Lucene search
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2021-2705.NASLHistoryNov 11, 2021 - 12:00 a.m.
EulerOS 2.0 SP9 : cloud-init (EulerOS-SA-2021-2705)
2021-11-1100:00:00
This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
14
euleros
cloud-init
vulnerability
password
log file
local user
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
5.8
Confidence
High
EPSS
0
Percentile
5.1%
According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
- When instructing cloud-init to set a random password for a new user account, versions before 21.2 would write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a local user to log in as another user. (CVE-2021-3429)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(155236);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/24");
script_cve_id("CVE-2021-3429");
script_name(english:"EulerOS 2.0 SP9 : cloud-init (EulerOS-SA-2021-2705)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing a security update.");
script_set_attribute(attribute:"description", value:
"According to the versions of the cloud-init package installed, the EulerOS installation on the remote host is affected
by the following vulnerabilities :
- When instructing cloud-init to set a random password for a new user account, versions before 21.2 would
write that password to the world-readable log file /var/log/cloud-init-output.log. This could allow a
local user to log in as another user. (CVE-2021-3429)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2021-2705
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c04bbc72");
script_set_attribute(attribute:"solution", value:
"Update the affected cloud-init packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3429");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/03/18");
script_set_attribute(attribute:"patch_publication_date", value:"2021/11/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/11/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:cloud-init");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP9");
var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(9)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP9");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP9", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
var flag = 0;
var pkgs = [
"cloud-init-17.1-16.h7.eulerosv2r9"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"9", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cloud-init");
}
Related
nessus
nessus
Rocky Linux 8 : cloud-init (RLSA-2021:3081)
2022-02-09 00:00:00
CentOS 8 : cloud-init (CESA-2021:3081)
2021-08-16 00:00:00
Debian DLA-2601-1 : cloud-init security update
2021-03-22 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2021-2705)
2021-11-12 00:00:00
Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2021-2680)
2021-11-12 00:00:00
Mageia: Security Advisory (MGASA-2021-0494)
2022-01-28 00:00:00
debian
debian
[SECURITY] [DLA 2601-1] cloud-init security update
2021-03-20 02:39:36
redhat
redhat
(RHSA-2021:3081) Moderate: cloud-init security update
2021-08-10 12:01:15
(RHSA-2021:3371) Moderate: cloud-init security update
2021-08-31 08:21:52
(RHSA-2021:3177) Moderate: cloud-init security update
2021-08-17 07:53:21
mageia
mageia
Updated cloud-init packages fix security vulnerability
2021-10-29 22:32:22
almalinux
almalinux
Moderate: cloud-init security update
2021-08-10 12:01:15
cvelist
cvelist
CVE-2021-3429 sensitive data exposure in cloud-init logs
2023-04-19 21:42:02
prion
prion
Default credentials
2023-04-19 22:15:00
amazon
amazon
Medium: cloud-init
2021-03-18 18:06:00
Medium: cloud-init
2021-03-18 17:22:00
rocky
rocky
cloud-init security update
2021-08-10 12:01:15
ubuntucve
ubuntucve
CVE-2021-3429
2023-04-19 00:00:00
osv
osv
cloud-init - security update
2021-03-20 00:00:00
CVE-2021-3429
2023-04-19 22:15:10
Moderate: cloud-init security update
2021-08-10 12:01:15
alpinelinux
alpinelinux
CVE-2021-3429
2023-04-19 22:15:10
redhatcve
redhatcve
CVE-2021-3429
2021-04-02 13:48:49
oraclelinux
oraclelinux
cloud-init security update
2021-08-12 00:00:00
debiancve
debiancve
CVE-2021-3429
2023-04-19 22:15:10
cve
cve
CVE-2021-3429
2023-04-19 22:15:10
nvd
nvd
CVE-2021-3429
2023-04-19 22:15:10
rosalinux
rosalinux
Advisory ROSA-SA-2024-2410
2024-05-02 07:56:56
CVSS3
5.5
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
AI Score
5.8
Confidence
High
EPSS
0
Percentile
5.1%
Related for EULEROS_SA-2021-2705.NASL