Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.NEWSTART_CGSL_NS-SA-2023-0029_SUDO.NASL
HistoryApr 11, 2023 - 12:00 a.m.

NewStart CGSL CORE 5.04 / MAIN 5.04 : sudo Vulnerability (NS-SA-2023-0029)

2023-04-1100:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
8
newstart cgsl
core 5.04
main 5.04
vulnerability
sudo packages
array-out-of-bounds error
heap-based buffer over-read
local users
sudo
password
cve-2022-43995
nessus scanner

0.0004 Low

EPSS

Percentile

5.1%

JSON

The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has sudo packages installed that are affected by a vulnerability:

  • Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact could vary depending on the system libraries, compiler, and processor architecture. (CVE-2022-43995)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from ZTE advisory NS-SA-2023-0029. The text
# itself is copyright (C) ZTE, Inc.
##

include('compat.inc');

if (description)
{
  script_id(174100);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/11");

  script_cve_id("CVE-2022-43995");

  script_name(english:"NewStart CGSL CORE 5.04 / MAIN 5.04 : sudo Vulnerability (NS-SA-2023-0029)");

  script_set_attribute(attribute:"synopsis", value:
"The remote NewStart CGSL host is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has sudo packages installed that are affected by a
vulnerability:

  - Sudo 1.8.0 through 1.9.12, with the crypt() password backend, contains a plugins/sudoers/auth/passwd.c
    array-out-of-bounds error that can result in a heap-based buffer over-read. This can be triggered by
    arbitrary local users with access to Sudo by entering a password of seven characters or fewer. The impact
    could vary depending on the system libraries, compiler, and processor architecture. (CVE-2022-43995)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/notice/NS-SA-2023-0029");
  script_set_attribute(attribute:"see_also", value:"http://security.gd-linux.com/info/CVE-2022-43995");
  script_set_attribute(attribute:"solution", value:
"Upgrade the vulnerable CGSL sudo packages. Note that updated packages may not be available yet. Please contact ZTE for
more information.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-43995");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/11/02");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/04/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/04/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_core:sudo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_core:sudo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_core:sudo-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:sudo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:sudo-debuginfo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:zte:cgsl_main:sudo-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:zte:cgsl_core:5");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:zte:cgsl_main:5");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"NewStart CGSL Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/ZTE-CGSL/release", "Host/ZTE-CGSL/rpm-list", "Host/cpu");

  exit(0);
}

include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);

var os_release = get_kb_item('Host/ZTE-CGSL/release');
if (isnull(os_release) || os_release !~ "^CGSL (MAIN|CORE)") audit(AUDIT_OS_NOT, 'NewStart Carrier Grade Server Linux');

if (os_release !~ "CGSL CORE 5.04" &&
    os_release !~ "CGSL MAIN 5.04")
  audit(AUDIT_OS_NOT, 'NewStart CGSL CORE 5.04 / NewStart CGSL MAIN 5.04');

if (!get_kb_item('Host/ZTE-CGSL/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'NewStart Carrier Grade Server Linux', cpu);

var flag = 0;

var pkgs = {
  'CGSL CORE 5.04': [
    'sudo-1.8.23-10.el7_9.1.cgslv5_4.0.2.g1fe65c7',
    'sudo-debuginfo-1.8.23-10.el7_9.1.cgslv5_4.0.2.g1fe65c7',
    'sudo-devel-1.8.23-10.el7_9.1.cgslv5_4.0.2.g1fe65c7'
  ],
  'CGSL MAIN 5.04': [
    'sudo-1.8.23-10.el7_9.1.cgslv5_4.0.2.g1fe65c7',
    'sudo-debuginfo-1.8.23-10.el7_9.1.cgslv5_4.0.2.g1fe65c7',
    'sudo-devel-1.8.23-10.el7_9.1.cgslv5_4.0.2.g1fe65c7'
  ]
};
var pkg_list = pkgs[os_release];

foreach (pkg in pkg_list)
  if (rpm_check(release:'ZTE ' + os_release, reference:pkg)) flag++;

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'sudo');
}
VendorProductVersionCPE
ztecgsl_coresudop-cpe:/a:zte:cgsl_core:sudo
ztecgsl_coresudo-debuginfop-cpe:/a:zte:cgsl_core:sudo-debuginfo
ztecgsl_coresudo-develp-cpe:/a:zte:cgsl_core:sudo-devel
ztecgsl_mainsudop-cpe:/a:zte:cgsl_main:sudo
ztecgsl_mainsudo-debuginfop-cpe:/a:zte:cgsl_main:sudo-debuginfo
ztecgsl_mainsudo-develp-cpe:/a:zte:cgsl_main:sudo-devel
ztecgsl_core5cpe:/o:zte:cgsl_core:5
ztecgsl_main5cpe:/o:zte:cgsl_main:5

Related

openvas 25
nessus 29
ubuntucve 1
cve 1
debiancve 1
gentoo 1
redhatcve 1
veracode 1
mageia 1
cbl_mariner 2
alpinelinux 1
cvelist 1
redos 1
freebsd 1
prion 1
osv 1
slackware 1
nvd 1
photon 2
rosalinux 1
openvas
openvas
Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2023-1516)
2023-03-09 00:00:00
Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2023-1400)
2023-02-10 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:4077-1)
2022-11-21 00:00:00
nessus
nessus
EulerOS 2.0 SP11 : sudo (EulerOS-SA-2023-1047)
2023-01-05 00:00:00
GLSA-202211-08 : sudo: Heap-Based Buffer Overread
2022-11-22 00:00:00
NewStart CGSL MAIN 6.06 : sudo Vulnerability (NS-SA-2023-0135)
2023-11-09 00:00:00
ubuntucve
ubuntucve
CVE-2022-43995
2022-11-02 00:00:00
cve
cve
CVE-2022-43995
2022-11-02 14:15:16
debiancve
debiancve
CVE-2022-43995
2022-11-02 14:15:16
gentoo
gentoo
sudo: Heap-Based Buffer Overread
2022-11-22 00:00:00
redhatcve
redhatcve
CVE-2022-43995
2022-11-03 19:55:57
veracode
veracode
Heap-Based Buffer Over-Read
2023-01-25 20:13:57
mageia
mageia
Updated sudo packages fix security vulnerability
2022-11-17 18:45:52
cbl_mariner
cbl_mariner
CVE-2022-43995 affecting package sudo for versions less than 1.9.12p1-1
2022-11-30 04:44:03
CVE-2022-43995 affecting package sudo 1.9.5p2-2
2022-11-24 00:45:36
alpinelinux
alpinelinux
CVE-2022-43995
2022-11-02 14:15:16
cvelist
cvelist
CVE-2022-43995
2022-11-02 00:00:00
redos
redos
ROS-20221121-01
2022-11-21 00:00:00
freebsd
freebsd
sudo -- Potential out-of-bounds write for small passwords
2022-11-07 00:00:00
prion
prion
Heap overflow
2022-11-02 14:15:00
osv
osv
CVE-2022-43995
2022-11-02 14:15:16
slackware
slackware
[slackware-security] sudo
2022-11-05 19:28:47
nvd
nvd
CVE-2022-43995
2022-11-02 14:15:16
photon
photon
Important Photon OS Security Update - PHSA-2022-4.0-0279
2022-11-10 00:00:00
Important Photon OS Security Update - PHSA-2022-3.0-0485
2022-11-10 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2189
2023-07-11 14:30:55

0.0004 Low

EPSS

Percentile

5.1%

JSON
Related for NEWSTART_CGSL_NS-SA-2023-0029_SUDO.NASL
openvas25nessus29ubuntucve1cve1debiancve1gentoo1redhatcve1veracode1mageia1cbl_mariner2alpinelinux1cvelist1redos1freebsd1prion1osv1slackware1nvd1photon2rosalinux1