8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
0.024 Low
EPSS
Percentile
90.0%
The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:3867-1 advisory.
An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage will take significant time to parse. (CVE-2022-32149)
A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. (CVE-2022-41723)
Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if someone has access to a Prometheus web.yml file and users’ bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There is no workaround, but attacker must have access to the hashed password to use this functionality.
(CVE-2022-46146)
Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <= 8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in circulation with keys larger than this, and all three appear to be test certificates that are not actively deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so causing breakage here in the interests of increasing the default safety of users of crypto/tls seems reasonable. (CVE-2023-29409)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2023:3867-1. The text itself
# is copyright (C) SUSE.
##
include('compat.inc');
if (description)
{
script_id(182172);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/29");
script_cve_id(
"CVE-2022-32149",
"CVE-2022-41723",
"CVE-2022-46146",
"CVE-2023-29409"
);
script_xref(name:"SuSE", value:"SUSE-SU-2023:3867-1");
script_name(english:"SUSE SLES12 Security Update : SUSE Manager Client Tools (SUSE-SU-2023:3867-1)");
script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES12 / SLES_SAP12 host has a package installed that is affected by multiple vulnerabilities as
referenced in the SUSE-SU-2023:3867-1 advisory.
- An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage
will take significant time to parse. (CVE-2022-32149)
- A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient
to cause a denial of service from a small number of small requests. (CVE-2022-41723)
- Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, if
someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by
poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for the issue. There
is no workaround, but attacker must have access to the hashed password to use this functionality.
(CVE-2022-46146)
- Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time
verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <=
8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in
circulation with keys larger than this, and all three appear to be test certificates that are not actively
deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so
causing breakage here in the interests of increasing the default safety of users of crypto/tls seems
reasonable. (CVE-2023-29409)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1204501");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1208046");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1208270");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1208298");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1208692");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1211525");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1213880");
# https://lists.suse.com/pipermail/sle-updates/2023-September/031790.html
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c51879bc");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-32149");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-41723");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-46146");
script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-29409");
script_set_attribute(attribute:"solution", value:
"Update the affected golang-github-prometheus-node_exporter package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-46146");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/10/14");
script_set_attribute(attribute:"patch_publication_date", value:"2023/09/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/09/29");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:golang-github-prometheus-node_exporter");
script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:12");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"SuSE Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES12|SLES_SAP12)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES12 / SLES_SAP12', 'SUSE (' + os_ver + ')');
if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);
var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES12" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES12 SP5", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP12" && (! preg(pattern:"^(5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP12 SP5", os_ver + " SP" + service_pack);
var pkgs = [
{'reference':'golang-github-prometheus-node_exporter-1.5.0-1.27.2', 'sp':'5', 'release':'SLES_SAP12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-12.5']},
{'reference':'golang-github-prometheus-node_exporter-1.5.0-1.27.2', 'sp':'5', 'release':'SLES12', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-release-12.5']}
];
var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var exists_check = NULL;
var rpm_spec_vers_cmp = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (reference && _release) {
if (exists_check) {
var check_flag = 0;
foreach var check (exists_check) {
if (!rpm_exists(release:_release, rpm:check)) continue;
check_flag++;
}
if (!check_flag) continue;
}
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'golang-github-prometheus-node_exporter');
}
Vendor | Product | Version | CPE |
---|---|---|---|
novell | suse_linux | golang-github-prometheus-node_exporter | p-cpe:/a:novell:suse_linux:golang-github-prometheus-node_exporter |
novell | suse_linux | 12 | cpe:/o:novell:suse_linux:12 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-32149
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41723
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-46146
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29409
www.nessus.org/u?c51879bc
bugzilla.suse.com/1204501
bugzilla.suse.com/1208046
bugzilla.suse.com/1208270
bugzilla.suse.com/1208298
bugzilla.suse.com/1208692
bugzilla.suse.com/1211525
bugzilla.suse.com/1213880
www.suse.com/security/cve/CVE-2022-32149
www.suse.com/security/cve/CVE-2022-41723
www.suse.com/security/cve/CVE-2022-46146
www.suse.com/security/cve/CVE-2023-29409