CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
EPSS
Percentile
5.1%
The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2021:4147-1 advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2021:4147-1. The text itself
# is copyright (C) SUSE.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(156281);
script_version("1.4");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/07/14");
script_cve_id("CVE-2020-14367");
script_xref(name:"SuSE", value:"SUSE-SU-2021:4147-1");
script_name(english:"SUSE SLES12 Security Update : chrony (SUSE-SU-2021:4147-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by a vulnerability as referenced
in the SUSE-SU-2021:4147-1 advisory.
- A flaw was found in chrony versions before 3.5.1 when creating the PID file under the /var/run/chrony
folder. The file is created during chronyd startup while still running as the root user, and when it's
opened for writing, chronyd does not check for an existing symbolic link with the same file name. This
flaw allows an attacker with privileged access to create a symlink with the default PID file name pointing
to any destination file in the system, resulting in data loss and a denial of service due to the path
traversal. (CVE-2020-14367)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1063704");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1069468");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1082318");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1083597");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1099272");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1115529");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1128846");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1156884");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1159840");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1161119");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1162964");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1171806");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1172113");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1173277");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1173760");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1174075");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1174911");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1180689");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1181826");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1183783");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1184400");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1187906");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1190926");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2020-14367");
# https://lists.suse.com/pipermail/sle-security-updates/2021-December/009931.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?a6af0a29");
script_set_attribute(attribute:"solution", value:
"Update the affected chrony package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-14367");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/08/20");
script_set_attribute(attribute:"patch_publication_date", value:"2021/12/22");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/12/25");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:chrony");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12|SLES_SAP12)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(2|3|4|5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES12 SP2/3/4/5", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP12" && (! preg(pattern:"^(3|4|5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP12 SP3/4/5", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'chrony-4.1-5.9.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.3']},
{'reference':'chrony-4.1-5.9.1', 'sp':'4', 'cpu':'x86_64', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.4']},
{'reference':'chrony-4.1-5.9.1', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'chrony-4.1-5.9.1', 'sp':'2', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.2']},
{'reference':'chrony-4.1-5.9.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},
{'reference':'chrony-4.1-5.9.1', 'sp':'3', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.3']},
{'reference':'chrony-4.1-5.9.1', 'sp':'4', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.4']},
{'reference':'chrony-4.1-5.9.1', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
var ltss_plugin_caveat = NULL;
if(ltss_caveat_required) ltss_plugin_caveat = '\n' +
'NOTE: This vulnerability check contains fixes that apply to\n' +
'packages only available in SUSE Enterprise Linux Server LTSS\n' +
'repositories. Access to these package security updates require\n' +
'a paid SUSE LTSS subscription.\n';
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : rpm_report_get() + ltss_plugin_caveat
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'chrony');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-14367
www.nessus.org/u?a6af0a29
bugzilla.suse.com/1063704
bugzilla.suse.com/1069468
bugzilla.suse.com/1082318
bugzilla.suse.com/1083597
bugzilla.suse.com/1099272
bugzilla.suse.com/1115529
bugzilla.suse.com/1128846
bugzilla.suse.com/1156884
bugzilla.suse.com/1159840
bugzilla.suse.com/1161119
bugzilla.suse.com/1162964
bugzilla.suse.com/1171806
bugzilla.suse.com/1172113
bugzilla.suse.com/1173277
bugzilla.suse.com/1173760
bugzilla.suse.com/1174075
bugzilla.suse.com/1174911
bugzilla.suse.com/1180689
bugzilla.suse.com/1181826
bugzilla.suse.com/1183783
bugzilla.suse.com/1184400
bugzilla.suse.com/1187906
bugzilla.suse.com/1190926
www.suse.com/security/cve/CVE-2020-14367
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:N/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
EPSS
Percentile
5.1%