Lucene search
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2022-4896.NASLHistoryJun 03, 2022 - 12:00 a.m.
RHEL 8 : Red Hat Virtualization security, update [ovirt-4.5.0] (Important) (RHSA-2022:4896)
2022-06-0300:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
97
6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.107 Low
EPSS
Percentile
95.1%
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2022:4896 advisory.
-
zlib: A flaw found in zlib when compressing (not decompressing) certain inputs (CVE-2018-25032)
-
kernel: use-after-free in RDMA listen() (CVE-2021-4028)
-
kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)
-
openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
-
gzip: arbitrary-file-write vulnerability (CVE-2022-1271)
-
rsyslog: Heap-based overflow in TCP syslog server (CVE-2022-24903)
-
kernel: heap out of bounds write in nf_dup_netdev.c (CVE-2022-25636)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2022:4896. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(161818);
script_version("1.11");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/07");
script_cve_id(
"CVE-2018-25032",
"CVE-2021-4028",
"CVE-2021-4083",
"CVE-2022-0778",
"CVE-2022-1271",
"CVE-2022-24903",
"CVE-2022-25636"
);
script_xref(name:"RHSA", value:"2022:4896");
script_xref(name:"IAVA", value:"2024-A-0327");
script_name(english:"RHEL 8 : Red Hat Virtualization security, update [ovirt-4.5.0] (Important) (RHSA-2022:4896)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as
referenced in the RHSA-2022:4896 advisory.
- zlib: A flaw found in zlib when compressing (not decompressing) certain inputs (CVE-2018-25032)
- kernel: use-after-free in RDMA listen() (CVE-2021-4028)
- kernel: fget: check that the fd still exists after getting a ref to it (CVE-2021-4083)
- openssl: Infinite loop in BN_mod_sqrt() reachable when parsing certificates (CVE-2022-0778)
- gzip: arbitrary-file-write vulnerability (CVE-2022-1271)
- rsyslog: Heap-based overflow in TCP syslog server (CVE-2022-24903)
- kernel: heap out of bounds write in nf_dup_netdev.c (CVE-2022-25636)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_4896.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8231ff51");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#important");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2022:4896");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1899821");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1997074");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2020497");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2027201");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2029923");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2038081");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2052963");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2056334");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2056745");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2056830");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2057338");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2057342");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2062202");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2067945");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2073310");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2081353");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2086834");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2090138");
script_set_attribute(attribute:"solution", value:
"Update the affected redhat-virtualization-host-image-update package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:H/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-25636");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-1271");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"exploited_by_malware", value:"true");
script_cwe_id(362, 119, 416, 787, 835, 1173);
script_set_attribute(attribute:"vendor_severity", value:"Important");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/01/18");
script_set_attribute(attribute:"patch_publication_date", value:"2022/06/03");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/06/03");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/layered/rhel8/x86_64/rhv-mgmt-agent/4/debug',
'content/dist/layered/rhel8/x86_64/rhv-mgmt-agent/4/os',
'content/dist/layered/rhel8/x86_64/rhv-mgmt-agent/4/source/SRPMS',
'content/dist/layered/rhel8/x86_64/rhv-tools/4/debug',
'content/dist/layered/rhel8/x86_64/rhv-tools/4/os',
'content/dist/layered/rhel8/x86_64/rhv-tools/4/source/SRPMS',
'content/dist/layered/rhel8/x86_64/rhvh-build/4/debug',
'content/dist/layered/rhel8/x86_64/rhvh-build/4/os',
'content/dist/layered/rhel8/x86_64/rhvh-build/4/source/SRPMS',
'content/dist/layered/rhel8/x86_64/rhvh/4/debug',
'content/dist/layered/rhel8/x86_64/rhvh/4/os',
'content/dist/layered/rhel8/x86_64/rhvh/4/source/SRPMS'
],
'pkgs': [
{'reference':'redhat-virtualization-host-image-update-4.5.0-202205291010_8.6', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-'}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'redhat-virtualization-host-image-update');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | redhat-virtualization-host-image-update | p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host-image-update |
| redhat | enterprise_linux | 8 | cpe:/o:redhat:enterprise_linux:8 |
| redhat | enterprise_linux | redhat-virtualization-host | p-cpe:/a:redhat:enterprise_linux:redhat-virtualization-host |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25032
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4028
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-4083
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0778
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-1271
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24903
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25636
www.nessus.org/u?8231ff51
access.redhat.com/errata/RHSA-2022:4896
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1899821
bugzilla.redhat.com/show_bug.cgi?id=1997074
bugzilla.redhat.com/show_bug.cgi?id=2020497
bugzilla.redhat.com/show_bug.cgi?id=2027201
bugzilla.redhat.com/show_bug.cgi?id=2029923
bugzilla.redhat.com/show_bug.cgi?id=2038081
bugzilla.redhat.com/show_bug.cgi?id=2052963
bugzilla.redhat.com/show_bug.cgi?id=2056334
bugzilla.redhat.com/show_bug.cgi?id=2056745
bugzilla.redhat.com/show_bug.cgi?id=2056830
bugzilla.redhat.com/show_bug.cgi?id=2057338
bugzilla.redhat.com/show_bug.cgi?id=2057342
bugzilla.redhat.com/show_bug.cgi?id=2062202
bugzilla.redhat.com/show_bug.cgi?id=2067945
bugzilla.redhat.com/show_bug.cgi?id=2073310
bugzilla.redhat.com/show_bug.cgi?id=2081353
bugzilla.redhat.com/show_bug.cgi?id=2086834
bugzilla.redhat.com/show_bug.cgi?id=2090138
Related
redhat
redhat
(RHSA-2022:4896) Important: Red Hat Virtualization security, bug fix, and enhancement update [ovirt-4.5.0]
2022-06-02 12:21:19
(RHSA-2022:1535) Important: kpatch-patch security update
2022-04-26 09:53:55
(RHSA-2022:1555) Important: kernel-rt security and bug fix update
2022-04-26 13:50:26
rocky
rocky
kernel-rt security and bug fix update
2022-04-26 13:50:26
kernel security and bug fix update
2022-04-26 13:49:36
rsyslog security update
2022-05-30 07:24:07
nessus
nessus
Rocky Linux 8 : kernel (RLSA-2022:1550)
2022-04-28 00:00:00
RHEL 8 : kpatch-patch (RHSA-2022:1535)
2022-04-27 00:00:00
RHEL 8 : kernel-rt (RHSA-2022:1555)
2022-04-27 00:00:00
oraclelinux
oraclelinux
kernel security and bug fix update
2022-04-27 00:00:00
kernel security, bug fix, and enhancement update
2022-04-06 00:00:00
Unbreakable Enterprise kernel security update
2022-02-28 00:00:00
osv
osv
Important: kernel security and bug fix update
2022-04-26 13:49:36
Important: kernel security and bug fix update
2022-04-26 13:49:36
Important: kernel-rt security and bug fix update
2022-04-26 13:50:26
almalinux
almalinux
Important: kernel security and bug fix update
2022-04-26 13:49:36
Important: rsyslog security update
2022-05-30 07:24:07
virtuozzo
virtuozzo
[Important] [Security] Virtuozzo ReadyKernel patch 140.0 for Virtuozzo Hybrid Server 7.0, 7.5
2022-04-15 00:00:00
Virtuozzo Hybrid Infrastructure 5.0 Update 1.3 (5.0.1-57)
2022-05-25 00:00:00
Virtuozzo Hybrid Infrastructure 4.7 Update 1.4 (4.7.1-53)
2022-05-25 00:00:00
f5
f5
K13559191 : Linux kernel vulnerability CVE-2022-25636
2022-06-09 00:00:00
K37256400 : Linux kernel vulnerability CVE-2021-4028
2022-05-02 00:00:00
redhatcve
redhatcve
cvelist
cvelist
CVE-2022-24903 Buffer overflow in TCP syslog server (receiver) components in rsyslog
2022-05-05 00:00:00
CVE-2022-25636
2022-02-22 01:41:05
CVE-2021-4028
2022-08-24 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for rsyslog (EulerOS-SA-2022-2535)
2022-10-10 00:00:00
Huawei EulerOS: Security Advisory for rsyslog (EulerOS-SA-2022-1979)
2022-07-08 00:00:00
Huawei EulerOS: Security Advisory for rsyslog (EulerOS-SA-2022-2145)
2022-07-29 00:00:00
cbl_mariner
cbl_mariner
CVE-2022-24903 affecting package rsyslog for versions less than 8.2204.1-1
2022-06-03 17:54:05
CVE-2022-24903 affecting package rsyslog 8.37.0-6
2022-06-15 17:03:08
cloudlinux
cloudlinux
Fixed CVE-2022-24903 in rsyslog
2022-06-08 19:49:37
ibm
ibm
fedora
fedora
[SECURITY] Fedora 36 Update: rsyslog-8.2204.0-1.fc36
2022-05-17 01:32:39
[SECURITY] Fedora 35 Update: rsyslog-8.2204.0-1.fc35
2022-05-17 01:56:45
prion
prion
Heap overflow
2022-05-06 00:15:00
Heap overflow
2022-02-24 15:15:00
Design/Logic Flaw
2022-08-24 16:15:00
cve
cve
veracode
veracode
Buffer Overflow
2022-05-11 10:43:59
ubuntu
ubuntu
Rsyslog vulnerability
2022-05-24 00:00:00
Rsyslog vulnerability
2022-05-05 00:00:00
ubuntucve
ubuntucve
debiancve
debiancve
CVE-2022-24903
2022-05-06 00:15:07
CVE-2022-25636
2022-02-24 15:15:31
nvd
nvd
broadcom
broadcom
suse
suse
Security update for rsyslog (important)
2022-05-09 00:00:00
debian
debian
[SECURITY] [DSA 5150-1] rsyslog security update
2022-05-28 19:26:20
thn
thn
New Linux Bug in Netfilter Firewall Module Lets Attackers Gain Root Access
2022-03-14 11:05:00
githubexploit
githubexploit
Exploit for Improper Privilege Management in Linux Linux Kernel
2022-04-05 07:08:09
Exploit for Improper Privilege Management in Linux Linux Kernel
2022-04-23 17:49:30
Exploit for Improper Privilege Management in Linux Linux Kernel
2022-03-07 13:38:41
hivepro
hivepro
redos
redos
ROS-20240403-16
2024-04-03 00:00:00
freebsd
freebsd
rsyslog8 -- heap buffer overflow on receiving TCP syslog
2022-05-05 00:00:00
alpinelinux
alpinelinux
CVE-2022-24903
2022-05-06 00:15:07
rosalinux
rosalinux
Advisory ROSA-SA-2024-2381
2024-03-26 11:41:42
mageia
mageia
Updated rsyslog packages fix security vulnerability
2022-05-08 10:58:48
cnvd
cnvd
Linux kernel elevation of privilege vulnerability (CNVD-2022-69197)
2022-02-24 00:00:00
6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
9.5 High
AI Score
Confidence
High
0.107 Low
EPSS
Percentile
95.1%
Related for REDHAT-RHSA-2022-4896.NASL