Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.AL2023_ALAS2023-2023-282.NASL
HistoryAug 14, 2023 - 12:00 a.m.

Amazon Linux 2023 : grpc, grpc-cpp, grpc-data (ALAS2023-2023-282)

2023-08-1400:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
amazon linux 2023
grpc
vulnerabilities
http2
hpack
privilege escalation
data exfiltration
base64 encoding error
connection termination
nessus scanner

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

56.4%

JSON

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-282 advisory.

  • When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame.
    This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests from the proxy being interpreted as containing headers from different proxy clients - leading to an information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading beyond the commit contained in https://github.com/grpc/grpc/pull/33005 https://github.com/grpc/grpc/pull/33005 (CVE-2023-32731)

  • gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy and a gRPC server: a base64 encoding error for -bin suffixed headers will result in a disconnection by the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in https://github.com/grpc/grpc/pull/32309 https://www.google.com/url (CVE-2023-32732)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2023 Security Advisory ALAS2023-2023-282.
##

include('compat.inc');

if (description)
{
  script_id(179767);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/17");

  script_cve_id("CVE-2023-32731", "CVE-2023-32732", "CVE-2023-4785");

  script_name(english:"Amazon Linux 2023 : grpc, grpc-cpp, grpc-data (ALAS2023-2023-282)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2023 host is missing a security update.");
  script_set_attribute(attribute:"description", value:
"It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-282 advisory.

  - When gRPC HTTP2 stack raised a header size exceeded error, it skipped parsing the rest of the HPACK frame.
    This caused any HPACK table mutations to also be skipped, resulting in a desynchronization of HPACK tables
    between sender and receiver. If leveraged, say, between a proxy and a backend, this could lead to requests
    from the proxy being interpreted as containing headers from different proxy clients - leading to an
    information leak that can be used for privilege escalation or data exfiltration. We recommend upgrading
    beyond the commit contained in https://github.com/grpc/grpc/pull/33005
    https://github.com/grpc/grpc/pull/33005 (CVE-2023-32731)

  - gRPC contains a vulnerability whereby a client can cause a termination of connection between a HTTP2 proxy
    and a gRPC server: a base64 encoding error for `-bin` suffixed headers will result in a disconnection by
    the gRPC server, but is typically allowed by HTTP2 proxies. We recommend upgrading beyond the commit in
    https://github.com/grpc/grpc/pull/32309 https://www.google.com/url (CVE-2023-32732)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2023/ALAS-2023-282.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-32731.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-32732.html");
  script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2023-4785.html");
  script_set_attribute(attribute:"solution", value:
"Run 'dnf update grpc --releasever 2023.1.20230809' to update your system.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-32731");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/06/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/08/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/14");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:grpc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:grpc-cpp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:grpc-cpp-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:grpc-data");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:grpc-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:grpc-debugsource");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:grpc-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:grpc-doc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:grpc-plugins");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:grpc-plugins-debuginfo");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2023");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Amazon Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");

  exit(0);
}

include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "-2023")
{
  if (os_ver == 'A') os_ver = 'AMI';
  audit(AUDIT_OS_NOT, "Amazon Linux 2023", "Amazon Linux " + os_ver);
}

if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var pkgs = [
    {'reference':'grpc-1.56.2-10.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'grpc-1.56.2-10.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'grpc-cpp-1.56.2-10.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'grpc-cpp-1.56.2-10.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'grpc-cpp-debuginfo-1.56.2-10.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'grpc-cpp-debuginfo-1.56.2-10.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'grpc-data-1.56.2-10.amzn2023', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'grpc-debuginfo-1.56.2-10.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'grpc-debuginfo-1.56.2-10.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'grpc-debugsource-1.56.2-10.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'grpc-debugsource-1.56.2-10.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'grpc-devel-1.56.2-10.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'grpc-devel-1.56.2-10.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'grpc-doc-1.56.2-10.amzn2023', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'grpc-plugins-1.56.2-10.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'grpc-plugins-1.56.2-10.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'grpc-plugins-debuginfo-1.56.2-10.amzn2023', 'cpu':'aarch64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'grpc-plugins-debuginfo-1.56.2-10.amzn2023', 'cpu':'x86_64', 'release':'AL-2023', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "grpc / grpc-cpp / grpc-cpp-debuginfo / etc");
}
VendorProductVersionCPE
amazonlinuxgrpcp-cpe:/a:amazon:linux:grpc
amazonlinuxgrpc-cppp-cpe:/a:amazon:linux:grpc-cpp
amazonlinuxgrpc-cpp-debuginfop-cpe:/a:amazon:linux:grpc-cpp-debuginfo
amazonlinuxgrpc-datap-cpe:/a:amazon:linux:grpc-data
amazonlinuxgrpc-debuginfop-cpe:/a:amazon:linux:grpc-debuginfo
amazonlinuxgrpc-debugsourcep-cpe:/a:amazon:linux:grpc-debugsource
amazonlinuxgrpc-develp-cpe:/a:amazon:linux:grpc-devel
amazonlinuxgrpc-docp-cpe:/a:amazon:linux:grpc-doc
amazonlinuxgrpc-pluginsp-cpe:/a:amazon:linux:grpc-plugins
amazonlinuxgrpc-plugins-debuginfop-cpe:/a:amazon:linux:grpc-plugins-debuginfo
Rows per page:
1-10 of 111

Related

nessus 11
openvas 10
ibm 17
nvd 3
fedora 2
cgr 3
ubuntucve 3
cvelist 3
wolfi 3
alpinelinux 2
osv 6
veracode 3
debiancve 3
prion 3
github 3
cve 3
redhatcve 3
cbl_mariner 1
photon 1
redhat 1
nessus
nessus
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : abseil-cpp, grpc, opencensus-proto, protobuf, python-abseil, python-grpcio, re2 (SUSE-SU-2024:0573-1)
2024-02-22 00:00:00
Fedora 37 : grpc (2023-6cad6e5003)
2023-07-23 00:00:00
Fedora 39 : grpc (2023-8570e0055b)
2023-11-07 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:0573-1)
2024-02-22 00:00:00
openSUSE: Security Advisory for abseil (SUSE-SU-2024:0573-1)
2024-03-04 00:00:00
Fedora: Security Advisory for grpc (FEDORA-2023-6cad6e5003)
2023-07-26 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in gRPC
2023-07-27 22:11:35
Security Bulletin: Multiple vulnerabilities present in IBM Answer Retrieval for Watson Discovery versions 2.11 and earlier
2023-06-20 15:24:05
Security Bulletin: A vulnerability in gRPC may affect IBM Robotic Process Automation and result in an attacker obtaining sensitive information. (CVE-2023-32731)
2023-09-20 14:08:37
nvd
nvd
CVE-2023-32731
2023-06-09 11:15:09
CVE-2023-32732
2023-06-09 11:15:09
CVE-2023-4785
2023-09-13 17:15:10
fedora
fedora
[SECURITY] Fedora 38 Update: grpc-1.48.4-8.fc38
2023-07-23 01:29:39
[SECURITY] Fedora 37 Update: grpc-1.48.4-8.fc37
2023-07-23 01:24:39
cgr
cgr
CVE-2023-32732 vulnerabilities
2024-05-19 03:07:16
CVE-2023-32731 vulnerabilities
2024-05-19 03:07:16
CVE-2023-4785 vulnerabilities
2024-05-19 03:07:16
ubuntucve
ubuntucve
CVE-2023-32732
2023-06-09 00:00:00
CVE-2023-32731
2023-06-09 00:00:00
CVE-2023-4785
2023-09-13 00:00:00
cvelist
cvelist
CVE-2023-32732 Denial-of-Service in gRPC
2023-06-09 10:48:15
CVE-2023-32731 Information leak in gRPC
2023-06-09 10:54:08
CVE-2023-4785 Denial of Service in gRPC Core
2023-09-13 16:31:55
wolfi
wolfi
CVE-2023-32732 vulnerabilities
2024-07-03 16:16:08
CVE-2023-32731 vulnerabilities
2024-07-03 16:16:08
CVE-2023-4785 vulnerabilities
2024-07-03 16:16:08
alpinelinux
alpinelinux
CVE-2023-32731
2023-06-09 11:15:00
CVE-2023-4785
2023-09-13 17:15:10
osv
osv
gRPC connection termination issue
2023-07-06 21:15:08
CVE-2023-32731
2023-06-09 11:15:09
Connection confusion in gRPC
2023-07-05 19:12:51
veracode
veracode
Connection Termination
2023-07-13 10:09:03
Connection Confusion
2023-07-07 03:56:21
Denial Of Service
2023-09-20 10:46:22
debiancve
debiancve
CVE-2023-32732
2023-06-09 11:15:09
CVE-2023-32731
2023-06-09 11:15:09
CVE-2023-4785
2023-09-13 17:15:10
prion
prion
Design/Logic Flaw
2023-06-09 11:15:00
Design/Logic Flaw
2023-06-09 11:15:00
Code injection
2023-09-13 17:15:00
github
github
Connection confusion in gRPC
2023-07-05 19:12:51
gRPC connection termination issue
2023-07-06 21:15:08
Denial of Service Vulnerability in gRPC TCP Server (Posix-compatible platforms)
2023-09-13 18:31:26
cve
cve
CVE-2023-32731
2023-06-09 11:15:09
CVE-2023-32732
2023-06-09 11:15:09
CVE-2023-4785
2023-09-13 17:15:10
redhatcve
redhatcve
CVE-2023-32732
2023-06-13 06:35:42
CVE-2023-32731
2023-06-13 06:05:34
CVE-2023-4785
2023-09-15 09:51:43
cbl_mariner
cbl_mariner
CVE-2023-4785 affecting package grpc for versions less than 1.62.0-2
2024-04-17 22:02:46
photon
photon
Moderate Photon OS Security Update - PHSA-2023-5.0-0068
2023-08-08 00:00:00
redhat
redhat
(RHSA-2024:0797) Important: Satellite 6.14.2 Async Security Update
2024-02-13 14:38:17

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.002 Low

EPSS

Percentile

56.4%

JSON
Related for AL2023_ALAS2023-2023-282.NASL
nessus11openvas10ibm17nvd3fedora2cgr3ubuntucve3cvelist3wolfi3alpinelinux2osv6veracode3debiancve3prion3github3cve3redhatcve3cbl_mariner1photon1redhat1