Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALASANSIBLE2-2023-005.NASLHistorySep 27, 2023 - 12:00 a.m.
Amazon Linux 2 : ansible (ALASANSIBLE2-2023-005)
2023-09-2700:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
amazon linux 2
ansible
vulnerability
alasansible2-2023-005
flaw
gpg signatures
dnf module
cve-2020-14365
nessus
self-reported version.
6.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:C/A:C
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
0.0004 Low
EPSS
Percentile
12.8%
The version of ansible installed on the remote host is prior to 2.9.13-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2ANSIBLE2-2023-005 advisory.
- A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads to malicious packages being installed on the system and arbitrary code executed via package installation scripts. The highest threat from this vulnerability is to integrity and system availability.
(CVE-2020-14365)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALASANSIBLE2-2023-005.
##
include('compat.inc');
if (description)
{
script_id(181973);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/27");
script_cve_id("CVE-2020-14365");
script_xref(name:"IAVB", value:"2020-B-0073-S");
script_name(english:"Amazon Linux 2 : ansible (ALASANSIBLE2-2023-005)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The version of ansible installed on the remote host is prior to 2.9.13-1. It is, therefore, affected by a vulnerability
as referenced in the ALAS2ANSIBLE2-2023-005 advisory.
- A flaw was found in the Ansible Engine, in ansible-engine 2.8.x before 2.8.15 and ansible-engine 2.9.x
before 2.9.13, when installing packages using the dnf module. GPG signatures are ignored during
installation even when disable_gpg_check is set to False, which is the default behavior. This flaw leads
to malicious packages being installed on the system and arbitrary code executed via package installation
scripts. The highest threat from this vulnerability is to integrity and system availability.
(CVE-2020-14365)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALASANSIBLE2-2023-005.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2020-14365.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
script_set_attribute(attribute:"solution", value:
"Run 'yum update ansible' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-14365");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/09/01");
script_set_attribute(attribute:"patch_publication_date", value:"2023/08/21");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ansible");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:ansible-doc");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var pkgs = [
{'reference':'ansible-2.9.13-1.amzn2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ansible2'},
{'reference':'ansible-doc-2.9.13-1.amzn2', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ansible2'}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ansible / ansible-doc");
}Related
nessus
nessus
RHEL 7 / 8 : Ansible security update (2.9.13) (Important) (RHSA-2020:3602)
2020-09-01 00:00:00
RHEL 7 / 8 : Ansible security update (2.9.13) (Important) (RHSA-2020:3601)
2020-09-01 00:00:00
RHEL 7 / 8 : Ansible security update (2.8.15) (Important) (RHSA-2020:3600)
2020-09-01 00:00:00
osv
osv
Improper Verification of Cryptographic Signature in ansible
2021-04-20 16:44:07
PYSEC-2020-209
2020-09-23 13:15:00
CVE-2020-14365
2020-09-23 13:15:15
redhatcve
redhatcve
CVE-2020-14365
2020-08-31 07:27:59
ubuntucve
ubuntucve
CVE-2020-14365
2020-09-23 00:00:00
nvd
nvd
CVE-2020-14365
2020-09-23 13:15:15
openvas
openvas
Fedora: Security Advisory for ansible (FEDORA-2020-c3e6f30f53)
2020-09-26 00:00:00
Fedora: Security Advisory for ansible (FEDORA-2020-0450cfd7e3)
2020-09-13 00:00:00
Mageia: Security Advisory (MGASA-2020-0363)
2022-01-28 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: ansible-2.9.13-1.fc31
2020-09-12 16:37:36
[SECURITY] Fedora 33 Update: ansible-2.9.13-1.fc33
2020-09-25 17:14:52
[SECURITY] Fedora 32 Update: ansible-2.9.13-1.fc32
2020-09-08 15:27:25
veracode
veracode
Man-in-the-Middle (MitM)
2020-09-01 02:09:27
debiancve
debiancve
CVE-2020-14365
2020-09-23 13:15:15
cvelist
cvelist
CVE-2020-14365
2020-09-23 12:25:47
alpinelinux
alpinelinux
CVE-2020-14365
2020-09-23 13:15:15
redhat
redhat
prion
prion
Design/Logic Flaw
2020-09-23 13:15:00
github
github
Improper Verification of Cryptographic Signature in ansible
2021-04-20 16:44:07
cve
cve
CVE-2020-14365
2020-09-23 13:15:15
f5
f5
K52013062 : Ansible Engine vulnerability CVE-2020-14365
2021-11-15 00:00:00
ibm
ibm
mageia
mageia
Updated ansible package fixes security vulnerabilities
2020-09-05 12:34:29
debian
debian
[SECURITY] [DSA 4950-1] ansible security update
2021-08-07 09:26:39
6.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:N/I:C/A:C
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
0.0004 Low
EPSS
Percentile
12.8%
Related for AL2_ALASANSIBLE2-2023-005.NASL