Detections
Analytics
Rocky Linux 8 : container-tools:3.0 (RLSA-2022:7529)
medium Nessus Plugin ID 184857
Synopsis
The remote Rocky Linux host is missing one or more security updates.Description
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2022:7529 advisory.- Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. (CVE-2022-1705)
- A vulnerability was found in CRI-O that causes memory or disk space exhaustion on the node for anyone with access to the Kube API. The ExecSync request runs commands in a container and logs the output of the command. This output is then read by CRI-O after command execution, and it is read in a manner where the entire file corresponding to the output of the command is read in. Thus, if the output of the command is large it is possible to exhaust the memory or the disk space of the node when CRI-O reads the output of the command. The highest threat from this vulnerability is system availability. (CVE-2022-1708)
- Uncontrolled recursion in the Parse functions in go/parser before Go 1.17.12 and Go 1.18.4 allow an attacker to cause a panic due to stack exhaustion via deeply nested types or declarations. (CVE-2022-1962)
- client_golang is the instrumentation library for Go applications in Prometheus, and the promhttp package in client_golang provides tooling around HTTP servers and clients. In client_golang prior to version 1.11.1, HTTP server is susceptible to a Denial of Service through unbounded cardinality, and potential memory exhaustion, when handling requests with non-standard HTTP methods. In order to be affected, an instrumented software must use any of `promhttp.InstrumentHandler*` middleware except `RequestsInFlight`;
not filter any specific methods (e.g GET) before middleware; pass metric with `method` label name to our middleware; and not have any firewall/LB/proxy that filters away requests with unknown `method`.
client_golang version 1.11.1 contains a patch for this issue. Several workarounds are available, including removing the `method` label name from counter/gauge used in the InstrumentHandler; turning off affected promhttp handlers; adding custom middleware before promhttp handler that will sanitize the request method given by Go http.Request; and using a reverse proxy or web application firewall, configured to only allow a limited set of methods. (CVE-2022-21698)
- Uncontrolled recursion in Decoder.Skip in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a deeply nested XML document. (CVE-2022-28131)
- Uncontrolled recursion in Glob in io/fs before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path which contains a large number of path separators.
(CVE-2022-30630)
- Uncontrolled recursion in Reader.Read in compress/gzip before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via an archive containing a large number of concatenated 0-length compressed files. (CVE-2022-30631)
- Uncontrolled recursion in Glob in path/filepath before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via a path containing a large number of path separators.
(CVE-2022-30632)
- Uncontrolled recursion in Unmarshal in encoding/xml before Go 1.17.12 and Go 1.18.4 allows an attacker to cause a panic due to stack exhaustion via unmarshalling an XML document into a Go struct which has a nested field that uses the 'any' field tag. (CVE-2022-30633)
- Improper exposure of client IP addresses in net/http before Go 1.17.12 and Go 1.18.4 can be triggered by calling httputil.ReverseProxy.ServeHTTP with a Request.Header map containing a nil value for the X-Forwarded-For header, which causes ReverseProxy to set the client IP as the value of the X-Forwarded-For header. (CVE-2022-32148)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
https://errata.rockylinux.org/RLSA-2022:7529
https://bugzilla.redhat.com/show_bug.cgi?id=2045880
https://bugzilla.redhat.com/show_bug.cgi?id=2085361
https://bugzilla.redhat.com/show_bug.cgi?id=2107342
https://bugzilla.redhat.com/show_bug.cgi?id=2107371
https://bugzilla.redhat.com/show_bug.cgi?id=2107374
https://bugzilla.redhat.com/show_bug.cgi?id=2107376
https://bugzilla.redhat.com/show_bug.cgi?id=2107383
https://bugzilla.redhat.com/show_bug.cgi?id=2107386
Plugin Details
Severity: Medium
ID: 184857
File Name: rocky_linux_RLSA-2022-7529.nasl
Version: 1.1
Type: local
Published: 11/7/2023
Updated: 11/14/2023
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.1
Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS Score Source: CVE-2022-1708
CVSS v3
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 5.9
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
CVSS Score Source: CVE-2022-32148
Vulnerability Information
CPE: p-cpe:/a:rocky:linux:buildah, p-cpe:/a:rocky:linux:buildah-debuginfo, p-cpe:/a:rocky:linux:buildah-debugsource, p-cpe:/a:rocky:linux:buildah-tests, p-cpe:/a:rocky:linux:buildah-tests-debuginfo, p-cpe:/a:rocky:linux:cockpit-podman, p-cpe:/a:rocky:linux:conmon, p-cpe:/a:rocky:linux:conmon-debuginfo, p-cpe:/a:rocky:linux:conmon-debugsource, p-cpe:/a:rocky:linux:container-selinux, p-cpe:/a:rocky:linux:containernetworking-plugins, p-cpe:/a:rocky:linux:containernetworking-plugins-debuginfo, p-cpe:/a:rocky:linux:containernetworking-plugins-debugsource, p-cpe:/a:rocky:linux:containers-common, p-cpe:/a:rocky:linux:crit, p-cpe:/a:rocky:linux:criu, p-cpe:/a:rocky:linux:criu-debuginfo, p-cpe:/a:rocky:linux:criu-debugsource, p-cpe:/a:rocky:linux:crun, p-cpe:/a:rocky:linux:crun-debuginfo, p-cpe:/a:rocky:linux:crun-debugsource, p-cpe:/a:rocky:linux:fuse-overlayfs, p-cpe:/a:rocky:linux:fuse-overlayfs-debuginfo, p-cpe:/a:rocky:linux:fuse-overlayfs-debugsource, p-cpe:/a:rocky:linux:libslirp, p-cpe:/a:rocky:linux:libslirp-debuginfo, p-cpe:/a:rocky:linux:libslirp-debugsource, p-cpe:/a:rocky:linux:libslirp-devel, p-cpe:/a:rocky:linux:oci-seccomp-bpf-hook, p-cpe:/a:rocky:linux:oci-seccomp-bpf-hook-debuginfo, p-cpe:/a:rocky:linux:oci-seccomp-bpf-hook-debugsource, p-cpe:/a:rocky:linux:podman, p-cpe:/a:rocky:linux:podman-catatonit, p-cpe:/a:rocky:linux:podman-catatonit-debuginfo, p-cpe:/a:rocky:linux:podman-debuginfo, p-cpe:/a:rocky:linux:podman-debugsource, p-cpe:/a:rocky:linux:podman-docker, p-cpe:/a:rocky:linux:podman-plugins, p-cpe:/a:rocky:linux:podman-plugins-debuginfo, p-cpe:/a:rocky:linux:podman-remote, p-cpe:/a:rocky:linux:podman-remote-debuginfo, p-cpe:/a:rocky:linux:podman-tests, p-cpe:/a:rocky:linux:python3-criu, p-cpe:/a:rocky:linux:runc, p-cpe:/a:rocky:linux:runc-debuginfo, p-cpe:/a:rocky:linux:runc-debugsource, p-cpe:/a:rocky:linux:skopeo, p-cpe:/a:rocky:linux:skopeo-debuginfo, p-cpe:/a:rocky:linux:skopeo-debugsource, p-cpe:/a:rocky:linux:skopeo-tests, p-cpe:/a:rocky:linux:slirp4netns, p-cpe:/a:rocky:linux:slirp4netns-debuginfo, p-cpe:/a:rocky:linux:slirp4netns-debugsource, p-cpe:/a:rocky:linux:toolbox, p-cpe:/a:rocky:linux:toolbox-debuginfo, p-cpe:/a:rocky:linux:toolbox-debugsource, p-cpe:/a:rocky:linux:toolbox-tests, p-cpe:/a:rocky:linux:udica, cpe:/o:rocky:linux:8
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RockyLinux/release, Host/RockyLinux/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 11/8/2022
Vulnerability Publication Date: 2/15/2022
Reference Information
CVE: CVE-2022-1705, CVE-2022-1708, CVE-2022-1962, CVE-2022-21698, CVE-2022-28131, CVE-2022-30630, CVE-2022-30631, CVE-2022-30632, CVE-2022-30633, CVE-2022-32148
IAVB: 2022-B-0025-S