Lucene search
This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DLA-2171.NASLHistoryApr 10, 2020 - 12:00 a.m.
Debian DLA-2171-1 : ceph security update
2020-04-1000:00:00
This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
13
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.006 Low
EPSS
Percentile
77.7%
It was discovered that there was a header-splitting vulnerability in ceph, a distributed storage and file system.
For Debian 8 ‘Jessie’, this issue has been fixed in ceph version 0.80.7-2+deb8u4.
We recommend that you upgrade your ceph packages.
NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DLA-2171-1. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(135364);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");
script_cve_id("CVE-2020-1760");
script_name(english:"Debian DLA-2171-1 : ceph security update");
script_summary(english:"Checks dpkg output for the updated packages.");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"It was discovered that there was a header-splitting vulnerability in
ceph, a distributed storage and file system.
For Debian 8 'Jessie', this issue has been fixed in ceph version
0.80.7-2+deb8u4.
We recommend that you upgrade your ceph packages.
NOTE: Tenable Network Security has extracted the preceding description
block directly from the DLA security advisory. Tenable has attempted
to automatically clean and format it as much as possible without
introducing additional issues."
);
script_set_attribute(
attribute:"see_also",
value:"https://lists.debian.org/debian-lts-announce/2020/04/msg00005.html"
);
script_set_attribute(
attribute:"see_also",
value:"https://packages.debian.org/source/jessie/ceph"
);
script_set_attribute(attribute:"solution", value:"Upgrade the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-1760");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ceph");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ceph-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ceph-common-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ceph-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ceph-fs-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ceph-fs-common-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ceph-fuse");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ceph-fuse-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ceph-mds");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ceph-mds-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ceph-resource-agents");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ceph-test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:ceph-test-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcephfs-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcephfs-java");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcephfs-jni");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcephfs-jni-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcephfs1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:libcephfs1-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:librados-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:librados2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:librados2-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:librbd-dev");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:librbd1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:librbd1-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:python-ceph");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:radosgw");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:radosgw-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:rbd-fuse");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:rbd-fuse-dbg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:rest-bench");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:rest-bench-dbg");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/04/23");
script_set_attribute(attribute:"patch_publication_date", value:"2020/04/09");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/10");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"8.0", prefix:"ceph", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"ceph-common", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"ceph-common-dbg", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"ceph-dbg", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"ceph-fs-common", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"ceph-fs-common-dbg", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"ceph-fuse", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"ceph-fuse-dbg", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"ceph-mds", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"ceph-mds-dbg", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"ceph-resource-agents", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"ceph-test", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"ceph-test-dbg", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"libcephfs-dev", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"libcephfs-java", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"libcephfs-jni", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"libcephfs-jni-dbg", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"libcephfs1", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"libcephfs1-dbg", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"librados-dev", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"librados2", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"librados2-dbg", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"librbd-dev", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"librbd1", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"librbd1-dbg", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"python-ceph", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"radosgw", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"radosgw-dbg", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"rbd-fuse", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"rbd-fuse-dbg", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"rest-bench", reference:"0.80.7-2+deb8u4")) flag++;
if (deb_check(release:"8.0", prefix:"rest-bench-dbg", reference:"0.80.7-2+deb8u4")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| debian | debian_linux | ceph | p-cpe:/a:debian:debian_linux:ceph |
| debian | debian_linux | ceph-common | p-cpe:/a:debian:debian_linux:ceph-common |
| debian | debian_linux | ceph-common-dbg | p-cpe:/a:debian:debian_linux:ceph-common-dbg |
| debian | debian_linux | ceph-dbg | p-cpe:/a:debian:debian_linux:ceph-dbg |
| debian | debian_linux | ceph-fs-common | p-cpe:/a:debian:debian_linux:ceph-fs-common |
| debian | debian_linux | ceph-fs-common-dbg | p-cpe:/a:debian:debian_linux:ceph-fs-common-dbg |
| debian | debian_linux | ceph-fuse | p-cpe:/a:debian:debian_linux:ceph-fuse |
| debian | debian_linux | ceph-fuse-dbg | p-cpe:/a:debian:debian_linux:ceph-fuse-dbg |
| debian | debian_linux | ceph-mds | p-cpe:/a:debian:debian_linux:ceph-mds |
| debian | debian_linux | ceph-mds-dbg | p-cpe:/a:debian:debian_linux:ceph-mds-dbg |
Related
osv
osv
CVE-2020-1760
2020-04-23 15:15:14
ceph - security update
2020-04-09 00:00:00
ceph vulnerabilities
2020-09-22 11:17:52
cve
cve
CVE-2020-1760
2020-04-23 15:15:14
nessus
nessus
EulerOS Virtualization 3.0.2.6 : ceph-common (EulerOS-SA-2021-2897)
2022-01-06 00:00:00
EulerOS 2.0 SP3 : ceph-common (EulerOS-SA-2022-1157)
2022-02-23 00:00:00
SUSE SLES12 Security Update : ceph (SUSE-SU-2020:0962-1)
2020-04-10 00:00:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2020:0962-1)
2021-04-19 00:00:00
Huawei EulerOS: Security Advisory for ceph (EulerOS-SA-2022-1558)
2022-04-25 00:00:00
Huawei EulerOS: Security Advisory for ceph-common (EulerOS-SA-2021-2897)
2021-12-31 00:00:00
prion
prion
Input validation
2020-04-23 15:15:00
redhatcve
redhatcve
CVE-2020-1760
2020-04-07 07:05:37
debian
debian
[SECURITY] [DLA 2171-1] ceph security update
2020-04-09 11:29:20
[SECURITY] [DLA 2735-1] ceph security update
2021-08-10 22:05:10
[SECURITY] [DLA 3629-1] ceph security update
2023-10-23 16:59:44
nvd
nvd
CVE-2020-1760
2020-04-23 15:15:14
alpinelinux
alpinelinux
CVE-2020-1760
2020-04-23 15:15:14
debiancve
debiancve
CVE-2020-1760
2020-04-23 15:15:14
cvelist
cvelist
CVE-2020-1760
2020-04-23 00:00:00
veracode
veracode
Cross-Site Scripting (XSS)
2020-07-21 04:11:58
ubuntucve
ubuntucve
CVE-2020-1760
2020-04-23 00:00:00
freebsd
freebsd
ceph14 -- multiple security issues
2020-04-07 00:00:00
suse
suse
Security update for ceph (important)
2020-04-10 00:00:00
fedora
fedora
[SECURITY] Fedora 31 Update: ceph-14.2.9-1.fc31
2020-05-07 04:21:05
redhat
redhat
ubuntu
ubuntu
Ceph vulnerabilities
2020-09-22 00:00:00
archlinux
archlinux
[ASA-202011-22] ceph: multiple issues
2020-11-26 00:00:00
gentoo
gentoo
Ceph: Multiple vulnerabilities
2021-05-26 00:00:00
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
0.006 Low
EPSS
Percentile
77.7%
Related for DEBIAN_DLA-2171.NASL