RHEL 7 : Red Hat OpenStack Platform 12.0 director (RHSA-2018:2331)

high Nessus Plugin ID 194080

Synopsis

The remote Red Hat host is missing a security update for Red Hat OpenStack Platform 12.0 director.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2331 advisory.

memcached is a high-performance, distributed memory object caching system, generic in nature, but intended for use in speeding up dynamic web applications by alleviating database load.

Security fix(es):

* memcached: UDP server support allows spoofed traffic amplification DoS (CVE-2018-1000115)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

For more information about the bug fixes and enhancements included with this update, see the Technical Notes section of the Release Notes linked in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL Red Hat OpenStack Platform 12.0 director package based on the guidance in RHSA-2018:2331.

See Also

https://access.redhat.com/security/updates/classification/#moderate

http://www.nessus.org/u?3c016032

https://bugzilla.redhat.com/show_bug.cgi?id=1470033

https://bugzilla.redhat.com/show_bug.cgi?id=1477663

https://bugzilla.redhat.com/show_bug.cgi?id=1488058

https://bugzilla.redhat.com/show_bug.cgi?id=1502860

https://bugzilla.redhat.com/show_bug.cgi?id=1504052

https://bugzilla.redhat.com/show_bug.cgi?id=1506038

https://bugzilla.redhat.com/show_bug.cgi?id=1508867

https://bugzilla.redhat.com/show_bug.cgi?id=1511988

https://bugzilla.redhat.com/show_bug.cgi?id=1513497

https://bugzilla.redhat.com/show_bug.cgi?id=1513502

https://bugzilla.redhat.com/show_bug.cgi?id=1518605

https://bugzilla.redhat.com/show_bug.cgi?id=1518662

https://bugzilla.redhat.com/show_bug.cgi?id=1520453

https://bugzilla.redhat.com/show_bug.cgi?id=1527205

https://bugzilla.redhat.com/show_bug.cgi?id=1528632

https://bugzilla.redhat.com/show_bug.cgi?id=1533204

https://bugzilla.redhat.com/show_bug.cgi?id=1533271

https://bugzilla.redhat.com/show_bug.cgi?id=1533511

https://bugzilla.redhat.com/show_bug.cgi?id=1534442

https://bugzilla.redhat.com/show_bug.cgi?id=1537606

https://bugzilla.redhat.com/show_bug.cgi?id=1539961

https://bugzilla.redhat.com/show_bug.cgi?id=1547146

https://bugzilla.redhat.com/show_bug.cgi?id=1547539

https://bugzilla.redhat.com/show_bug.cgi?id=1549139

https://bugzilla.redhat.com/show_bug.cgi?id=1550934

https://bugzilla.redhat.com/show_bug.cgi?id=1551182

https://bugzilla.redhat.com/show_bug.cgi?id=1552759

https://bugzilla.redhat.com/show_bug.cgi?id=1556720

https://bugzilla.redhat.com/show_bug.cgi?id=1557328

https://bugzilla.redhat.com/show_bug.cgi?id=1558679

https://bugzilla.redhat.com/show_bug.cgi?id=1559151

https://bugzilla.redhat.com/show_bug.cgi?id=1559920

https://bugzilla.redhat.com/show_bug.cgi?id=1560937

https://bugzilla.redhat.com/show_bug.cgi?id=1562148

https://bugzilla.redhat.com/show_bug.cgi?id=1570147

https://bugzilla.redhat.com/show_bug.cgi?id=1571435

https://bugzilla.redhat.com/show_bug.cgi?id=1571646

https://bugzilla.redhat.com/show_bug.cgi?id=1571744

https://bugzilla.redhat.com/show_bug.cgi?id=1572353

https://bugzilla.redhat.com/show_bug.cgi?id=1572667

https://bugzilla.redhat.com/show_bug.cgi?id=1573583

https://bugzilla.redhat.com/show_bug.cgi?id=1573791

https://bugzilla.redhat.com/show_bug.cgi?id=1573808

https://bugzilla.redhat.com/show_bug.cgi?id=1576751

https://bugzilla.redhat.com/show_bug.cgi?id=1579023

https://bugzilla.redhat.com/show_bug.cgi?id=1582597

https://bugzilla.redhat.com/show_bug.cgi?id=1582645

https://bugzilla.redhat.com/show_bug.cgi?id=1583792

https://bugzilla.redhat.com/show_bug.cgi?id=1583858

https://bugzilla.redhat.com/show_bug.cgi?id=1584279

https://bugzilla.redhat.com/show_bug.cgi?id=1584374

https://bugzilla.redhat.com/show_bug.cgi?id=1584396

https://bugzilla.redhat.com/show_bug.cgi?id=1584403

https://bugzilla.redhat.com/show_bug.cgi?id=1584404

https://bugzilla.redhat.com/show_bug.cgi?id=1584411

https://bugzilla.redhat.com/show_bug.cgi?id=1584416

https://bugzilla.redhat.com/show_bug.cgi?id=1584417

https://bugzilla.redhat.com/show_bug.cgi?id=1584754

https://bugzilla.redhat.com/show_bug.cgi?id=1585189

https://bugzilla.redhat.com/show_bug.cgi?id=1585362

https://bugzilla.redhat.com/show_bug.cgi?id=1586155

https://bugzilla.redhat.com/show_bug.cgi?id=1589951

https://bugzilla.redhat.com/show_bug.cgi?id=1590030

https://bugzilla.redhat.com/show_bug.cgi?id=1590031

https://bugzilla.redhat.com/show_bug.cgi?id=1590033

https://bugzilla.redhat.com/show_bug.cgi?id=1590368

https://bugzilla.redhat.com/show_bug.cgi?id=1590586

https://bugzilla.redhat.com/show_bug.cgi?id=1590607

https://bugzilla.redhat.com/show_bug.cgi?id=1590612

https://bugzilla.redhat.com/show_bug.cgi?id=1590613

https://bugzilla.redhat.com/show_bug.cgi?id=1590953

https://bugzilla.redhat.com/show_bug.cgi?id=1591782

https://bugzilla.redhat.com/show_bug.cgi?id=1592418

https://bugzilla.redhat.com/show_bug.cgi?id=1592963

https://bugzilla.redhat.com/show_bug.cgi?id=1592967

https://bugzilla.redhat.com/show_bug.cgi?id=1596760

https://bugzilla.redhat.com/show_bug.cgi?id=1597313

https://bugzilla.redhat.com/show_bug.cgi?id=1597972

https://bugzilla.redhat.com/show_bug.cgi?id=1599410

https://bugzilla.redhat.com/show_bug.cgi?id=1599883

https://bugzilla.redhat.com/show_bug.cgi?id=1600038

https://bugzilla.redhat.com/show_bug.cgi?id=1601348

https://bugzilla.redhat.com/show_bug.cgi?id=1607143

https://bugzilla.redhat.com/show_bug.cgi?id=1608450

http://www.nessus.org/u?94db4504

https://access.redhat.com/errata/RHSA-2018:2331

Plugin Details

Severity: High

ID: 194080

File Name: redhat-RHSA-2018-2331.nasl

Version: 1.1

Type: local

Agent: unix

Published: 4/27/2024

Updated: 6/3/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2018-1000115

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:python-novajoin, p-cpe:/a:redhat:enterprise_linux:puppet-manila, p-cpe:/a:redhat:enterprise_linux:openstack-tripleo-heat-templates, p-cpe:/a:redhat:enterprise_linux:puppet-ceilometer, p-cpe:/a:redhat:enterprise_linux:puppet-panko, p-cpe:/a:redhat:enterprise_linux:puppet-tripleo, p-cpe:/a:redhat:enterprise_linux:openstack-tripleo-common-devtools, p-cpe:/a:redhat:enterprise_linux:instack-undercloud, p-cpe:/a:redhat:enterprise_linux:puppet-heat, p-cpe:/a:redhat:enterprise_linux:puppet-aodh, p-cpe:/a:redhat:enterprise_linux:openstack-tripleo-common-container-base, p-cpe:/a:redhat:enterprise_linux:puppet-ceph, p-cpe:/a:redhat:enterprise_linux:openstack-tripleo-puppet-elements, p-cpe:/a:redhat:enterprise_linux:puppet-nova, p-cpe:/a:redhat:enterprise_linux:puppet-cinder, p-cpe:/a:redhat:enterprise_linux:puppet-trove, p-cpe:/a:redhat:enterprise_linux:openstack-tripleo-image-elements, p-cpe:/a:redhat:enterprise_linux:python-os-brick, p-cpe:/a:redhat:enterprise_linux:python-tripleoclient, p-cpe:/a:redhat:enterprise_linux:openstack-tripleo-common, p-cpe:/a:redhat:enterprise_linux:os-net-config, p-cpe:/a:redhat:enterprise_linux:openstack-tripleo-common-containers, p-cpe:/a:redhat:enterprise_linux:puppet-mistral, p-cpe:/a:redhat:enterprise_linux:puppet-neutron, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:puppet-keystone, p-cpe:/a:redhat:enterprise_linux:puppet-ironic, p-cpe:/a:redhat:enterprise_linux:puppet-glance

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/20/2018

Vulnerability Publication Date: 3/5/2018

Reference Information

CVE: CVE-2018-1000115

RHSA: 2018:2331