Rocky Linux 8 : Rocky Enterprise Software Foundation Ceph Storage 4.1 (RLSA-2020:2231)

high Nessus Plugin ID 185032

Synopsis

The remote Rocky Linux host is missing a security update.

Description

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:2231 advisory.

- A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain administrator access to Ceph clusters via the Ceph dashboard to initiate read, write, and delete Ceph clusters and also modify Ceph cluster configurations. Versions before ceph-ansible 6.0.0alpha1 are affected. (CVE-2020-1716)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected smartmontools, smartmontools-debuginfo and / or smartmontools-debugsource packages.

See Also

https://errata.rockylinux.org/RLSA-2020:2231

https://bugzilla.redhat.com/show_bug.cgi?id=1274084

https://bugzilla.redhat.com/show_bug.cgi?id=1553202

https://bugzilla.redhat.com/show_bug.cgi?id=1581421

https://bugzilla.redhat.com/show_bug.cgi?id=1625951

https://bugzilla.redhat.com/show_bug.cgi?id=1639817

https://bugzilla.redhat.com/show_bug.cgi?id=1656512

https://bugzilla.redhat.com/show_bug.cgi?id=1658491

https://bugzilla.redhat.com/show_bug.cgi?id=1665683

https://bugzilla.redhat.com/show_bug.cgi?id=1678701

https://bugzilla.redhat.com/show_bug.cgi?id=1679924

https://bugzilla.redhat.com/show_bug.cgi?id=1687971

https://bugzilla.redhat.com/show_bug.cgi?id=1716815

https://bugzilla.redhat.com/show_bug.cgi?id=1716972

https://bugzilla.redhat.com/show_bug.cgi?id=1719446

https://bugzilla.redhat.com/show_bug.cgi?id=1724428

https://bugzilla.redhat.com/show_bug.cgi?id=1731148

https://bugzilla.redhat.com/show_bug.cgi?id=1731554

https://bugzilla.redhat.com/show_bug.cgi?id=1734583

https://bugzilla.redhat.com/show_bug.cgi?id=1738334

https://bugzilla.redhat.com/show_bug.cgi?id=1741677

https://bugzilla.redhat.com/show_bug.cgi?id=1743388

https://bugzilla.redhat.com/show_bug.cgi?id=1744276

https://bugzilla.redhat.com/show_bug.cgi?id=1746491

https://bugzilla.redhat.com/show_bug.cgi?id=1747206

https://bugzilla.redhat.com/show_bug.cgi?id=1747516

https://bugzilla.redhat.com/show_bug.cgi?id=1759700

https://bugzilla.redhat.com/show_bug.cgi?id=1759716

https://bugzilla.redhat.com/show_bug.cgi?id=1759725

https://bugzilla.redhat.com/show_bug.cgi?id=1759727

https://bugzilla.redhat.com/show_bug.cgi?id=1760126

https://bugzilla.redhat.com/show_bug.cgi?id=1760129

https://bugzilla.redhat.com/show_bug.cgi?id=1760219

https://bugzilla.redhat.com/show_bug.cgi?id=1761474

https://bugzilla.redhat.com/show_bug.cgi?id=1761743

https://bugzilla.redhat.com/show_bug.cgi?id=1762170

https://bugzilla.redhat.com/show_bug.cgi?id=1762197

https://bugzilla.redhat.com/show_bug.cgi?id=1762852

https://bugzilla.redhat.com/show_bug.cgi?id=1764431

https://bugzilla.redhat.com/show_bug.cgi?id=1765517

https://bugzilla.redhat.com/show_bug.cgi?id=1765530

https://bugzilla.redhat.com/show_bug.cgi?id=1765536

https://bugzilla.redhat.com/show_bug.cgi?id=1767144

https://bugzilla.redhat.com/show_bug.cgi?id=1771206

https://bugzilla.redhat.com/show_bug.cgi?id=1771208

https://bugzilla.redhat.com/show_bug.cgi?id=1775218

https://bugzilla.redhat.com/show_bug.cgi?id=1775266

https://bugzilla.redhat.com/show_bug.cgi?id=1775404

https://bugzilla.redhat.com/show_bug.cgi?id=1777064

https://bugzilla.redhat.com/show_bug.cgi?id=1777380

https://bugzilla.redhat.com/show_bug.cgi?id=1779186

https://bugzilla.redhat.com/show_bug.cgi?id=1782253

https://bugzilla.redhat.com/show_bug.cgi?id=1783223

https://bugzilla.redhat.com/show_bug.cgi?id=1784011

https://bugzilla.redhat.com/show_bug.cgi?id=1784405

https://bugzilla.redhat.com/show_bug.cgi?id=1784729

https://bugzilla.redhat.com/show_bug.cgi?id=1784746

https://bugzilla.redhat.com/show_bug.cgi?id=1784895

https://bugzilla.redhat.com/show_bug.cgi?id=1785363

https://bugzilla.redhat.com/show_bug.cgi?id=1785472

https://bugzilla.redhat.com/show_bug.cgi?id=1785474

https://bugzilla.redhat.com/show_bug.cgi?id=1785475

https://bugzilla.redhat.com/show_bug.cgi?id=1785476

https://bugzilla.redhat.com/show_bug.cgi?id=1785477

https://bugzilla.redhat.com/show_bug.cgi?id=1785478

https://bugzilla.redhat.com/show_bug.cgi?id=1785580

https://bugzilla.redhat.com/show_bug.cgi?id=1785646

https://bugzilla.redhat.com/show_bug.cgi?id=1785736

https://bugzilla.redhat.com/show_bug.cgi?id=1786107

https://bugzilla.redhat.com/show_bug.cgi?id=1786173

https://bugzilla.redhat.com/show_bug.cgi?id=1786287

https://bugzilla.redhat.com/show_bug.cgi?id=1786457

https://bugzilla.redhat.com/show_bug.cgi?id=1786684

https://bugzilla.redhat.com/show_bug.cgi?id=1788347

https://bugzilla.redhat.com/show_bug.cgi?id=1788917

https://bugzilla.redhat.com/show_bug.cgi?id=1789357

https://bugzilla.redhat.com/show_bug.cgi?id=1790472

https://bugzilla.redhat.com/show_bug.cgi?id=1790479

https://bugzilla.redhat.com/show_bug.cgi?id=1791174

https://bugzilla.redhat.com/show_bug.cgi?id=1792222

https://bugzilla.redhat.com/show_bug.cgi?id=1792225

https://bugzilla.redhat.com/show_bug.cgi?id=1792230

https://bugzilla.redhat.com/show_bug.cgi?id=1792320

https://bugzilla.redhat.com/show_bug.cgi?id=1793542

https://bugzilla.redhat.com/show_bug.cgi?id=1793564

https://bugzilla.redhat.com/show_bug.cgi?id=1794351

https://bugzilla.redhat.com/show_bug.cgi?id=1794713

https://bugzilla.redhat.com/show_bug.cgi?id=1794715

https://bugzilla.redhat.com/show_bug.cgi?id=1795406

https://bugzilla.redhat.com/show_bug.cgi?id=1795592

https://bugzilla.redhat.com/show_bug.cgi?id=1796160

https://bugzilla.redhat.com/show_bug.cgi?id=1796453

https://bugzilla.redhat.com/show_bug.cgi?id=1796853

https://bugzilla.redhat.com/show_bug.cgi?id=1797161

https://bugzilla.redhat.com/show_bug.cgi?id=1797817

https://bugzilla.redhat.com/show_bug.cgi?id=1798153

https://bugzilla.redhat.com/show_bug.cgi?id=1798718

https://bugzilla.redhat.com/show_bug.cgi?id=1798719

https://bugzilla.redhat.com/show_bug.cgi?id=1798781

https://bugzilla.redhat.com/show_bug.cgi?id=1802199

https://bugzilla.redhat.com/show_bug.cgi?id=1805347

https://bugzilla.redhat.com/show_bug.cgi?id=1805391

https://bugzilla.redhat.com/show_bug.cgi?id=1805643

https://bugzilla.redhat.com/show_bug.cgi?id=1807085

https://bugzilla.redhat.com/show_bug.cgi?id=1807184

https://bugzilla.redhat.com/show_bug.cgi?id=1808046

https://bugzilla.redhat.com/show_bug.cgi?id=1808345

https://bugzilla.redhat.com/show_bug.cgi?id=1808495

https://bugzilla.redhat.com/show_bug.cgi?id=1809242

https://bugzilla.redhat.com/show_bug.cgi?id=1810121

https://bugzilla.redhat.com/show_bug.cgi?id=1810551

https://bugzilla.redhat.com/show_bug.cgi?id=1810610

https://bugzilla.redhat.com/show_bug.cgi?id=1810884

https://bugzilla.redhat.com/show_bug.cgi?id=1810948

https://bugzilla.redhat.com/show_bug.cgi?id=1811547

https://bugzilla.redhat.com/show_bug.cgi?id=1813349

https://bugzilla.redhat.com/show_bug.cgi?id=1814082

https://bugzilla.redhat.com/show_bug.cgi?id=1814380

https://bugzilla.redhat.com/show_bug.cgi?id=1814542

https://bugzilla.redhat.com/show_bug.cgi?id=1814806

https://bugzilla.redhat.com/show_bug.cgi?id=1814942

https://bugzilla.redhat.com/show_bug.cgi?id=1815211

https://bugzilla.redhat.com/show_bug.cgi?id=1815239

https://bugzilla.redhat.com/show_bug.cgi?id=1815261

https://bugzilla.redhat.com/show_bug.cgi?id=1815390

https://bugzilla.redhat.com/show_bug.cgi?id=1815579

https://bugzilla.redhat.com/show_bug.cgi?id=1816713

https://bugzilla.redhat.com/show_bug.cgi?id=1816989

https://bugzilla.redhat.com/show_bug.cgi?id=1817069

https://bugzilla.redhat.com/show_bug.cgi?id=1817586

https://bugzilla.redhat.com/show_bug.cgi?id=1817985

https://bugzilla.redhat.com/show_bug.cgi?id=1819302

https://bugzilla.redhat.com/show_bug.cgi?id=1819681

https://bugzilla.redhat.com/show_bug.cgi?id=1820233

https://bugzilla.redhat.com/show_bug.cgi?id=1820272

https://bugzilla.redhat.com/show_bug.cgi?id=1820560

https://bugzilla.redhat.com/show_bug.cgi?id=1821784

https://bugzilla.redhat.com/show_bug.cgi?id=1822153

https://bugzilla.redhat.com/show_bug.cgi?id=1822328

https://bugzilla.redhat.com/show_bug.cgi?id=1822482

https://bugzilla.redhat.com/show_bug.cgi?id=1822599

https://bugzilla.redhat.com/show_bug.cgi?id=1822902

https://bugzilla.redhat.com/show_bug.cgi?id=1822905

https://bugzilla.redhat.com/show_bug.cgi?id=1823975

https://bugzilla.redhat.com/show_bug.cgi?id=1824263

https://bugzilla.redhat.com/show_bug.cgi?id=1825104

https://bugzilla.redhat.com/show_bug.cgi?id=1825149

https://bugzilla.redhat.com/show_bug.cgi?id=1825288

https://bugzilla.redhat.com/show_bug.cgi?id=1825827

https://bugzilla.redhat.com/show_bug.cgi?id=1825988

https://bugzilla.redhat.com/show_bug.cgi?id=1826884

https://bugzilla.redhat.com/show_bug.cgi?id=1827299

https://bugzilla.redhat.com/show_bug.cgi?id=1827781

https://bugzilla.redhat.com/show_bug.cgi?id=1827785

https://bugzilla.redhat.com/show_bug.cgi?id=1827789

https://bugzilla.redhat.com/show_bug.cgi?id=1827799

https://bugzilla.redhat.com/show_bug.cgi?id=1829804

https://bugzilla.redhat.com/show_bug.cgi?id=1831119

https://bugzilla.redhat.com/show_bug.cgi?id=1831285

https://bugzilla.redhat.com/show_bug.cgi?id=1831342

https://bugzilla.redhat.com/show_bug.cgi?id=1833063

https://bugzilla.redhat.com/show_bug.cgi?id=1834790

https://bugzilla.redhat.com/show_bug.cgi?id=1837206

Plugin Details

Severity: High

ID: 185032

File Name: rocky_linux_RLSA-2020-2231.nasl

Version: 1.0

Type: local

Published: 11/7/2023

Updated: 11/7/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2020-1716

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:rocky:linux:smartmontools, p-cpe:/a:rocky:linux:smartmontools-debuginfo, p-cpe:/a:rocky:linux:smartmontools-debugsource, cpe:/o:rocky:linux:8

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RockyLinux/release, Host/RockyLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/19/2020

Vulnerability Publication Date: 5/19/2020

Reference Information

CVE: CVE-2020-1716