_array['pkgname'];\n if (!empty_or_null(package_array['pkgver'])) pkgver = package_array['pkgver'];\n if (osver && pkgname && pkgver) {\n if (ubuntu_check(osver:osver, pkgname:pkgname, pkgver:pkgver)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssh-client / openssh-client-ssh1 / openssh-server / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T15:36:20", "description": "According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2021-12-29T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.0 : openssh (EulerOS-SA-2021-2853)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssh-7.4p1", "p-cpe:/a:huawei:euleros:openssh-clients-7.4p1", "p-cpe:/a:huawei:euleros:openssh-keycat-7.4p1", "p-cpe:/a:huawei:euleros:openssh-server-7.4p1", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2021-2853.NASL", "href": "https://www.tenable.com/plugins/nessus/156366", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(156366);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"EulerOS Virtualization 3.0.2.0 : openssh (EulerOS-SA-2021-2853)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2853\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?efb33334\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssh packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/29\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-7.4p1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-clients-7.4p1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-keycat-7.4p1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-server-7.4p1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"openssh-7.4p1-16.h24\",\n \"openssh-clients-7.4p1-16.h24\",\n \"openssh-keycat-7.4p1-16.h24\",\n \"openssh-server-7.4p1-16.h24\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-17T16:35:23", "description": "According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-10-09T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.6.6 : openssh (EulerOS-SA-2022-2524)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2022-10-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssh-7.4p1", "p-cpe:/a:huawei:euleros:openssh-askpass-7.4p1", "p-cpe:/a:huawei:euleros:openssh-clients-7.4p1", "p-cpe:/a:huawei:euleros:openssh-keycat-7.4p1", "p-cpe:/a:huawei:euleros:openssh-server-7.4p1", "cpe:/o:huawei:euleros:uvp:3.0.6.6"], "id": "EULEROS_SA-2022-2524.NASL", "href": "https://www.tenable.com/plugins/nessus/165867", "sourceData": "#%NASL_MIN_LEVEL 80900\n##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(165867);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/10/09\");\n\n script_cve_id(\"CVE-2021-41617\");\n\n script_name(english:\"EulerOS Virtualization 3.0.6.6 : openssh (EulerOS-SA-2022-2524)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-2524\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?1fc1733b\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssh packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/10/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-7.4p1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-askpass-7.4p1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-clients-7.4p1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-keycat-7.4p1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-server-7.4p1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.6.6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.6.6\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.6.6\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_ARCH_NOT, \"i686 / x86_64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"openssh-7.4p1-16.h25.eulerosv2r7\",\n \"openssh-askpass-7.4p1-16.h25.eulerosv2r7\",\n \"openssh-clients-7.4p1-16.h25.eulerosv2r7\",\n \"openssh-keycat-7.4p1-16.h25.eulerosv2r7\",\n \"openssh-server-7.4p1-16.h25.eulerosv2r7\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:45:55", "description": "According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities :\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {}, "published": "2022-05-07T00:00:00", "type": "nessus", "title": "EulerOS Virtualization 3.0.2.0 : openssh (EulerOS-SA-2022-1680)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:huawei:euleros:openssh-7.4p1", "p-cpe:/a:huawei:euleros:openssh-clients-7.4p1", "p-cpe:/a:huawei:euleros:openssh-keycat-7.4p1", "p-cpe:/a:huawei:euleros:openssh-server-7.4p1", "cpe:/o:huawei:euleros:uvp:3.0.2.0"], "id": "EULEROS_SA-2022-1680.NASL", "href": "https://www.tenable.com/plugins/nessus/160693", "sourceData": "##\n# (C) Tenable, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160693);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"EulerOS Virtualization 3.0.2.0 : openssh (EulerOS-SA-2022-1680)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote EulerOS Virtualization host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"According to the versions of the openssh packages installed, the EulerOS Virtualization installation on the remote host\nis affected by the following vulnerabilities :\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Tenable Network Security has extracted the preceding description block directly from the EulerOS security\nadvisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional\nissues.\");\n # https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1680\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?0f2a039a\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssh packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/07\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/07\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-7.4p1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-clients-7.4p1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-keycat-7.4p1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:huawei:euleros:openssh-server-7.4p1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:huawei:euleros:uvp:3.0.2.0\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Huawei Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/EulerOS/release\", \"Host/EulerOS/rpm-list\", \"Host/EulerOS/uvp_version\");\n\n exit(0);\n}\n\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/EulerOS/release\");\nif (isnull(release) || release !~ \"^EulerOS\") audit(AUDIT_OS_NOT, \"EulerOS\");\nvar uvp = get_kb_item(\"Host/EulerOS/uvp_version\");\nif (uvp != \"3.0.2.0\") audit(AUDIT_OS_NOT, \"EulerOS Virtualization 3.0.2.0\");\nif (!get_kb_item(\"Host/EulerOS/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\" && \"aarch64\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"EulerOS\", cpu);\nif (\"aarch64\" >!< cpu) audit(AUDIT_ARCH_NOT, \"aarch64\", cpu);\n\nvar flag = 0;\n\nvar pkgs = [\n \"openssh-7.4p1-16.h25\",\n \"openssh-clients-7.4p1-16.h25\",\n \"openssh-keycat-7.4p1-16.h25\",\n \"openssh-server-7.4p1-16.h25\"\n];\n\nforeach (var pkg in pkgs)\n if (rpm_check(release:\"EulerOS-2.0\", reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh\");\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:42:36", "description": "The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2021:3875-1 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-12-03T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : openssh (SUSE-SU-2021:3875-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssh", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome", "p-cpe:/a:novell:suse_linux:openssh-fips", "p-cpe:/a:novell:suse_linux:openssh-helpers", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-3875-1.NASL", "href": "https://www.tenable.com/plugins/nessus/155837", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3875-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155837);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3875-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"SUSE SLES12 Security Update : openssh (SUSE-SU-2021:3875-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 / SLES_SAP12 host has packages installed that are affected by a vulnerability as referenced\nin the SUSE-SU-2021:3875-1 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41617\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-December/009814.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?52585440\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssh, openssh-askpass-gnome, openssh-fips and / or openssh-helpers packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/12/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/12/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12|SLES_SAP12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP4/5\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP12\" && (! preg(pattern:\"^(4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP12 SP4/5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'openssh-7.2p2-78.13.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'openssh-askpass-gnome-7.2p2-78.13.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'openssh-fips-7.2p2-78.13.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'openssh-helpers-7.2p2-78.13.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLES_SAP-release-12.4']},\n {'reference':'openssh-7.2p2-78.13.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'openssh-askpass-gnome-7.2p2-78.13.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'openssh-fips-7.2p2-78.13.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'openssh-helpers-7.2p2-78.13.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLES_SAP-release-12.5']},\n {'reference':'openssh-7.2p2-78.13.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'openssh-askpass-gnome-7.2p2-78.13.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'openssh-fips-7.2p2-78.13.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'openssh-helpers-7.2p2-78.13.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-release-12.4']},\n {'reference':'openssh-7.2p2-78.13.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'openssh-askpass-gnome-7.2p2-78.13.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'openssh-fips-7.2p2-78.13.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-release-12.5']},\n {'reference':'openssh-helpers-7.2p2-78.13.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-release-12.5']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssh / openssh-askpass-gnome / openssh-fips / openssh-helpers');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:55:23", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2022:0805-1 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-03-11T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : openssh (SUSE-SU-2022:0805-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-07-14T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:openssh", "p-cpe:/a:novell:suse_linux:openssh-askpass-gnome", "p-cpe:/a:novell:suse_linux:openssh-fips", "p-cpe:/a:novell:suse_linux:openssh-helpers", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2022-0805-1.NASL", "href": "https://www.tenable.com/plugins/nessus/158801", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2022:0805-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(158801);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/14\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2022:0805-1\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"SUSE SLES15 Security Update : openssh (SUSE-SU-2022:0805-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by a vulnerability as referenced\nin the SUSE-SU-2022:0805-1 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190975\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41617\");\n # https://lists.suse.com/pipermail/sle-security-updates/2022-March/010415.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?fd4841aa\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openssh, openssh-askpass-gnome, openssh-fips and / or openssh-helpers packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/03/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/03/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-askpass-gnome\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-fips\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:openssh-helpers\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(2)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP2\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'openssh-8.1p1-5.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'openssh-askpass-gnome-8.1p1-5.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'openssh-fips-8.1p1-5.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'openssh-helpers-8.1p1-5.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLES_SAP-release-15.2']},\n {'reference':'openssh-8.1p1-5.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'openssh-8.1p1-5.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'SLE_RT-release-15.2', 'sles-release-15.2']},\n {'reference':'openssh-askpass-gnome-8.1p1-5.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'openssh-askpass-gnome-8.1p1-5.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'SLE_RT-release-15.2', 'sles-release-15.2']},\n {'reference':'openssh-fips-8.1p1-5.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'openssh-fips-8.1p1-5.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'SLE_RT-release-15.2', 'sles-release-15.2']},\n {'reference':'openssh-helpers-8.1p1-5.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2']},\n {'reference':'openssh-helpers-8.1p1-5.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-2', 'SLE_RT-release-15.2', 'sles-release-15.2']},\n {'reference':'openssh-8.1p1-5.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'openssh-8.1p1-5.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'openssh-askpass-gnome-8.1p1-5.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'openssh-askpass-gnome-8.1p1-5.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'openssh-fips-8.1p1-5.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'openssh-fips-8.1p1-5.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'openssh-helpers-8.1p1-5.21.1', 'sp':'2', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'openssh-helpers-8.1p1-5.21.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.2']},\n {'reference':'openssh-8.1p1-5.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'openssh-askpass-gnome-8.1p1-5.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'openssh-fips-8.1p1-5.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-ltss-release-15.2']},\n {'reference':'openssh-helpers-8.1p1-5.21.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE, 'exists_check':['sles-ltss-release-15.2']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssh / openssh-askpass-gnome / openssh-fips / openssh-helpers');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-20T14:17:36", "description": "The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:2013 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-12T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : openssh (ALSA-2022:2013)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:alma:linux:openssh", "p-cpe:/a:alma:linux:openssh-askpass", "p-cpe:/a:alma:linux:openssh-cavs", "p-cpe:/a:alma:linux:openssh-clients", "p-cpe:/a:alma:linux:openssh-keycat", "p-cpe:/a:alma:linux:openssh-ldap", "p-cpe:/a:alma:linux:openssh-server", "p-cpe:/a:alma:linux:pam_ssh_agent_auth", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2022-2013.NASL", "href": "https://www.tenable.com/plugins/nessus/161117", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2022:2013.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(161117);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"ALSA\", value:\"2022:2013\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n\n script_name(english:\"AlmaLinux 8 : openssh (ALSA-2022:2013)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the\nALSA-2022:2013 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2022-2013.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:openssh-cavs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:openssh-keycat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:openssh-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:pam_ssh_agent_auth\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'openssh-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-askpass-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-askpass-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-cavs-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-cavs-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-clients-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-clients-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-keycat-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-keycat-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-ldap-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-ldap-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-server-8.0p1-13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-server-8.0p1-13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pam_ssh_agent_auth-0.10.3-7.13.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pam_ssh_agent_auth-0.10.3-7.13.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssh / openssh-askpass / openssh-cavs / openssh-clients / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-05-18T14:41:23", "description": "The version of openssh installed on the remote host is prior to 7.4p1-22. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2022-1748 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-02-11T00:00:00", "type": "nessus", "title": "Amazon Linux 2 : openssh (ALAS-2022-1748)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41617"], "modified": "2023-02-09T00:00:00", "cpe": ["p-cpe:/a:amazon:linux:openssh", "p-cpe:/a:amazon:linux:openssh-askpass", "p-cpe:/a:amazon:linux:openssh-cavs", "p-cpe:/a:amazon:linux:openssh-clients", "p-cpe:/a:amazon:linux:openssh-debuginfo", "p-cpe:/a:amazon:linux:openssh-keycat", "p-cpe:/a:amazon:linux:openssh-ldap", "p-cpe:/a:amazon:linux:openssh-server", "p-cpe:/a:amazon:linux:openssh-server-sysvinit", "p-cpe:/a:amazon:linux:pam_ssh_agent_auth", "cpe:/o:amazon:linux:2"], "id": "AL2_ALAS-2022-1748.NASL", "href": "https://www.tenable.com/plugins/nessus/157883", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Amazon Linux 2 Security Advisory ALAS-2022-1748.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157883);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/02/09\");\n\n script_cve_id(\"CVE-2021-41617\");\n script_xref(name:\"IAVA\", value:\"2021-A-0474-S\");\n script_xref(name:\"ALAS\", value:\"2022-1748\");\n\n script_name(english:\"Amazon Linux 2 : openssh (ALAS-2022-1748)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Amazon Linux 2 host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The version of openssh installed on the remote host is prior to 7.4p1-22. It is, therefore, affected by a vulnerability\nas referenced in the ALAS2-2022-1748 advisory.\n\n - sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows\n privilege escalation because supplemental groups are not initialized as expected. Helper programs for\n AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group\n memberships of the sshd process, if the configuration specifies running the command as a different user.\n (CVE-2021-41617)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/AL2/ALAS-2022-1748.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://alas.aws.amazon.com/cve/html/CVE-2021-41617.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Run 'yum update openssh' to update your system.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41617\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/26\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/02/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssh\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssh-askpass\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssh-cavs\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssh-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssh-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssh-keycat\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssh-ldap\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssh-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:openssh-server-sysvinit\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:amazon:linux:pam_ssh_agent_auth\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:amazon:linux:2\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Amazon Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AmazonLinux/release\", \"Host/AmazonLinux/rpm-list\");\n\n exit(0);\n}\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item(\"Host/AmazonLinux/release\");\nif (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, \"Amazon Linux\");\nvar os_ver = pregmatch(pattern: \"^AL(A|\\d)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Amazon Linux\");\nvar os_ver = os_ver[1];\nif (os_ver != \"2\")\n{\n if (os_ver == 'A') os_ver = 'AMI';\n audit(AUDIT_OS_NOT, \"Amazon Linux 2\", \"Amazon Linux \" + os_ver);\n}\n\nif (!get_kb_item(\"Host/AmazonLinux/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar pkgs = [\n {'reference':'openssh-7.4p1-22.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-7.4p1-22.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-7.4p1-22.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-askpass-7.4p1-22.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-askpass-7.4p1-22.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-askpass-7.4p1-22.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-cavs-7.4p1-22.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-cavs-7.4p1-22.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-cavs-7.4p1-22.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-clients-7.4p1-22.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-clients-7.4p1-22.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-clients-7.4p1-22.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-debuginfo-7.4p1-22.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-debuginfo-7.4p1-22.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-debuginfo-7.4p1-22.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-keycat-7.4p1-22.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-keycat-7.4p1-22.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-keycat-7.4p1-22.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-ldap-7.4p1-22.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-ldap-7.4p1-22.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-ldap-7.4p1-22.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-server-7.4p1-22.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-server-7.4p1-22.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-server-7.4p1-22.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-server-sysvinit-7.4p1-22.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-server-sysvinit-7.4p1-22.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'openssh-server-sysvinit-7.4p1-22.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pam_ssh_agent_auth-0.10.3-2.22.amzn2.0.1', 'cpu':'aarch64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pam_ssh_agent_auth-0.10.3-2.22.amzn2.0.1', 'cpu':'i686', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'pam_ssh_agent_auth-0.10.3-2.22.amzn2.0.1', 'cpu':'x86_64', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"openssh / openssh-askpass / openssh-cavs / etc\");\n}", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T19:37:36", "description": "An update of the vim package has been released.\n\n - vim is vulnerable to Use After Free (CVE-2021-3796)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-12T00:00:00", "type": "nessus", "title": "Photon OS 2.0: Vim PHSA-2021-2.0-0403", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3796"], "modified": "2023-11-28T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:vim", "cpe:/o:vmware:photonos:2.0"], "id": "PHOTONOS_PHSA-2021-2_0-0403_VIM.NASL", "href": "https://www.tenable.com/plugins/nessus/154025", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-2.0-0403. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154025);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/28\");\n\n script_cve_id(\"CVE-2021-3796\");\n\n script_name(english:\"Photon OS 2.0: Vim PHSA-2021-2.0-0403\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the vim package has been released.\n\n - vim is vulnerable to Use After Free (CVE-2021-3796)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-403.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3796\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/12\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:vim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 2.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nvar flag = 0;\n\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'vim-8.0.0533-11.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'vim-extra-8.0.0533-11.ph2')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'vim');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-29T19:36:42", "description": "An update of the vim package has been released.\n\n - vim is vulnerable to Use After Free (CVE-2021-3796)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-10T00:00:00", "type": "nessus", "title": "Photon OS 4.0: Vim PHSA-2021-4.0-0113", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-3796"], "modified": "2023-11-28T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:vim", "cpe:/o:vmware:photonos:4.0"], "id": "PHOTONOS_PHSA-2021-4_0-0113_VIM.NASL", "href": "https://www.tenable.com/plugins/nessus/153971", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2021-4.0-0113. The text\n# itself is copyright (C) VMware, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(153971);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/28\");\n\n script_cve_id(\"CVE-2021-3796\");\n\n script_name(english:\"Photon OS 4.0: Vim PHSA-2021-4.0-0113\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the vim package has been released.\n\n - vim is vulnerable to Use After Free (CVE-2021-3796)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-4.0-113.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:L/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-3796\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/09/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:vim\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:4.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 4\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 4.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nvar flag = 0;\n\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'vim-8.2.3428-1.ph4')) flag++;\nif (rpm_check(release:'PhotonOS-4.0', cpu:'x86_64', reference:'vim-extra-8.2.3428-1.ph4')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'vim');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-14T14:35:45", "description": "The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3336-1 advisory.\n\n - runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.\n (CVE-2021-30465)\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. (CVE-2021-32760)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.\n (CVE-2021-41091)\n\n - Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.\n (CVE-2021-41092)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-13T00:00:00", "type": "nessus", "title": "SUSE SLES12 Security Update : containerd, docker, runc (SUSE-SU-2021:3336-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30465", "CVE-2021-32760", "CVE-2021-41089", "CVE-2021-41091", "CVE-2021-41092", "CVE-2021-41103"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:containerd", "p-cpe:/a:novell:suse_linux:docker", "p-cpe:/a:novell:suse_linux:runc", "cpe:/o:novell:suse_linux:12"], "id": "SUSE_SU-2021-3336-1.NASL", "href": "https://www.tenable.com/plugins/nessus/154100", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3336-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154100);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-30465\",\n \"CVE-2021-32760\",\n \"CVE-2021-41089\",\n \"CVE-2021-41091\",\n \"CVE-2021-41092\",\n \"CVE-2021-41103\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3336-1\");\n\n script_name(english:\"SUSE SLES12 Security Update : containerd, docker, runc (SUSE-SU-2021:3336-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe SUSE-SU-2021:3336-1 advisory.\n\n - runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the\n vulnerability, an attacker must be able to create multiple containers with a fairly specific mount\n configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.\n (CVE-2021-30465)\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where\n pulling and extracting a specially-crafted container image can result in Unix file permission changes for\n existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner\n of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does\n not directly allow files to be read, modified, or executed without an additional cooperating process. This\n bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from\n trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially\n affected by this bug through policies and profiles that prevent containerd from interacting with specific\n files. (CVE-2021-32760)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container\n can result in Unix file permission changes for existing files in the host's filesystem, widening access to\n others. This bug does not directly allow files to be read, modified, or executed without an additional\n cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this\n version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with\n insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory\n contents and execute programs. When containers included executable programs with extended permission bits\n (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed\n in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running\n containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade\n limit access to the host to trusted users. Limit access to host volumes to trusted containers.\n (CVE-2021-41091)\n\n - Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker\n CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file\n (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed\n would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended\n private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as\n soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries\n in the configuration file reference an installed credential helper that is executable and on the PATH.\n (CVE-2021-41092)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1102408\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191334\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191355\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-32760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41089\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41103\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-October/009566.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?766b520d\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected containerd, docker and / or runc packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-30465\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/13\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:runc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES12)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES12\" && (! preg(pattern:\"^(0|3|4|5)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES12 SP0/3/4/5\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'containerd-1.4.11-16.45.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'containerd-1.4.11-16.45.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'containerd-1.4.11-16.45.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'containerd-1.4.11-16.45.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'docker-20.10.9_ce-98.72.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'docker-20.10.9_ce-98.72.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'docker-20.10.9_ce-98.72.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'docker-20.10.9_ce-98.72.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'runc-1.0.2-16.14.1', 'sp':'0', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'runc-1.0.2-16.14.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'runc-1.0.2-16.14.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']},\n {'reference':'runc-1.0.2-16.14.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-12-0']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd / docker / runc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:44:44", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:3506-1 advisory.\n\n - runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.\n (CVE-2021-30465)\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. (CVE-2021-32760)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.\n (CVE-2021-41091)\n\n - Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.\n (CVE-2021-41092)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-28T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : containerd, docker, runc (openSUSE-SU-2021:3506-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30465", "CVE-2021-32760", "CVE-2021-41089", "CVE-2021-41091", "CVE-2021-41092", "CVE-2021-41103"], "modified": "2023-11-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:containerd", "p-cpe:/a:novell:opensuse:containerd-ctr", "p-cpe:/a:novell:opensuse:docker", "p-cpe:/a:novell:opensuse:docker-bash-completion", "p-cpe:/a:novell:opensuse:docker-fish-completion", "p-cpe:/a:novell:opensuse:docker-kubic", "p-cpe:/a:novell:opensuse:docker-kubic-bash-completion", "p-cpe:/a:novell:opensuse:docker-kubic-fish-completion", "p-cpe:/a:novell:opensuse:docker-kubic-kubeadm-criconfig", "p-cpe:/a:novell:opensuse:docker-kubic-zsh-completion", "p-cpe:/a:novell:opensuse:docker-zsh-completion", "p-cpe:/a:novell:opensuse:runc", "cpe:/o:novell:opensuse:15.3"], "id": "OPENSUSE-2021-3506.NASL", "href": "https://www.tenable.com/plugins/nessus/154606", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:3506-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154606);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/27\");\n\n script_cve_id(\n \"CVE-2021-30465\",\n \"CVE-2021-32760\",\n \"CVE-2021-41089\",\n \"CVE-2021-41091\",\n \"CVE-2021-41092\",\n \"CVE-2021-41103\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : containerd, docker, runc (openSUSE-SU-2021:3506-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:3506-1 advisory.\n\n - runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the\n vulnerability, an attacker must be able to create multiple containers with a fairly specific mount\n configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.\n (CVE-2021-30465)\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where\n pulling and extracting a specially-crafted container image can result in Unix file permission changes for\n existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner\n of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does\n not directly allow files to be read, modified, or executed without an additional cooperating process. This\n bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from\n trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially\n affected by this bug through policies and profiles that prevent containerd from interacting with specific\n files. (CVE-2021-32760)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container\n can result in Unix file permission changes for existing files in the host's filesystem, widening access to\n others. This bug does not directly allow files to be read, modified, or executed without an additional\n cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this\n version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with\n insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory\n contents and execute programs. When containers included executable programs with extended permission bits\n (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed\n in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running\n containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade\n limit access to the host to trusted users. Limit access to host volumes to trusted containers.\n (CVE-2021-41091)\n\n - Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker\n CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file\n (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed\n would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended\n private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as\n soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries\n in the configuration file reference an installed credential helper that is executable and on the PATH.\n (CVE-2021-41092)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1102408\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191334\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191355\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191434\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/NP4XGHFKECRFSI6UYXER53KXVGP66EHQ/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?9b01f733\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-32760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41089\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41103\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-30465\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:containerd-ctr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-fish-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-kubic\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-kubic-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-kubic-fish-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-kubic-kubeadm-criconfig\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-kubic-zsh-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-zsh-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:runc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.3\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.3)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.3', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'containerd-1.4.11-56.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-ctr-1.4.11-56.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-20.10.9_ce-156.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-bash-completion-20.10.9_ce-156.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-fish-completion-20.10.9_ce-156.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-kubic-20.10.9_ce-156.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-kubic-bash-completion-20.10.9_ce-156.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-kubic-fish-completion-20.10.9_ce-156.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-kubic-kubeadm-criconfig-20.10.9_ce-156.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-kubic-zsh-completion-20.10.9_ce-156.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-zsh-completion-20.10.9_ce-156.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'runc-1.0.2-23.1', 'release':'SUSE15.3', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd / containerd-ctr / docker / docker-bash-completion / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-28T15:46:29", "description": "The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1404-1 advisory.\n\n - runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.\n (CVE-2021-30465)\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. (CVE-2021-32760)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.\n (CVE-2021-41091)\n\n - Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.\n (CVE-2021-41092)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-11-01T00:00:00", "type": "nessus", "title": "openSUSE 15 Security Update : containerd, docker, runc (openSUSE-SU-2021:1404-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30465", "CVE-2021-32760", "CVE-2021-41089", "CVE-2021-41091", "CVE-2021-41092", "CVE-2021-41103"], "modified": "2023-11-27T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:containerd", "p-cpe:/a:novell:opensuse:containerd-ctr", "p-cpe:/a:novell:opensuse:docker", "p-cpe:/a:novell:opensuse:docker-bash-completion", "p-cpe:/a:novell:opensuse:docker-fish-completion", "p-cpe:/a:novell:opensuse:docker-zsh-completion", "p-cpe:/a:novell:opensuse:runc", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2021-1404.NASL", "href": "https://www.tenable.com/plugins/nessus/154769", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# openSUSE Security Update openSUSE-SU-2021:1404-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154769);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/11/27\");\n\n script_cve_id(\n \"CVE-2021-30465\",\n \"CVE-2021-32760\",\n \"CVE-2021-41089\",\n \"CVE-2021-41091\",\n \"CVE-2021-41092\",\n \"CVE-2021-41103\"\n );\n\n script_name(english:\"openSUSE 15 Security Update : containerd, docker, runc (openSUSE-SU-2021:1404-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in\nthe openSUSE-SU-2021:1404-1 advisory.\n\n - runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the\n vulnerability, an attacker must be able to create multiple containers with a fairly specific mount\n configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.\n (CVE-2021-30465)\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where\n pulling and extracting a specially-crafted container image can result in Unix file permission changes for\n existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner\n of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does\n not directly allow files to be read, modified, or executed without an additional cooperating process. This\n bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from\n trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially\n affected by this bug through policies and profiles that prevent containerd from interacting with specific\n files. (CVE-2021-32760)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container\n can result in Unix file permission changes for existing files in the host's filesystem, widening access to\n others. This bug does not directly allow files to be read, modified, or executed without an additional\n cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this\n version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with\n insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory\n contents and execute programs. When containers included executable programs with extended permission bits\n (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed\n in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running\n containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade\n limit access to the host to trusted users. Limit access to host volumes to trusted containers.\n (CVE-2021-41091)\n\n - Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker\n CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file\n (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed\n would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended\n private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as\n soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries\n in the configuration file reference an installed credential helper that is executable and on the PATH.\n (CVE-2021-41092)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1102408\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191334\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191355\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191434\");\n # https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/L7ADRJZ4HKOCVZC5ZKIM4MD6EZEHBNB3/\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?55e12d1f\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-32760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41089\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41103\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-30465\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:containerd-ctr\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-fish-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:docker-zsh-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:runc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/SuSE/release');\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, 'openSUSE');\nvar os_ver = pregmatch(pattern: \"^SUSE([\\d.]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');\nos_ver = os_ver[1];\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);\n\nvar pkgs = [\n {'reference':'containerd-1.4.11-lp152.2.12.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'containerd-ctr-1.4.11-lp152.2.12.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-20.10.9_ce-lp152.2.18.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-bash-completion-20.10.9_ce-lp152.2.18.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-fish-completion-20.10.9_ce-lp152.2.18.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'docker-zsh-completion-20.10.9_ce-lp152.2.18.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'runc-1.0.2-lp152.2.9.1', 'cpu':'x86_64', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var cpu = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = package_array['release'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && release) {\n if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd / containerd-ctr / docker / docker-bash-completion / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-07-15T18:43:59", "description": "The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:3506-1 advisory.\n\n - runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the vulnerability, an attacker must be able to create multiple containers with a fairly specific mount configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.\n (CVE-2021-30465)\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where pulling and extracting a specially-crafted container image can result in Unix file permission changes for existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially affected by this bug through policies and profiles that prevent containerd from interacting with specific files. (CVE-2021-32760)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.\n (CVE-2021-41091)\n\n - Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries in the configuration file reference an installed credential helper that is executable and on the PATH.\n (CVE-2021-41092)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as setuid), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are released and may restart containers or update directory permissions to mitigate the vulnerability. Users unable to update should limit access to the host to trusted users. Update directory permission on container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2021-10-28T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : containerd, docker, runc (SUSE-SU-2021:3506-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-30465", "CVE-2021-32760", "CVE-2021-41089", "CVE-2021-41091", "CVE-2021-41092", "CVE-2021-41103"], "modified": "2023-07-13T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:containerd", "p-cpe:/a:novell:suse_linux:docker", "p-cpe:/a:novell:suse_linux:docker-bash-completion", "p-cpe:/a:novell:suse_linux:docker-fish-completion", "p-cpe:/a:novell:suse_linux:runc", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2021-3506-1.NASL", "href": "https://www.tenable.com/plugins/nessus/154638", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable, Inc.\n#\n# The package checks in this plugin were extracted from\n# SUSE update advisory SUSE-SU-2021:3506-1. The text itself\n# is copyright (C) SUSE.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(154638);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/07/13\");\n\n script_cve_id(\n \"CVE-2021-30465\",\n \"CVE-2021-32760\",\n \"CVE-2021-41089\",\n \"CVE-2021-41091\",\n \"CVE-2021-41092\",\n \"CVE-2021-41103\"\n );\n script_xref(name:\"SuSE\", value:\"SUSE-SU-2021:3506-1\");\n\n script_name(english:\"SUSE SLES15 Security Update : containerd, docker, runc (SUSE-SU-2021:3506-1)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote SUSE host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the SUSE-SU-2021:3506-1 advisory.\n\n - runc before 1.0.0-rc95 allows a Container Filesystem Breakout via Directory Traversal. To exploit the\n vulnerability, an attacker must be able to create multiple containers with a fairly specific mount\n configuration. The problem occurs via a symlink-exchange attack that relies on a race condition.\n (CVE-2021-30465)\n\n - containerd is a container runtime. A bug was found in containerd versions prior to 1.4.8 and 1.5.4 where\n pulling and extracting a specially-crafted container image can result in Unix file permission changes for\n existing files in the host's filesystem. Changes to file permissions can deny access to the expected owner\n of the file, widen access to others, or set extended bits like setuid, setgid, and sticky. This bug does\n not directly allow files to be read, modified, or executed without an additional cooperating process. This\n bug has been fixed in containerd 1.5.4 and 1.4.8. As a workaround, ensure that users only pull images from\n trusted sources. Linux security modules (LSMs) like SELinux and AppArmor can limit the files potentially\n affected by this bug through policies and profiles that prevent containerd from interacting with specific\n files. (CVE-2021-32760)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container\n can result in Unix file permission changes for existing files in the host's filesystem, widening access to\n others. This bug does not directly allow files to be read, modified, or executed without an additional\n cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this\n version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with\n insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory\n contents and execute programs. When containers included executable programs with extended permission bits\n (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed\n in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running\n containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade\n limit access to the host to trusted users. Limit access to host volumes to trusted containers.\n (CVE-2021-41091)\n\n - Docker CLI is the command line interface for the docker container runtime. A bug was found in the Docker\n CLI where running `docker login my-private-registry.example.com` with a misconfigured configuration file\n (typically `~/.docker/config.json`) listing a `credsStore` or `credHelpers` that could not be executed\n would result in any provided credentials being sent to `registry-1.docker.io` rather than the intended\n private registry. This bug has been fixed in Docker CLI 20.10.9. Users should update to this version as\n soon as possible. For users unable to update ensure that any configured credsStore or credHelpers entries\n in the configuration file reference an installed credential helper that is executable and on the PATH.\n (CVE-2021-41092)\n\n - containerd is an open source container runtime with an emphasis on simplicity, robustness and portability.\n A bug was found in containerd where container root directories and some plugins had insufficiently\n restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and\n execute programs. When containers included executable programs with extended permission bits (such as\n setuid), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This vulnerability has\n been fixed in containerd 1.4.11 and containerd 1.5.7. Users should update to these version when they are\n released and may restart containers or update directory permissions to mitigate the vulnerability. Users\n unable to update should limit access to the host to trusted users. Update directory permission on\n container bundles directories. (CVE-2021-41103)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1102408\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1185405\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1187704\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1188282\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1190826\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191015\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191121\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191334\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191355\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.suse.com/1191434\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-30465\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-32760\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41089\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41091\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41092\");\n script_set_attribute(attribute:\"see_also\", value:\"https://www.suse.com/security/cve/CVE-2021-41103\");\n # https://lists.suse.com/pipermail/sle-security-updates/2021-October/009645.html\n script_set_attribute(attribute:\"see_also\", value:\"http://www.nessus.org/u?83c57493\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41103\");\n script_set_attribute(attribute:\"cvss3_score_source\", value:\"CVE-2021-30465\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/10/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/10/28\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:containerd\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:docker\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:docker-bash-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:docker-fish-completion\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:runc\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"SuSE Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar os_release = get_kb_item(\"Host/SuSE/release\");\nif (isnull(os_release) || os_release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nvar os_ver = pregmatch(pattern: \"^(SLE(S|D)(?:_SAP)?\\d+)\", string:os_release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15|SLES_SAP15)$\", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);\n\nvar service_pack = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(service_pack)) service_pack = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0|1|2|3)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES15 SP0/1/2/3\", os_ver + \" SP\" + service_pack);\nif (os_ver == \"SLES_SAP15\" && (! preg(pattern:\"^(0|1)$\", string:service_pack))) audit(AUDIT_OS_NOT, \"SLES_SAP15 SP0/1\", os_ver + \" SP\" + service_pack);\n\nvar pkgs = [\n {'reference':'containerd-1.4.11-56.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'docker-20.10.9_ce-156.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'docker-bash-completion-20.10.9_ce-156.1', 'sp':'0', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'runc-1.0.2-23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15']},\n {'reference':'containerd-1.4.11-56.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'docker-20.10.9_ce-156.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'docker-bash-completion-20.10.9_ce-156.1', 'sp':'1', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'runc-1.0.2-23.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.1']},\n {'reference':'containerd-1.4.11-56.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'containerd-1.4.11-56.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'docker-20.10.9_ce-156.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'docker-20.10.9_ce-156.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'docker-bash-completion-20.10.9_ce-156.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'runc-1.0.2-23.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1']},\n {'reference':'runc-1.0.2-23.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-1', 'sles-release-15.1']},\n {'reference':'containerd-1.4.11-56.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'containerd-1.4.11-56.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'docker-20.10.9_ce-156.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'docker-20.10.9_ce-156.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'docker-bash-completion-20.10.9_ce-156.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'docker-bash-completion-20.10.9_ce-156.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15', 'sles-ltss-release-15']},\n {'reference':'runc-1.0.2-23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'runc-1.0.2-23.1', 'sp':'0', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-15', 'SLE_HPC-LTSS-release-15']},\n {'reference':'containerd-1.4.11-56.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'containerd-1.4.11-56.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'docker-20.10.9_ce-156.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'docker-20.10.9_ce-156.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'docker-bash-completion-20.10.9_ce-156.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1', 'sles-ltss-release-15.1']},\n {'reference':'runc-1.0.2-23.1', 'sp':'1', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'runc-1.0.2-23.1', 'sp':'1', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.1']},\n {'reference':'containerd-1.4.11-56.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-15.2']},\n {'reference':'docker-20.10.9_ce-156.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-15.2']},\n {'reference':'docker-bash-completion-20.10.9_ce-156.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-15.2']},\n {'reference':'runc-1.0.2-23.1', 'sp':'2', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-15.2']},\n {'reference':'containerd-1.4.11-56.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-15.3']},\n {'reference':'docker-20.10.9_ce-156.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-15.3']},\n {'reference':'docker-bash-completion-20.10.9_ce-156.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-15.3']},\n {'reference':'docker-fish-completion-20.10.9_ce-156.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-15.3']},\n {'reference':'runc-1.0.2-23.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-containers-release-15.3']},\n {'reference':'containerd-1.4.11-56.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'docker-20.10.9_ce-156.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'runc-1.0.2-23.1', 'sp':'0', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15']},\n {'reference':'containerd-1.4.11-56.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'docker-20.10.9_ce-156.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']},\n {'reference':'runc-1.0.2-23.1', 'sp':'1', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.1']}\n];\n\nvar ltss_caveat_required = FALSE;\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var _release = NULL;\n var sp = NULL;\n var _cpu = NULL;\n var exists_check = NULL;\n var rpm_spec_vers_cmp = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) _release = package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (reference && _release) {\n if (exists_check) {\n var check_flag = 0;\n foreach var check (exists_check) {\n if (!rpm_exists(release:_release, rpm:check)) continue;\n if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;\n check_flag++;\n }\n if (!check_flag) continue;\n }\n if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;\n }\n}\n\nif (flag)\n{\n var ltss_plugin_caveat = NULL;\n if(ltss_caveat_required) ltss_plugin_caveat = '\\n' +\n 'NOTE: This vulnerability check contains fixes that apply to\\n' +\n 'packages only available in SUSE Enterprise Linux Server LTSS\\n' +\n 'repositories. Access to these package security updates require\\n' +\n 'a paid SUSE LTSS subscription.\\n';\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get() + ltss_plugin_caveat\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'containerd / docker / docker-bash-completion / etc');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-01T15:22:56", "description": "The remote NewStart CGSL host, running version MAIN 6.02, has docker-ce packages installed that are affected by multiple vulnerabilities:\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.\n (CVE-2021-41091)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-09T00:00:00", "type": "nessus", "title": "NewStart CGSL MAIN 6.02 : docker-ce Multiple Vulnerabilities (NS-SA-2022-0071)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41089", "CVE-2021-41091"], "modified": "2023-10-30T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_main:docker-ce", "cpe:/o:zte:cgsl_main:6"], "id": "NEWSTART_CGSL_NS-SA-2022-0071_DOCKER-CE.NASL", "href": "https://www.tenable.com/plugins/nessus/160729", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0071. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160729);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/30\");\n\n script_cve_id(\"CVE-2021-41089\", \"CVE-2021-41091\");\n\n script_name(english:\"NewStart CGSL MAIN 6.02 : docker-ce Multiple Vulnerabilities (NS-SA-2022-0071)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version MAIN 6.02, has docker-ce packages installed that are affected by multiple\nvulnerabilities:\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container\n can result in Unix file permission changes for existing files in the host's filesystem, widening access to\n others. This bug does not directly allow files to be read, modified, or executed without an additional\n cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this\n version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with\n insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory\n contents and execute programs. When containers included executable programs with extended permission bits\n (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed\n in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running\n containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade\n limit access to the host to trusted users. Limit access to host volumes to trusted containers.\n (CVE-2021-41091)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0071\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-41089\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-41091\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL docker-ce packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41091\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:docker-ce\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:6\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL MAIN 6.02\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL MAIN 6.02');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL MAIN 6.02': [\n 'docker-ce-17.03.3-1.el8.2112010353gitecf9c0c'\n ]\n};\nvar pkg_list = pkgs[release];\n\nforeach (pkg in pkg_list)\n if (rpm_check(release:'ZTE ' + release, reference:pkg)) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'docker-ce');\n}\n", "cvss": {"score": 0.0, "vector": "NONE"}}, {"lastseen": "2023-11-01T15:24:21", "description": "The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has docker-ce packages installed that are affected by multiple vulnerabilities:\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container can result in Unix file permission changes for existing files in the host's filesystem, widening access to others. This bug does not directly allow files to be read, modified, or executed without an additional cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory contents and execute programs. When containers included executable programs with extended permission bits (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an unprivileged Linux user on the host collided with the file owner or group inside a container, the unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade limit access to the host to trusted users. Limit access to host volumes to trusted containers.\n (CVE-2021-41091)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.", "cvss3": {}, "published": "2022-05-10T00:00:00", "type": "nessus", "title": "NewStart CGSL CORE 5.04 / MAIN 5.04 : docker-ce Multiple Vulnerabilities (NS-SA-2022-0018)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2021-41089", "CVE-2021-41091"], "modified": "2023-10-30T00:00:00", "cpe": ["p-cpe:/a:zte:cgsl_core:docker-ce", "p-cpe:/a:zte:cgsl_core:docker-ce-debuginfo", "p-cpe:/a:zte:cgsl_main:docker-ce", "p-cpe:/a:zte:cgsl_main:docker-ce-debuginfo", "cpe:/o:zte:cgsl_core:5", "cpe:/o:zte:cgsl_main:5"], "id": "NEWSTART_CGSL_NS-SA-2022-0018_DOCKER-CE.NASL", "href": "https://www.tenable.com/plugins/nessus/160834", "sourceData": "##\n# (C) Tenable, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from ZTE advisory NS-SA-2022-0018. The text\n# itself is copyright (C) ZTE, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(160834);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2023/10/30\");\n\n script_cve_id(\"CVE-2021-41089\", \"CVE-2021-41091\");\n\n script_name(english:\"NewStart CGSL CORE 5.04 / MAIN 5.04 : docker-ce Multiple Vulnerabilities (NS-SA-2022-0018)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote NewStart CGSL host is affected by multiple vulnerabilities.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has docker-ce packages installed that are affected\nby multiple vulnerabilities:\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where attempting to copy files using `docker cp` into a specially-crafted container\n can result in Unix file permission changes for existing files in the host's filesystem, widening access to\n others. This bug does not directly allow files to be read, modified, or executed without an additional\n cooperating process. This bug has been fixed in Moby (Docker Engine) 20.10.9. Users should update to this\n version as soon as possible. Running containers do not need to be restarted. (CVE-2021-41089)\n\n - Moby is an open-source project created by Docker to enable software containerization. A bug was found in\n Moby (Docker Engine) where the data directory (typically `/var/lib/docker`) contained subdirectories with\n insufficiently restricted permissions, allowing otherwise unprivileged Linux users to traverse directory\n contents and execute programs. When containers included executable programs with extended permission bits\n (such as `setuid`), unprivileged Linux users could discover and execute those programs. When the UID of an\n unprivileged Linux user on the host collided with the file owner or group inside a container, the\n unprivileged Linux user on the host could discover, read, and modify those files. This bug has been fixed\n in Moby (Docker Engine) 20.10.9. Users should update to this version as soon as possible. Running\n containers should be stopped and restarted for the permissions to be fixed. For users unable to upgrade\n limit access to the host to trusted users. Limit access to host volumes to trusted containers.\n (CVE-2021-41091)\n\nNote that Nessus has not tested for these issues but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/notice/NS-SA-2022-0018\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-41089\");\n script_set_attribute(attribute:\"see_also\", value:\"http://security.gd-linux.com/info/CVE-2021-41091\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade the vulnerable CGSL docker-ce packages. Note that updated packages may not be available yet. Please contact ZTE\nfor more information.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-41091\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2021/10/04\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2022/05/08\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/05/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:docker-ce\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_core:docker-ce-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:docker-ce\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:zte:cgsl_main:docker-ce-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_core:5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:zte:cgsl_main:5\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"NewStart CGSL Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/ZTE-CGSL/release\", \"Host/ZTE-CGSL/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nvar release = get_kb_item('Host/ZTE-CGSL/release');\nif (isnull(release) || release !~ \"^CGSL (MAIN|CORE)\") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');\n\nif (release !~ \"CGSL CORE 5.04\" &&\n release !~ \"CGSL MAIN 5.04\")\n audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');\n\nif (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);\n\nvar flag = 0;\n\nvar pkgs = {\n 'CGSL CORE 5.04'