Lucene search
This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.ORACLELINUX_ELSA-2020-2938.NASLHistoryJul 20, 2020 - 12:00 a.m.
Oracle Linux 8 : .NET / Core (ELSA-2020-2938)
2020-07-2000:00:00
This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
41
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.862
Percentile
98.6%
From Red Hat Security Advisory 2020:2938 :
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2938 advisory.
- dotnet: XML source markup processing remote code execution (CVE-2020-1147)
Note that Nessus has not tested for this issue but has instead relied only on the applicationâs self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2020:2938 and
# Oracle Linux Security Advisory ELSA-2020-2938 respectively.
#
include('compat.inc');
if (description)
{
script_id(138660);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/04/25");
script_cve_id("CVE-2020-1147");
script_xref(name:"RHSA", value:"2020:2938");
script_xref(name:"CISA-KNOWN-EXPLOITED", value:"2022/05/03");
script_name(english:"Oracle Linux 8 : .NET / Core (ELSA-2020-2938)");
script_set_attribute(attribute:"synopsis", value:
"The remote Oracle Linux host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"From Red Hat Security Advisory 2020:2938 :
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in
the RHSA-2020:2938 advisory.
- dotnet: XML source markup processing remote code
execution (CVE-2020-1147)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2020-July/010130.html");
script_set_attribute(attribute:"solution", value:
"Update the affected .net and / or core packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-1147");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"metasploit_name", value:'SharePoint DataSet / DataTable Deserialization');
script_set_attribute(attribute:"exploit_framework_metasploit", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/07/14");
script_set_attribute(attribute:"patch_publication_date", value:"2020/07/17");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/07/20");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dotnet-host-fxr-2.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dotnet-runtime-2.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dotnet-sdk-2.1");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:dotnet-sdk-2.1.5xx");
script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:8");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Oracle Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux");
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux");
os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux");
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 8", "Oracle Linux " + os_ver);
if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu);
if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu);
flag = 0;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"dotnet-host-fxr-2.1-2.1.20-1.el8_2")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"dotnet-runtime-2.1-2.1.20-1.el8_2")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"dotnet-sdk-2.1-2.1.516-1.el8_2")) flag++;
if (rpm_check(release:"EL8", cpu:"x86_64", reference:"dotnet-sdk-2.1.5xx-2.1.516-1.el8_2")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "dotnet-host-fxr-2.1 / dotnet-runtime-2.1 / dotnet-sdk-2.1 / etc");
}
Related
nessus
nessus
Security Update for .NET Core (July 2020)
2020-07-14 00:00:00
Security Update for .NET Core SDK (July 2020)
2020-07-14 00:00:00
RHEL 8 : .NET Core 3.1 (RHSA-2020:2954)
2020-07-20 00:00:00
mskb
mskb
oraclelinux
oraclelinux
.NET Core security and bugfix update
2020-07-16 00:00:00
.NET Core 3.1 security and bugfix update
2020-07-17 00:00:00
openvas
openvas
Microsoft .NET Framework Remote Code Execution Vulnerability (KB4565630)
2020-07-15 00:00:00
Microsoft .NET Framework Remote Code Execution Vulnerability (KB4565633)
2020-07-15 00:00:00
Microsoft .NET Framework Remote Code Execution Vulnerability (KB4566516)
2020-07-15 00:00:00
attackerkb
attackerkb
CVE-2020-1147
2020-07-14 00:00:00
exploitdb
exploitdb
Microsoft SharePoint Server 2019 - Remote Code Execution
2020-08-17 00:00:00
Microsoft SharePoint Server 2019 - Remote Code Execution (2)
2021-07-23 00:00:00
redhat
redhat
checkpoint_advisories
checkpoint_advisories
Microsoft Windows Multiple Products Remote Code Execution (CVE-2020-1147)
2020-07-14 00:00:00
redhatcve
redhatcve
CVE-2020-1147
2020-07-14 18:14:49
osv
osv
.NET Framework, SharePoint Server, and Visual Studio Remote Code Execution Vulnerability
2022-05-24 17:22:57
CVE-2020-1147
2020-07-14 23:15:12
veracode
veracode
Remote Code Execution (RCE)
2020-07-16 02:45:18
Remote Code Execution (RCE)
2020-07-16 06:42:13
mscve
mscve
nvd
nvd
CVE-2020-1147
2020-07-14 23:15:12
packetstorm
packetstorm
SharePoint DataSet / DataTable Deserialization
2020-07-31 00:00:00
Microsoft SharePoint Server 2019 Remote Code Execution
2020-08-17 00:00:00
Microsoft SharePoint Server 2019 Remote Code Execution
2021-07-23 00:00:00
zdt
zdt
SharePoint DataSet / DataTable Deserialization Exploit
2020-08-01 00:00:00
Microsoft SharePoint Server 2019 - Remote Code Execution Exploit
2020-08-18 00:00:00
Microsoft SharePoint Server 2019 - Remote Code Execution Exploit (2)
2021-07-23 00:00:00
cisa_kev
cisa_kev
prion
prion
Remote code execution
2020-07-14 23:15:00
metasploit
metasploit
SharePoint DataSet / DataTable Deserialization
2020-07-29 15:58:38
cve
cve
CVE-2020-1147
2020-07-14 23:15:12
github
github
cvelist
cvelist
CVE-2020-1147
2020-07-14 22:54:00
altlinux
altlinux
kaspersky
kaspersky
KLA11859 Multiple vulnerabilities in Microsoft Developer Tools
2020-07-14 00:00:00
KLA11864 Multiple vulnerabilities in Microsoft Office
2020-07-14 00:00:00
qualysblog
qualysblog
avleonov
avleonov
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
7.8
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS
0.862
Percentile
98.6%
Related for ORACLELINUX_ELSA-2020-2938.NASL