This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.EULEROS_SA-2022-1708.NASLEulerOS 2.0 SP3 : ceph-common (EulerOS-SA-2022-1708)
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.005 Low
EPSS
Percentile
76.7%
According to the versions of the ceph-common packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities :
-
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. Ceph versions 3.x and 4.x are vulnerable to this issue. (CVE-2020-10753)
-
A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader tag in the CORS configuration file generates a header injection in the response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account for the use of \r as a header separator, thus a new flaw has been created. (CVE-2021-3524)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(161607);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/05/27");
script_cve_id("CVE-2020-10753", "CVE-2021-3524");
script_name(english:"EulerOS 2.0 SP3 : ceph-common (EulerOS-SA-2022-1708)");
script_set_attribute(attribute:"synopsis", value:
"The remote EulerOS host is missing multiple security updates.");
script_set_attribute(attribute:"description", value:
"According to the versions of the ceph-common packages installed, the EulerOS installation on the remote host is affected
by the following vulnerabilities :
- A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway). The vulnerability is related
to the injection of HTTP headers via a CORS ExposeHeader tag. The newline character in the ExposeHeader
tag in the CORS configuration file generates a header injection in the response when the CORS request is
made. Ceph versions 3.x and 4.x are vulnerable to this issue. (CVE-2020-10753)
- A flaw was found in the Red Hat Ceph Storage RadosGW (Ceph Object Gateway) in versions before 14.2.21. The
vulnerability is related to the injection of HTTP headers via a CORS ExposeHeader tag. The newline
character in the ExposeHeader tag in the CORS configuration file generates a header injection in the
response when the CORS request is made. In addition, the prior bug fix for CVE-2020-10753 did not account
for the use of \r as a header separator, thus a new flaw has been created. (CVE-2021-3524)
Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security
advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional
issues.");
# https://developer.huaweicloud.com/ict/en/site-euleros/euleros/security-advisories/EulerOS-SA-2022-1708
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?400c1cd6");
script_set_attribute(attribute:"solution", value:
"Update the affected ceph-common packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-3524");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/06/26");
script_set_attribute(attribute:"patch_publication_date", value:"2022/05/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/05/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:ceph-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:librados2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:librbd1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-rados");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:huawei:euleros:python-rbd");
script_set_attribute(attribute:"cpe", value:"cpe:/o:huawei:euleros:2.0");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Huawei Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/EulerOS/release", "Host/EulerOS/rpm-list", "Host/EulerOS/sp");
script_exclude_keys("Host/EulerOS/uvp_version");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item("Host/EulerOS/release");
if (isnull(release) || release !~ "^EulerOS") audit(AUDIT_OS_NOT, "EulerOS");
var uvp = get_kb_item("Host/EulerOS/uvp_version");
if (release !~ "^EulerOS release 2\.0(\D|$)") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
var sp = get_kb_item("Host/EulerOS/sp");
if (isnull(sp) || sp !~ "^(3)$") audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3");
if (!empty_or_null(uvp)) audit(AUDIT_OS_NOT, "EulerOS 2.0 SP3", "EulerOS UVP " + uvp);
if (!get_kb_item("Host/EulerOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "EulerOS", cpu);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i686 / x86_64", cpu);
var flag = 0;
var pkgs = [
"ceph-common-0.80.7-4.h2",
"librados2-0.80.7-4.h2",
"librbd1-0.80.7-4.h2",
"python-rados-0.80.7-4.h2",
"python-rbd-0.80.7-4.h2"
];
foreach (var pkg in pkgs)
if (rpm_check(release:"EulerOS-2.0", sp:"3", reference:pkg)) flag++;
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ceph-common");
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| huawei | euleros | ceph-common | p-cpe:/a:huawei:euleros:ceph-common |
| huawei | euleros | librados2 | p-cpe:/a:huawei:euleros:librados2 |
| huawei | euleros | librbd1 | p-cpe:/a:huawei:euleros:librbd1 |
| huawei | euleros | python-rados | p-cpe:/a:huawei:euleros:python-rados |
| huawei | euleros | python-rbd | p-cpe:/a:huawei:euleros:python-rbd |
| huawei | euleros | 2.0 | cpe:/o:huawei:euleros:2.0 |
Related
4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
0.005 Low
EPSS
Percentile
76.7%