CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
91.1%
The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2021:1214-1 advisory.
nodejs: Use-after-free on close http2 on stream canceling (CVE-2021-22930)
Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection vulnerabilities in applications using the library. (CVE-2021-22931)
If the Node.js https API was used incorrectly and undefined was in passed for the rejectUnauthorized parameter, no error was returned and connections to servers with an expired certificate would have been accepted. (CVE-2021-22939)
Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker might be able to exploit the memory corruption, to change process behavior. (CVE-2021-22940)
c-ares: Missing input validation of host names may lead to domain hijacking (CVE-2021-3672)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable Network Security, Inc.
#
# The package checks in this plugin were extracted from
# openSUSE Security Update openSUSE-SU-2021:1214-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(152942);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/12/01");
script_cve_id(
"CVE-2021-3672",
"CVE-2021-22930",
"CVE-2021-22931",
"CVE-2021-22939",
"CVE-2021-22940"
);
script_xref(name:"IAVB", value:"2021-B-0050-S");
script_name(english:"openSUSE 15 Security Update : nodejs12 (openSUSE-SU-2021:1214-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SUSE15 host has packages installed that are affected by multiple vulnerabilities as referenced in
the openSUSE-SU-2021:1214-1 advisory.
- nodejs: Use-after-free on close http2 on stream canceling (CVE-2021-22930)
- Node.js before 16.6.0, 14.17.4, and 12.22.4 is vulnerable to Remote Code Execution, XSS, Application
crashes due to missing input validation of host names returned by Domain Name Servers in Node.js dns
library which can lead to output of wrong hostnames (leading to Domain Hijacking) and injection
vulnerabilities in applications using the library. (CVE-2021-22931)
- If the Node.js https API was used incorrectly and undefined was in passed for the rejectUnauthorized
parameter, no error was returned and connections to servers with an expired certificate would have been
accepted. (CVE-2021-22939)
- Node.js before 16.6.1, 14.17.5, and 12.22.5 is vulnerable to a use after free attack where an attacker
might be able to exploit the memory corruption, to change process behavior. (CVE-2021-22940)
- c-ares: Missing input validation of host names may lead to domain hijacking (CVE-2021-3672)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188881");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1188917");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1189368");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1189369");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1189370");
# https://lists.opensuse.org/archives/list/[email protected]/thread/ZFSPBU6QGGED7SJWK464GN672ZJB6SMI/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ff3a19b2");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-22930");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-22931");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-22939");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-22940");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2021-3672");
script_set_attribute(attribute:"solution", value:
"Update the affected nodejs12, nodejs12-devel and / or npm12 packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-22931");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/08/11");
script_set_attribute(attribute:"patch_publication_date", value:"2021/08/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/09/01");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nodejs12");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:nodejs12-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:npm12");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:15.2");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var release = get_kb_item('Host/SuSE/release');
if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, 'openSUSE');
var os_ver = pregmatch(pattern: "^SUSE([\d.]+)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'openSUSE');
os_ver = os_ver[1];
if (release !~ "^(SUSE15\.2)$") audit(AUDIT_OS_RELEASE_NOT, 'openSUSE', '15.2', release);
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'openSUSE ' + os_ver, cpu);
var pkgs = [
{'reference':'nodejs12-12.22.5-lp152.3.18.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'nodejs12-devel-12.22.5-lp152.3.18.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'npm12-12.22.5-lp152.3.18.1', 'release':'SUSE15.2', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach package_array ( pkgs ) {
var reference = NULL;
var release = NULL;
var cpu = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = package_array['release'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && release) {
if (rpm_check(release:release, cpu:cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'nodejs12 / nodejs12-devel / npm12');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22930
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22931
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22939
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22940
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3672
www.nessus.org/u?ff3a19b2
bugzilla.suse.com/1188881
bugzilla.suse.com/1188917
bugzilla.suse.com/1189368
bugzilla.suse.com/1189369
bugzilla.suse.com/1189370
www.suse.com/security/cve/CVE-2021-22930
www.suse.com/security/cve/CVE-2021-22931
www.suse.com/security/cve/CVE-2021-22939
www.suse.com/security/cve/CVE-2021-22940
www.suse.com/security/cve/CVE-2021-3672
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
Low
EPSS
Percentile
91.1%