The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.
golang: arbitrary command execution via VCS path (CVE-2018-7187)
golang: Command-line arguments may overwrite global data (CVE-2021-38297)
On Darwin, user’s trust preferences for root certificates were not honored. If the user had a root certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a connection using that root certificate. (CVE-2017-1000097)
In Go before 1.10.6 and 1.11.x before 1.11.3, the go get command is vulnerable to directory traversal when executed with the import path of a malicious Go package which contains curly braces (both ‘{’ and ‘}’ characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary filesystem write, which can lead to code execution. (CVE-2018-16874)
Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server that verifies client certificates. (CVE-2019-17596)
An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP header or a Redis command. (CVE-2019-9741)
Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.
(CVE-2020-15586)
Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in encoding/binary via invalid inputs. (CVE-2020-16845)
Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI handlers that lack a Content-Type header. (CVE-2020-24553)
Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. (CVE-2020-28362)
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via a malicious unquoted symbol name in a linked object file. (CVE-2020-28366)
Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution at build time via malicious gcc flags specified via a #cgo directive. (CVE-2020-28367)
A nil pointer dereference in the golang.org/x/crypto/ssh component through v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH servers. (CVE-2020-29652)
encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader (for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode, DecodeElement, or Skip method. (CVE-2021-27918)
Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses, because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR. (CVE-2021-29923)
In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs, related to an underflow of the lowest limb during the final complete reduction in the P-224 field.
(CVE-2021-3114)
Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code execution when using the go get command to fetch modules that make use of cgo (for example, cgo can execute a gcc program from an untrusted download). (CVE-2021-3115)
net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each be affected in some configurations. (CVE-2021-31525)
golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service (infinite loop) via crafted ParseFragment input. (CVE-2021-33194)
Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to the RFC1035 format. (CVE-2021-33195)
In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive’s header) can cause a NewReader or OpenReader panic. (CVE-2021-33196)
In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.
(CVE-2021-33197)
In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the math/big.Rat SetString or UnmarshalText method. (CVE-2021-33198)
The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS server to cause a TLS client to panic. (CVE-2021-34558)
Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil ReverseProxy panic upon an ErrAbortHandler abort. (CVE-2021-36221)
golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be used as a vector for a denial-of-service attack. (CVE-2021-38561)
In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of an incomplete fix for CVE-2021-33196. (CVE-2021-39293)
ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3 Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
(CVE-2021-41771)
Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or unintended network connection as a consequence of erroneous closing of file descriptor 0 after file- descriptor exhaustion. (CVE-2021-44717)
Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to Uncontrolled Memory Consumption. (CVE-2022-23772)
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags. (CVE-2022-23773)
Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return true in situations with a big.Int value that is not a valid field element. (CVE-2022-23806)
encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount of PEM data. (CVE-2022-24675)
regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested expression. (CVE-2022-24921)
The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic via long scalar input. (CVE-2022-28327)
Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3 allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket ages during session resumption. (CVE-2022-30629)
An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection. (CVE-2022-41717)
Note that Nessus has not tested for these issues but has instead relied on the package manager’s report that the package is installed.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory golang. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(195780);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/11");
script_cve_id(
"CVE-2017-1000097",
"CVE-2018-7187",
"CVE-2018-16874",
"CVE-2019-9741",
"CVE-2019-17596",
"CVE-2020-15586",
"CVE-2020-16845",
"CVE-2020-24553",
"CVE-2020-28362",
"CVE-2020-28366",
"CVE-2020-28367",
"CVE-2020-29652",
"CVE-2021-3114",
"CVE-2021-3115",
"CVE-2021-27918",
"CVE-2021-29923",
"CVE-2021-31525",
"CVE-2021-33194",
"CVE-2021-33195",
"CVE-2021-33196",
"CVE-2021-33197",
"CVE-2021-33198",
"CVE-2021-34558",
"CVE-2021-36221",
"CVE-2021-38297",
"CVE-2021-38561",
"CVE-2021-39293",
"CVE-2021-41771",
"CVE-2021-44717",
"CVE-2022-23772",
"CVE-2022-23773",
"CVE-2022-23806",
"CVE-2022-24675",
"CVE-2022-24921",
"CVE-2022-28327",
"CVE-2022-30629",
"CVE-2022-41717"
);
script_name(english:"RHEL 7 : golang (Unpatched Vulnerability)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat 7 host is affected by multiple vulnerabilities that will not be patched.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple
vulnerabilities that have been acknowledged by the vendor but will not be patched.
- golang: arbitrary command execution via VCS path (CVE-2018-7187)
- golang: Command-line arguments may overwrite global data (CVE-2021-38297)
- On Darwin, user's trust preferences for root certificates were not honored. If the user had a root
certificate loaded in their Keychain that was explicitly not trusted, a Go program would still verify a
connection using that root certificate. (CVE-2017-1000097)
- In Go before 1.10.6 and 1.11.x before 1.11.3, the go get command is vulnerable to directory traversal
when executed with the import path of a malicious Go package which contains curly braces (both '{' and '}'
characters). Specifically, it is only vulnerable in GOPATH mode, but not in module mode (the distinction
is documented at https://golang.org/cmd/go/#hdr-Module_aware_go_get). The attacker can cause an arbitrary
filesystem write, which can lead to code execution. (CVE-2018-16874)
- Go before 1.12.11 and 1.3.x before 1.13.2 can panic upon an attempt to process network traffic containing
an invalid DSA public key. There are several attack scenarios, such as traffic from a client to a server
that verifies client certificates. (CVE-2019-17596)
- An issue was discovered in net/http in Go 1.11.5. CRLF injection is possible if the attacker controls a
url parameter, as demonstrated by the second argument to http.NewRequest with \r\n followed by an HTTP
header or a Redis command. (CVE-2019-9741)
- Go before 1.13.13 and 1.14.x before 1.14.5 has a data race in some net/http servers, as demonstrated by
the httputil.ReverseProxy Handler, because it reads a request body and writes a response at the same time.
(CVE-2020-15586)
- Go before 1.13.15 and 14.x before 1.14.7 can have an infinite read loop in ReadUvarint and ReadVarint in
encoding/binary via invalid inputs. (CVE-2020-16845)
- Go before 1.14.8 and 1.15.x before 1.15.1 allows XSS because text/html is the default for CGI/FCGI
handlers that lack a Content-Type header. (CVE-2020-24553)
- Go before 1.14.12 and 1.15.x before 1.15.4 allows Denial of Service. (CVE-2020-28362)
- Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution
at build time via a malicious unquoted symbol name in a linked object file. (CVE-2020-28366)
- Code injection in the go command with cgo before Go 1.14.12 and Go 1.15.5 allows arbitrary code execution
at build time via malicious gcc flags specified via a #cgo directive. (CVE-2020-28367)
- A nil pointer dereference in the golang.org/x/crypto/ssh component through
v0.0.0-20201203163018-be400aefbc4c for Go allows remote attackers to cause a denial of service against SSH
servers. (CVE-2020-29652)
- encoding/xml in Go before 1.15.9 and 1.16.x before 1.16.1 has an infinite loop if a custom TokenReader
(for xml.NewTokenDecoder) returns EOF in the middle of an element. This can occur in the Decode,
DecodeElement, or Skip method. (CVE-2021-27918)
- Go before 1.17 does not properly consider extraneous zero characters at the beginning of an IP address
octet, which (in some situations) allows attackers to bypass access control that is based on IP addresses,
because of unexpected octal interpretation. This affects net.ParseIP and net.ParseCIDR. (CVE-2021-29923)
- In Go before 1.14.14 and 1.15.x before 1.15.7, crypto/elliptic/p224.go can generate incorrect outputs,
related to an underflow of the lowest limb during the final complete reduction in the P-224 field.
(CVE-2021-3114)
- Go before 1.14.14 and 1.15.x before 1.15.7 on Windows is vulnerable to Command Injection and remote code
execution when using the go get command to fetch modules that make use of cgo (for example, cgo can
execute a gcc program from an untrusted download). (CVE-2021-3115)
- net/http in Go before 1.15.12 and 1.16.x before 1.16.4 allows remote attackers to cause a denial of
service (panic) via a large header to ReadRequest or ReadResponse. Server, Transport, and Client can each
be affected in some configurations. (CVE-2021-31525)
- golang.org/x/net before v0.0.0-20210520170846-37e1c6afe023 allows attackers to cause a denial of service
(infinite loop) via crafted ParseFragment input. (CVE-2021-33194)
- Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from
DNS servers, and thus a return value may contain an unsafe injection (e.g., XSS) that does not conform to
the RFC1035 format. (CVE-2021-33195)
- In archive/zip in Go before 1.15.13 and 1.16.x before 1.16.5, a crafted file count (in an archive's
header) can cause a NewReader or OpenReader panic. (CVE-2021-33196)
- In Go before 1.15.13 and 1.16.x before 1.16.5, some configurations of ReverseProxy (from
net/http/httputil) result in a situation where an attacker is able to drop arbitrary headers.
(CVE-2021-33197)
- In Go before 1.15.13 and 1.16.x before 1.16.5, there can be a panic for a large exponent to the
math/big.Rat SetString or UnmarshalText method. (CVE-2021-33198)
- The crypto/tls package of Go through 1.16.5 does not properly assert that the type of public key in an
X.509 certificate matches the expected type when doing a RSA based key exchange, allowing a malicious TLS
server to cause a TLS client to panic. (CVE-2021-34558)
- Go before 1.15.15 and 1.16.x before 1.16.7 has a race condition that can lead to a net/http/httputil
ReverseProxy panic upon an ErrAbortHandler abort. (CVE-2021-36221)
- golang.org/x/text/language in golang.org/x/text before 0.3.7 can panic with an out-of-bounds read during
BCP 47 language tag parsing. Index calculation is mishandled. If parsing untrusted user input, this can be
used as a vector for a denial-of-service attack. (CVE-2021-38561)
- In archive/zip in Go before 1.16.8 and 1.17.x before 1.17.1, a crafted archive header (falsely designating
that many files are present) can cause a NewReader or OpenReader panic. NOTE: this issue exists because of
an incomplete fix for CVE-2021-33196. (CVE-2021-39293)
- ImportedSymbols in debug/macho (for Open or OpenFat) in Go before 1.16.10 and 1.17.x before 1.17.3
Accesses a Memory Location After the End of a Buffer, aka an out-of-bounds slice situation.
(CVE-2021-41771)
- Go before 1.16.12 and 1.17.x before 1.17.5 on UNIX allows write operations to an unintended file or
unintended network connection as a consequence of erroneous closing of file descriptor 0 after file-
descriptor exhaustion. (CVE-2021-44717)
- Rat.SetString in math/big in Go before 1.16.14 and 1.17.x before 1.17.7 has an overflow that can lead to
Uncontrolled Memory Consumption. (CVE-2022-23772)
- cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to
be version tags. This can lead to incorrect access control if an actor is supposed to be able to create
branches but not tags. (CVE-2022-23773)
- Curve.IsOnCurve in crypto/elliptic in Go before 1.16.14 and 1.17.x before 1.17.7 can incorrectly return
true in situations with a big.Int value that is not a valid field element. (CVE-2022-23806)
- encoding/pem in Go before 1.17.9 and 1.18.x before 1.18.1 has a Decode stack overflow via a large amount
of PEM data. (CVE-2022-24675)
- regexp.Compile in Go before 1.16.15 and 1.17.x before 1.17.8 allows stack exhaustion via a deeply nested
expression. (CVE-2022-24921)
- The generic P-256 feature in crypto/elliptic in Go before 1.17.9 and 1.18.x before 1.18.1 allows a panic
via long scalar input. (CVE-2022-28327)
- Non-random values for ticket_age_add in session tickets in crypto/tls before Go 1.17.11 and Go 1.18.3
allow an attacker that can observe TLS handshakes to correlate successive connections by comparing ticket
ages during session resumption. (CVE-2022-30629)
- An attacker can cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server
connections contain a cache of HTTP header keys sent by the client. While the total number of entries in
this cache is capped, an attacker sending very large keys can cause the server to allocate approximately
64 MiB per open connection. (CVE-2022-41717)
Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package
is installed.");
script_set_attribute(attribute:"solution", value:
"The vendor has acknowledged the vulnerabilities but no solution has been provided. Refer to the vendor for remediation
guidance.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-7187");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2021-38297");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vendor_unpatched", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2017/10/05");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/11");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:buildah");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:compat-sap-c++-7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:compat-sap-c++-8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:compat-sap-c++-9");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:docker-distribution");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:etcd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:etcd3");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:flannel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gcc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gcc-libraries");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:golang");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:gomtree");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:runc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:scap-security-guide");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:sg-core-rhel8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:skopeo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:smart-gateway-container");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item("global_settings/vendor_unpatched"))
exit(0, "Unpatched Vulnerabilities Detection not active.");
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'pkgs': [
{'reference':'buildah', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'buildah', 'cves':['CVE-2021-3114', 'CVE-2021-27918', 'CVE-2021-29923', 'CVE-2021-31525', 'CVE-2021-33195', 'CVE-2021-33196', 'CVE-2021-33197', 'CVE-2021-33198', 'CVE-2021-34558', 'CVE-2021-36221', 'CVE-2022-30629', 'CVE-2022-41717']},
{'reference':'compat-sap-c++-7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'compat-sap-c++-7', 'cves':['CVE-2021-3114']},
{'reference':'compat-sap-c++-8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'compat-sap-c++-8', 'cves':['CVE-2021-3114']},
{'reference':'compat-sap-c++-9', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'compat-sap-c++-9', 'cves':['CVE-2021-3114']},
{'reference':'containernetworking-plugins', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'containernetworking-plugins', 'cves':['CVE-2022-30629', 'CVE-2022-41717']},
{'reference':'docker', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'docker', 'cves':['CVE-2021-3114']},
{'reference':'docker-distribution', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'docker-distribution', 'cves':['CVE-2021-3114']},
{'reference':'etcd', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'etcd', 'cves':['CVE-2021-3114']},
{'reference':'etcd3', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'etcd3', 'cves':['CVE-2021-3114']},
{'reference':'flannel', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'flannel', 'cves':['CVE-2021-3114']},
{'reference':'gcc', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'gcc', 'cves':['CVE-2020-28362', 'CVE-2020-28366', 'CVE-2020-28367', 'CVE-2021-27918']},
{'reference':'gcc-libraries', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'gcc-libraries', 'cves':['CVE-2021-3114', 'CVE-2021-27918']},
{'reference':'golang', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'golang', 'cves':['CVE-2017-1000097', 'CVE-2018-7187', 'CVE-2018-16874', 'CVE-2019-9741', 'CVE-2019-17596', 'CVE-2020-15586', 'CVE-2020-16845', 'CVE-2020-24553', 'CVE-2020-28362', 'CVE-2020-28366', 'CVE-2020-28367', 'CVE-2021-3114', 'CVE-2021-3115', 'CVE-2021-29923', 'CVE-2021-31525', 'CVE-2021-33194', 'CVE-2021-33195', 'CVE-2021-33196', 'CVE-2021-33197', 'CVE-2021-33198', 'CVE-2021-34558', 'CVE-2021-36221', 'CVE-2021-38297', 'CVE-2021-39293', 'CVE-2021-41771', 'CVE-2021-44717', 'CVE-2022-23772', 'CVE-2022-23773', 'CVE-2022-23806', 'CVE-2022-24675', 'CVE-2022-24921', 'CVE-2022-28327']},
{'reference':'gomtree', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'gomtree', 'cves':['CVE-2020-29652']},
{'reference':'podman', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'podman', 'cves':['CVE-2021-3114', 'CVE-2021-34558', 'CVE-2021-38561', 'CVE-2022-30629', 'CVE-2022-41717']},
{'reference':'rhc', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'rhc', 'cves':['CVE-2022-41717']},
{'reference':'runc', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'runc', 'cves':['CVE-2021-44717']},
{'reference':'scap-security-guide', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'scap-security-guide', 'cves':['CVE-2021-3114']},
{'reference':'sg-core-rhel8', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'sg-core-rhel8', 'cves':['CVE-2022-24921']},
{'reference':'skopeo', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'skopeo', 'cves':['CVE-2021-3114', 'CVE-2021-33198', 'CVE-2022-30629', 'CVE-2022-41717']},
{'reference':'smart-gateway-container', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'unpatched_pkg':'smart-gateway-container', 'cves':['CVE-2022-24921']}
]
}
];
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
var enterprise_linux_flag = rhel_repo_urls_has_content_dist_rhel(repo_urls:repo_relative_urls);
foreach var pkg ( constraint_array['pkgs'] ) {
var unpatched_pkg = NULL;
var _release = NULL;
var sp = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['unpatched_pkg'])) unpatched_pkg = pkg['unpatched_pkg'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (unpatched_pkg &&
_release &&
(!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
unpatched_package_exists(release:_release, package:unpatched_pkg, cves: cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : unpatched_packages_report()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'buildah / compat-sap-c++-7 / compat-sap-c++-8 / compat-sap-c++-9 / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | 7 | cpe:/o:redhat:enterprise_linux:7 |
redhat | enterprise_linux | 8 | cpe:/o:redhat:enterprise_linux:8 |
redhat | enterprise_linux | buildah | p-cpe:/a:redhat:enterprise_linux:buildah |
redhat | enterprise_linux | compat-sap-c%2b%2b-7 | p-cpe:/a:redhat:enterprise_linux:compat-sap-c%2b%2b-7 |
redhat | enterprise_linux | compat-sap-c%2b%2b-8 | p-cpe:/a:redhat:enterprise_linux:compat-sap-c%2b%2b-8 |
redhat | enterprise_linux | compat-sap-c%2b%2b-9 | p-cpe:/a:redhat:enterprise_linux:compat-sap-c%2b%2b-9 |
redhat | enterprise_linux | containernetworking-plugins | p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins |
redhat | enterprise_linux | docker | p-cpe:/a:redhat:enterprise_linux:docker |
redhat | enterprise_linux | docker-distribution | p-cpe:/a:redhat:enterprise_linux:docker-distribution |
redhat | enterprise_linux | etcd | p-cpe:/a:redhat:enterprise_linux:etcd |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-1000097
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16874
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-7187
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-17596
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-9741
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15586
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-16845
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24553
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28362
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28366
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28367
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29652
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27918
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-29923
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3114
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3115
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31525
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33194
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33195
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33196
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33197
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33198
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-34558
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36221
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38297
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-38561
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39293
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41771
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44717
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23772
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23773
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23806
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24675
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-24921
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28327
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-30629
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41717