SUSE SLES15 / openSUSE 15 Security Update : SUSE Manager Client Tools (SUSE-SU-2024:0487-1)

critical Nessus Plugin ID 190632

Language:

Synopsis

The remote SUSE host is missing one or more security updates.

Description

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:0487-1 advisory.

- All versions of package trim are vulnerable to Regular Expression Denial of Service (ReDoS) via trim().
(CVE-2020-7753)

- ansi-regex is vulnerable to Inefficient Regular Expression Complexity (CVE-2021-3807)

- json-schema is vulnerable to Improperly Controlled Modification of Object Prototype Attributes ('Prototype Pollution') (CVE-2021-3918)

- In Async before 2.6.4 and 3.x before 3.2.2, a malicious user can obtain privileges via the mapValues() method, aka lib/internal/iterator.js createObjectIterator prototype pollution. (CVE-2021-43138)

- Grafana is an open-source platform for monitoring and observability. Grafana versions 8.0.0-beta1 through 8.3.0 (except for patched versions) iss vulnerable to directory traversal, allowing access to local files.
The vulnerable URL path is: `<grafana_host_url>/public/plugins//`, where is the plugin ID for any installed plugin. At no time has Grafana Cloud been vulnerable. Users are advised to upgrade to patched versions 8.0.7, 8.1.8, 8.2.7, or 8.3.1. The GitHub Security Advisory contains more information about vulnerable URL paths, mitigation, and the disclosure timeline. (CVE-2021-43798)

- Grafana is an open-source platform for monitoring and observability. Grafana prior to versions 8.3.2 and 7.5.12 has a directory traversal for arbitrary .csv files. It only affects instances that have the developer testing tool called TestData DB data source enabled and configured. The vulnerability is limited in scope, and only allows access to files with the extension .csv to authenticated users only. Grafana Cloud instances have not been affected by the vulnerability. Versions 8.3.2 and 7.5.12 contain a patch for this issue. There is a workaround available for users who cannot upgrade. Running a reverse proxy in front of Grafana that normalizes the PATH of the request will mitigate the vulnerability. The proxy will have to also be able to handle url encoded paths. (CVE-2021-43815)

- follow-redirects is vulnerable to Exposure of Private Personal Information to an Unauthorized Actor (CVE-2022-0155)

- Programs which compile regular expressions from untrusted sources may be vulnerable to memory exhaustion or denial of service. The parsed regexp representation is linear in the size of the input, but in some cases the constant factor can be as high as 40,000, making relatively small regexps consume much larger amounts of memory. After fix, each regexp being parsed is limited to a 256 MB memory footprint. Regular expressions whose representation would use more space than that are rejected. Normal use of regular expressions is unaffected. (CVE-2022-41715)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected golang-github-lusitaniae-apache_exporter, prometheus-postgres_exporter and / or spacecmd packages.

See Also

https://bugzilla.suse.com/1192154

https://bugzilla.suse.com/1192696

https://bugzilla.suse.com/1193492

https://bugzilla.suse.com/1193686

https://bugzilla.suse.com/1200480

https://bugzilla.suse.com/1204023

https://bugzilla.suse.com/1218843

https://bugzilla.suse.com/1218844

http://www.nessus.org/u?a07ee69a

https://www.suse.com/security/cve/CVE-2020-7753

https://www.suse.com/security/cve/CVE-2021-3807

https://www.suse.com/security/cve/CVE-2021-3918

https://www.suse.com/security/cve/CVE-2021-43138

https://www.suse.com/security/cve/CVE-2021-43798

https://www.suse.com/security/cve/CVE-2021-43815

https://www.suse.com/security/cve/CVE-2022-0155

https://www.suse.com/security/cve/CVE-2022-41715

Plugin Details

Severity: Critical

ID: 190632

File Name: suse_SU-2024-0487-1.nasl

Version: 1.2

Type: local

Agent: unix

Published: 2/17/2024

Updated: 2/19/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-3918

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:novell:suse_linux:golang-github-lusitaniae-apache_exporter, cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/15/2024

Vulnerability Publication Date: 10/27/2020

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2020-7753, CVE-2021-3807, CVE-2021-3918, CVE-2021-43138, CVE-2021-43798, CVE-2021-43815, CVE-2022-0155, CVE-2022-41715

SuSE: SUSE-SU-2024:0487-1