Detections
Analytics
Rocky Linux 8 : Rocky Enterprise Software Foundation Ceph Storage 4.1 (RLSA-2020:2231)
high Nessus Plugin ID 185032
Synopsis
The remote Rocky Linux host is missing a security update.Description
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2020:2231 advisory.- A flaw was found in the ceph-ansible playbook where it contained hardcoded passwords that were being used as default passwords while deploying Ceph services. Any authenticated attacker can abuse this flaw to brute-force Ceph deployments, and gain administrator access to Ceph clusters via the Ceph dashboard to initiate read, write, and delete Ceph clusters and also modify Ceph cluster configurations. Versions before ceph-ansible 6.0.0alpha1 are affected. (CVE-2020-1716)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected smartmontools, smartmontools-debuginfo and / or smartmontools-debugsource packages.See Also
https://errata.rockylinux.org/RLSA-2020:2231
https://bugzilla.redhat.com/show_bug.cgi?id=1274084
https://bugzilla.redhat.com/show_bug.cgi?id=1553202
https://bugzilla.redhat.com/show_bug.cgi?id=1581421
https://bugzilla.redhat.com/show_bug.cgi?id=1625951
https://bugzilla.redhat.com/show_bug.cgi?id=1639817
https://bugzilla.redhat.com/show_bug.cgi?id=1656512
https://bugzilla.redhat.com/show_bug.cgi?id=1658491
https://bugzilla.redhat.com/show_bug.cgi?id=1665683
https://bugzilla.redhat.com/show_bug.cgi?id=1678701
https://bugzilla.redhat.com/show_bug.cgi?id=1679924
https://bugzilla.redhat.com/show_bug.cgi?id=1687971
https://bugzilla.redhat.com/show_bug.cgi?id=1716815
https://bugzilla.redhat.com/show_bug.cgi?id=1716972
https://bugzilla.redhat.com/show_bug.cgi?id=1719446
https://bugzilla.redhat.com/show_bug.cgi?id=1724428
https://bugzilla.redhat.com/show_bug.cgi?id=1731148
https://bugzilla.redhat.com/show_bug.cgi?id=1731554
https://bugzilla.redhat.com/show_bug.cgi?id=1734583
https://bugzilla.redhat.com/show_bug.cgi?id=1738334
https://bugzilla.redhat.com/show_bug.cgi?id=1741677
https://bugzilla.redhat.com/show_bug.cgi?id=1743388
https://bugzilla.redhat.com/show_bug.cgi?id=1744276
https://bugzilla.redhat.com/show_bug.cgi?id=1746491
https://bugzilla.redhat.com/show_bug.cgi?id=1747206
https://bugzilla.redhat.com/show_bug.cgi?id=1747516
https://bugzilla.redhat.com/show_bug.cgi?id=1759700
https://bugzilla.redhat.com/show_bug.cgi?id=1759716
https://bugzilla.redhat.com/show_bug.cgi?id=1759725
https://bugzilla.redhat.com/show_bug.cgi?id=1759727
https://bugzilla.redhat.com/show_bug.cgi?id=1760126
https://bugzilla.redhat.com/show_bug.cgi?id=1760129
https://bugzilla.redhat.com/show_bug.cgi?id=1760219
https://bugzilla.redhat.com/show_bug.cgi?id=1761474
https://bugzilla.redhat.com/show_bug.cgi?id=1761743
https://bugzilla.redhat.com/show_bug.cgi?id=1762170
https://bugzilla.redhat.com/show_bug.cgi?id=1762197
https://bugzilla.redhat.com/show_bug.cgi?id=1762852
https://bugzilla.redhat.com/show_bug.cgi?id=1764431
https://bugzilla.redhat.com/show_bug.cgi?id=1765517
https://bugzilla.redhat.com/show_bug.cgi?id=1765530
https://bugzilla.redhat.com/show_bug.cgi?id=1765536
https://bugzilla.redhat.com/show_bug.cgi?id=1767144
https://bugzilla.redhat.com/show_bug.cgi?id=1771206
https://bugzilla.redhat.com/show_bug.cgi?id=1771208
https://bugzilla.redhat.com/show_bug.cgi?id=1775218
https://bugzilla.redhat.com/show_bug.cgi?id=1775266
https://bugzilla.redhat.com/show_bug.cgi?id=1775404
https://bugzilla.redhat.com/show_bug.cgi?id=1777064
https://bugzilla.redhat.com/show_bug.cgi?id=1777380
https://bugzilla.redhat.com/show_bug.cgi?id=1779186
https://bugzilla.redhat.com/show_bug.cgi?id=1782253
https://bugzilla.redhat.com/show_bug.cgi?id=1783223
https://bugzilla.redhat.com/show_bug.cgi?id=1784011
https://bugzilla.redhat.com/show_bug.cgi?id=1784405
https://bugzilla.redhat.com/show_bug.cgi?id=1784729
https://bugzilla.redhat.com/show_bug.cgi?id=1784746
https://bugzilla.redhat.com/show_bug.cgi?id=1784895
https://bugzilla.redhat.com/show_bug.cgi?id=1785363
https://bugzilla.redhat.com/show_bug.cgi?id=1785472
https://bugzilla.redhat.com/show_bug.cgi?id=1785474
https://bugzilla.redhat.com/show_bug.cgi?id=1785475
https://bugzilla.redhat.com/show_bug.cgi?id=1785476
https://bugzilla.redhat.com/show_bug.cgi?id=1785477
https://bugzilla.redhat.com/show_bug.cgi?id=1785478
https://bugzilla.redhat.com/show_bug.cgi?id=1785580
https://bugzilla.redhat.com/show_bug.cgi?id=1785646
https://bugzilla.redhat.com/show_bug.cgi?id=1785736
https://bugzilla.redhat.com/show_bug.cgi?id=1786107
https://bugzilla.redhat.com/show_bug.cgi?id=1786173
https://bugzilla.redhat.com/show_bug.cgi?id=1786287
https://bugzilla.redhat.com/show_bug.cgi?id=1786457
https://bugzilla.redhat.com/show_bug.cgi?id=1786684
https://bugzilla.redhat.com/show_bug.cgi?id=1788347
https://bugzilla.redhat.com/show_bug.cgi?id=1788917
https://bugzilla.redhat.com/show_bug.cgi?id=1789357
https://bugzilla.redhat.com/show_bug.cgi?id=1790472
https://bugzilla.redhat.com/show_bug.cgi?id=1790479
https://bugzilla.redhat.com/show_bug.cgi?id=1791174
https://bugzilla.redhat.com/show_bug.cgi?id=1792222
https://bugzilla.redhat.com/show_bug.cgi?id=1792225
https://bugzilla.redhat.com/show_bug.cgi?id=1792230
https://bugzilla.redhat.com/show_bug.cgi?id=1792320
https://bugzilla.redhat.com/show_bug.cgi?id=1793542
https://bugzilla.redhat.com/show_bug.cgi?id=1793564
https://bugzilla.redhat.com/show_bug.cgi?id=1794351
https://bugzilla.redhat.com/show_bug.cgi?id=1794713
https://bugzilla.redhat.com/show_bug.cgi?id=1794715
https://bugzilla.redhat.com/show_bug.cgi?id=1795406
https://bugzilla.redhat.com/show_bug.cgi?id=1795592
https://bugzilla.redhat.com/show_bug.cgi?id=1796160
https://bugzilla.redhat.com/show_bug.cgi?id=1796453
https://bugzilla.redhat.com/show_bug.cgi?id=1796853
https://bugzilla.redhat.com/show_bug.cgi?id=1797161
https://bugzilla.redhat.com/show_bug.cgi?id=1797817
https://bugzilla.redhat.com/show_bug.cgi?id=1798153
https://bugzilla.redhat.com/show_bug.cgi?id=1798718
https://bugzilla.redhat.com/show_bug.cgi?id=1798719
https://bugzilla.redhat.com/show_bug.cgi?id=1798781
https://bugzilla.redhat.com/show_bug.cgi?id=1802199
https://bugzilla.redhat.com/show_bug.cgi?id=1805347
https://bugzilla.redhat.com/show_bug.cgi?id=1805391
https://bugzilla.redhat.com/show_bug.cgi?id=1805643
https://bugzilla.redhat.com/show_bug.cgi?id=1807085
https://bugzilla.redhat.com/show_bug.cgi?id=1807184
https://bugzilla.redhat.com/show_bug.cgi?id=1808046
https://bugzilla.redhat.com/show_bug.cgi?id=1808345
https://bugzilla.redhat.com/show_bug.cgi?id=1808495
https://bugzilla.redhat.com/show_bug.cgi?id=1809242
https://bugzilla.redhat.com/show_bug.cgi?id=1810121
https://bugzilla.redhat.com/show_bug.cgi?id=1810551
https://bugzilla.redhat.com/show_bug.cgi?id=1810610
https://bugzilla.redhat.com/show_bug.cgi?id=1810884
https://bugzilla.redhat.com/show_bug.cgi?id=1810948
https://bugzilla.redhat.com/show_bug.cgi?id=1811547
https://bugzilla.redhat.com/show_bug.cgi?id=1813349
https://bugzilla.redhat.com/show_bug.cgi?id=1814082
https://bugzilla.redhat.com/show_bug.cgi?id=1814380
https://bugzilla.redhat.com/show_bug.cgi?id=1814542
https://bugzilla.redhat.com/show_bug.cgi?id=1814806
https://bugzilla.redhat.com/show_bug.cgi?id=1814942
https://bugzilla.redhat.com/show_bug.cgi?id=1815211
https://bugzilla.redhat.com/show_bug.cgi?id=1815239
https://bugzilla.redhat.com/show_bug.cgi?id=1815261
https://bugzilla.redhat.com/show_bug.cgi?id=1815390
https://bugzilla.redhat.com/show_bug.cgi?id=1815579
https://bugzilla.redhat.com/show_bug.cgi?id=1816713
https://bugzilla.redhat.com/show_bug.cgi?id=1816989
https://bugzilla.redhat.com/show_bug.cgi?id=1817069
https://bugzilla.redhat.com/show_bug.cgi?id=1817586
https://bugzilla.redhat.com/show_bug.cgi?id=1817985
https://bugzilla.redhat.com/show_bug.cgi?id=1819302
https://bugzilla.redhat.com/show_bug.cgi?id=1819681
https://bugzilla.redhat.com/show_bug.cgi?id=1820233
https://bugzilla.redhat.com/show_bug.cgi?id=1820272
https://bugzilla.redhat.com/show_bug.cgi?id=1820560
https://bugzilla.redhat.com/show_bug.cgi?id=1821784
https://bugzilla.redhat.com/show_bug.cgi?id=1822153
https://bugzilla.redhat.com/show_bug.cgi?id=1822328
https://bugzilla.redhat.com/show_bug.cgi?id=1822482
https://bugzilla.redhat.com/show_bug.cgi?id=1822599
https://bugzilla.redhat.com/show_bug.cgi?id=1822902
https://bugzilla.redhat.com/show_bug.cgi?id=1822905
https://bugzilla.redhat.com/show_bug.cgi?id=1823975
https://bugzilla.redhat.com/show_bug.cgi?id=1824263
https://bugzilla.redhat.com/show_bug.cgi?id=1825104
https://bugzilla.redhat.com/show_bug.cgi?id=1825149
https://bugzilla.redhat.com/show_bug.cgi?id=1825288
https://bugzilla.redhat.com/show_bug.cgi?id=1825827
https://bugzilla.redhat.com/show_bug.cgi?id=1825988
https://bugzilla.redhat.com/show_bug.cgi?id=1826884
https://bugzilla.redhat.com/show_bug.cgi?id=1827299
https://bugzilla.redhat.com/show_bug.cgi?id=1827781
https://bugzilla.redhat.com/show_bug.cgi?id=1827785
https://bugzilla.redhat.com/show_bug.cgi?id=1827789
https://bugzilla.redhat.com/show_bug.cgi?id=1827799
https://bugzilla.redhat.com/show_bug.cgi?id=1829804
https://bugzilla.redhat.com/show_bug.cgi?id=1831119
https://bugzilla.redhat.com/show_bug.cgi?id=1831285
https://bugzilla.redhat.com/show_bug.cgi?id=1831342
https://bugzilla.redhat.com/show_bug.cgi?id=1833063
Plugin Details
Severity: High
ID: 185032
File Name: rocky_linux_RLSA-2020-2231.nasl
Version: 1.0
Type: local
Published: 11/7/2023
Updated: 11/7/2023
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 9
Temporal Score: 7
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
CVSS Score Source: CVE-2020-1716
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.9
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:rocky:linux:smartmontools, p-cpe:/a:rocky:linux:smartmontools-debuginfo, p-cpe:/a:rocky:linux:smartmontools-debugsource, cpe:/o:rocky:linux:8
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RockyLinux/release, Host/RockyLinux/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/19/2020
Vulnerability Publication Date: 5/19/2020
Reference Information
CVE: CVE-2020-1716