RancherOS < 1.5.2 Intel Microarchitectural Data Sampling Local Information Disclosure

medium Nessus Plugin ID 132256

Synopsis

The remote device is missing a vendor-supplied security patch

Description

The remote host is running a version of RancherOS prior to v1.5.2, hences is exposed to an Information Disclosure Vulnerability.

Microarchitectural Data Sampling (MDS) is a family of side channel attacks on internal buffers in Intel CPUs.
(CVE-2018-12126, CVE-2018-12130, CVE-2018-12127, CVE-2019-11091)

Solution

Upgrade to RancherOS v1.5.2 or later

See Also

https://rancher.com/docs/os/v1.x/en/about/security/

https://github.com/rancher/os/releases/tag/v1.5.2

https://www.kernel.org/doc/html/latest/x86/mds.html

Plugin Details

Severity: Medium

ID: 132256

File Name: rancheros_1_5_2.nasl

Version: 1.4

Type: local

Family: Misc.

Published: 12/19/2019

Updated: 8/19/2020

Risk Information

VPR

Risk Factor: High

Score: 7.1

CVSS v2

Risk Factor: Medium

Base Score: 4.7

Temporal Score: 3.5

Vector: AV:L/AC:M/Au:N/C:C/I:N/A:N

Temporal Vector: E:U/RL:OF/RC:C

CVSS Score Source: CVE-2018-12127

CVSS v3

Risk Factor: Medium

Base Score: 5.6

Temporal Score: 4.9

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

Temporal Vector: E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:rancher:rancheros

Required KB Items: Host/local_checks_enabled, Host/RancherOS/version, Host/RancherOS

Exploit Ease: No known exploits are available

Patch Publication Date: 5/31/2019

Vulnerability Publication Date: 5/30/2019

Reference Information

CVE: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091

BID: 108330