Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.OPENSUSE-2020-554.NASL
HistoryApr 27, 2020 - 12:00 a.m.

openSUSE Security Update : kubernetes (openSUSE-2020-554) (Dirty COW)

2020-04-2700:00:00
This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
22

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.879 High

EPSS

Percentile

98.7%

JSON

This update introduces kubernetes version 1.14.1 and cri-o 1.17.1 to Leap 15.1.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from openSUSE Security Update openSUSE-2020-554.
#
# The text description of this plugin is (C) SUSE LLC.
#

include('deprecated_nasl_level.inc');
include("compat.inc");

if (description)
{
  script_id(136011);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2022/03/09");

  script_cve_id("CVE-2016-5195", "CVE-2016-8859", "CVE-2017-1002101", "CVE-2018-1002105", "CVE-2018-16873", "CVE-2018-16874", "CVE-2019-10214");
  script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/03/24");

  script_name(english:"openSUSE Security Update : kubernetes (openSUSE-2020-554) (Dirty COW)");
  script_summary(english:"Check for the openSUSE-2020-554 patch");

  script_set_attribute(
    attribute:"synopsis",
    value:"The remote openSUSE host is missing a security update."
  );
  script_set_attribute(
    attribute:"description",
    value:
"This update introduces kubernetes version 1.14.1 and cri-o 1.17.1 to
Leap 15.1."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1039663"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1042383"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1042387"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1057277"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1059207"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1061027"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1065972"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1069469"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084765"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1084766"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1085009"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086185"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1086412"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1095131"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1095154"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1096773"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1097473"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1100838"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1101010"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104598"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1104821"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1112980"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118897"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1118898"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1136403"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1144065"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1155323"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1161056"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugzilla.opensuse.org/show_bug.cgi?id=1161179"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://features.opensuse.org/325820"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://features.opensuse.org/326485"
  );
  script_set_attribute(
    attribute:"solution",
    value:"Update the affected kubernetes packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1002105");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_core", value:"true");
  script_set_attribute(attribute:"exploited_by_malware", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cri-o");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cri-o-kubeadm-criconfig");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:cri-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:go1.14");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:go1.14-race");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kubernetes-apiserver");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kubernetes-client");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kubernetes-controller-manager");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kubernetes-kubeadm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kubernetes-kubelet-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kubernetes-kubelet1.17");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kubernetes-kubelet1.18");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kubernetes-master");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kubernetes-node");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kubernetes-proxy");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:kubernetes-scheduler");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2016/11/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2020/04/26");
  script_set_attribute(attribute:"plugin_publication_date", value:"2020/04/27");
  script_set_attribute(attribute:"in_the_news", value:"true");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2020-2022 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"SuSE Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/SuSE/release");
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
if (release !~ "^(SUSE15\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "15.1", release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

ourarch = get_kb_item("Host/cpu");
if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
if (ourarch !~ "^(x86_64)$") audit(AUDIT_ARCH_NOT, "x86_64", ourarch);

flag = 0;

if ( rpm_check(release:"SUSE15.1", reference:"cri-o-1.17.1-lp151.2.2") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"cri-o-kubeadm-criconfig-1.17.1-lp151.2.2") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"cri-tools-1.18.0-lp151.2.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"go1.14-1.14-lp151.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"go1.14-race-1.14-lp151.6.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kubernetes-apiserver-1.18.0-lp151.5.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kubernetes-client-1.18.0-lp151.5.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kubernetes-controller-manager-1.18.0-lp151.5.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kubernetes-kubeadm-1.18.0-lp151.5.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kubernetes-kubelet-common-1.18.0-lp151.5.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kubernetes-kubelet1.17-1.18.0-lp151.5.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kubernetes-kubelet1.18-1.18.0-lp151.5.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kubernetes-master-1.18.0-lp151.5.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kubernetes-node-1.18.0-lp151.5.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kubernetes-proxy-1.18.0-lp151.5.1") ) flag++;
if ( rpm_check(release:"SUSE15.1", reference:"kubernetes-scheduler-1.18.0-lp151.5.1") ) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "cri-o / cri-o-kubeadm-criconfig / cri-tools / go1.14 / go1.14-race / etc");
}
VendorProductVersionCPE
novellopensusecri-op-cpe:/a:novell:opensuse:cri-o
novellopensusecri-o-kubeadm-criconfigp-cpe:/a:novell:opensuse:cri-o-kubeadm-criconfig
novellopensusecri-toolsp-cpe:/a:novell:opensuse:cri-tools
novellopensusego1.14p-cpe:/a:novell:opensuse:go1.14
novellopensusego1.14-racep-cpe:/a:novell:opensuse:go1.14-race
novellopensusekubernetes-apiserverp-cpe:/a:novell:opensuse:kubernetes-apiserver
novellopensusekubernetes-clientp-cpe:/a:novell:opensuse:kubernetes-client
novellopensusekubernetes-controller-managerp-cpe:/a:novell:opensuse:kubernetes-controller-manager
novellopensusekubernetes-kubeadmp-cpe:/a:novell:opensuse:kubernetes-kubeadm
novellopensusekubernetes-kubelet-commonp-cpe:/a:novell:opensuse:kubernetes-kubelet-common
Rows per page:
1-10 of 171

References

Related

openvas 39
suse 18
nessus 50
mageia 2
archlinux 2
fedora 8
arista 1
amazon 1
ibm 3
gentoo 3
oraclelinux 2
alpinelinux 1
osv 11
debian 1
nvd 6
debiancve 6
cve 6
prion 5
ubuntucve 5
cvelist 6
github 2
redhat 5
redhatcve 5
veracode 6
coalfire 1
qualysblog 1
threatpost 1
exploitpack 2
openvas
openvas
openSUSE: Security Advisory for kubernetes (openSUSE-SU-2020:0554-1)
2020-04-27 00:00:00
openSUSE: Security Advisory for go1.10 (openSUSE-SU-2018:4255-1)
2018-12-23 00:00:00
openSUSE: Security Advisory for go1.11 (openSUSE-SU-2018:4181-1)
2018-12-20 00:00:00
suse
suse
Security update for kubernetes (important)
2020-04-26 00:00:00
Security update for docker (moderate)
2019-02-16 00:00:00
Security update for go1.11 (important)
2018-12-19 12:09:04
nessus
nessus
SUSE SLES15 Security Update : helm-mirror (SUSE-SU-2019:0048-1)
2019-01-10 00:00:00
GLSA-201812-09 : Go: Multiple vulnerabilities
2018-12-24 00:00:00
Amazon Linux AMI : golang (ALAS-2018-1130)
2018-12-17 00:00:00
mageia
mageia
Updated docker packages fix security vulnerability
2019-05-19 14:27:30
Updated golang packages fix security vulnerability
2019-02-13 14:08:25
archlinux
archlinux
[ASA-201812-11] go: multiple issues
2018-12-18 00:00:00
[ASA-201812-12] go-pie: multiple issues
2018-12-18 00:00:00
fedora
fedora
[SECURITY] Fedora 28 Update: golang-1.10.7-1.fc28
2019-01-11 03:00:42
[SECURITY] Fedora 29 Update: golang-1.11.4-1.fc29
2019-01-11 04:35:42
[SECURITY] Fedora 29 Update: golang-1.11.5-1.fc29
2019-02-05 02:18:52
arista
arista
Security Advisory 0039
2019-01-16 00:00:00
amazon
amazon
Important: golang
2018-12-14 18:50:00
ibm
ibm
Security Bulletin: IBM Cloud Private for Data is affected by multiple vulnerabilties in Go Language (CVE-2018-16874, CVE-2018-16873, CVE-2018-16875)
2019-10-03 22:50:40
Security Bulletin: IBM API Connect is affected by a critical privilege escalation vulnerability in Kubernetes (CVE-2018-1002105)
2018-12-18 16:05:01
Security Bulletin: A Security Vulnerability Has Been Identified In IBM Cloud Private shipped with IBM Cloud Private for Data - CVE-ID: CVE-2018-1002105
2019-10-03 22:50:40
gentoo
gentoo
Go: Multiple vulnerabilities
2018-12-21 00:00:00
TRE: Multiple vulnerabilities
2020-07-27 00:00:00
musl: Integer overflow
2017-01-02 00:00:00
oraclelinux
oraclelinux
kubernetes security update
2019-02-14 00:00:00
kubernetes security update
2018-12-11 00:00:00
alpinelinux
alpinelinux
CVE-2016-8859
2017-02-13 18:59:00
osv
osv
tre - security update
2016-10-27 00:00:00
CVE-2016-8859
2017-02-13 18:59:00
CVE-2019-10214
2019-11-25 11:15:11
debian
debian
[SECURITY] [DLA 687-1] tre security update
2016-10-27 20:09:34
nvd
nvd
CVE-2016-8859
2017-02-13 18:59:00
CVE-2018-1002105
2018-12-05 21:29:00
CVE-2017-1002101
2018-03-13 17:29:00
debiancve
debiancve
CVE-2016-8859
2017-02-13 18:59:00
CVE-2017-1002101
2018-03-13 17:29:00
CVE-2018-1002105
2018-12-05 21:29:00
cve
cve
CVE-2016-8859
2017-02-13 18:59:00
CVE-2017-1002101
2018-03-13 17:29:00
CVE-2018-16874
2018-12-14 14:29:00
prion
prion
Integer overflow
2017-02-13 18:59:00
Authorization
2019-11-25 11:15:00
Design/Logic Flaw
2018-03-13 17:29:00
ubuntucve
ubuntucve
CVE-2016-8859
2017-02-13 00:00:00
CVE-2017-1002101
2018-03-13 00:00:00
CVE-2018-16873
2018-12-14 00:00:00
cvelist
cvelist
CVE-2016-8859
2017-02-13 18:00:00
CVE-2019-10214
2019-11-25 10:41:15
CVE-2018-1002105
2018-12-05 21:00:00
github
github
Privilege Escalation in Kubernetes
2022-02-15 01:57:18
containers/image library Insufficiently Protects Credentials
2022-02-15 01:57:18
redhat
redhat
(RHSA-2018:3754) Critical: OpenShift Container Platform 3.3 security update
2018-12-03 17:17:50
(RHSA-2019:2825) Moderate: OpenShift Container Platform 4.1.17 cri-o security update
2019-09-25 06:30:05
(RHSA-2018:3598) Critical: OpenShift Container Platform 3.6 security update
2018-12-03 17:20:18
redhatcve
redhatcve
CVE-2017-1002101
2018-03-12 16:19:36
CVE-2018-16874
2018-12-14 02:21:18
CVE-2018-16873
2018-12-14 02:19:57
veracode
veracode
Information Disclosure
2019-09-24 00:19:31
Privilege Escalation
2018-12-04 04:23:48
Directory Traversal
2019-01-15 09:22:08
coalfire
coalfire
Kubernetes Vulnerability: What You Can and Should Do to Protect Your Enterprise
2018-12-07 22:37:45
qualysblog
qualysblog
Container Security Becomes a Priority for Enterprises
2019-01-09 17:00:14
threatpost
threatpost
Kubernetes Flaw is a "Huge Deal," Lays Open Cloud Deployments
2018-12-05 15:47:59
exploitpack
exploitpack
Kubernetes - (Unauthenticated) Arbitrary Requests
2018-12-10 00:00:00
Kubernetes - (Authenticated) Arbitrary Requests
2018-12-10 00:00:00

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

0.879 High

EPSS

Percentile

98.7%

JSON
Related for OPENSUSE-2020-554.NASL
openvas39suse18nessus50mageia2archlinux2fedora8arista1amazon1ibm3gentoo3oraclelinux2alpinelinux1osv11debian1nvd6debiancve6cve6prion5ubuntucve5cvelist6github2redhat5redhatcve5veracode6coalfire1qualysblog1threatpost1exploitpack2