Detections
Analytics
SUSE SLES15 Security Update : supportutils (SUSE-SU-2023:3803-1)
medium Nessus Plugin ID 182109
Language:
Synopsis
The remote SUSE host is missing a security update.Description
The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by a vulnerability as referenced in the SUSE-SU-2023:3803-1 advisory.Security Fixes:
- CVE-2022-45154: Removed iSCSI passwords (bsc#1207598).
Other fixes:
- Changes in version 3.1.26
- powerpc plugin to collect the slots and active memory (bsc#1210950)
- A Cleartext Storage of Sensitive Information vulnerability CVE-2022-45154
- supportconfig: collect BPF information (pr#154)
- Added additional iscsi information (pr#155)
- Added run time detection (bsc#1213127)
- Changes for supportutils version 3.1.25
- Removed iSCSI passwords CVE-2022-45154 (bsc#1207598)
- powerpc: Collect lsslot,amsstat, and opal elogs (pr#149)
- powerpc: collect invscout logs (pr#150)
- powerpc: collect RMC status logs (pr#151)
- Added missing nvme nbft commands (bsc#1211599)
- Fixed invalid nvme commands (bsc#1211598)
- Added missing podman information (PED-1703, bsc#1181477)
- Removed dependency on sysfstools
- Check for systool use (bsc#1210015)
- Added selinux checking (bsc#1209979)
- Updated SLES_VER matrix
- Fixed missing status detail for apparmor (bsc#1196933)
- Corrected invalid argument list in docker.txt (bsc#1206608)
- Applies limit equally to sar data and text files (bsc#1207543)
- Collects hwinfo hardware logs (bsc#1208928)
- Collects lparnumascore logs (issue#148)
- Add dependency to `numactl` on ppc64le and `s390x`, this enforces that `numactl --hardware` data is provided in supportconfigs
- Changes to supportconfig.rc version 3.1.11-35
- Corrected _sanitize_file to include iscsi.conf and others (bsc#1206402)
- Changes to supportconfig version 3.1.11-46.4
- Added plymouth_info
- Changes to getappcore version 1.53.02
- The location of chkbin was updated earlier. This documents that change (bsc#1205533, bsc#1204942)
Tenable has extracted the preceding description block directly from the SUSE security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected supportutils package.See Also
https://bugzilla.suse.com/1181477
https://bugzilla.suse.com/1196933
https://bugzilla.suse.com/1204942
https://bugzilla.suse.com/1205533
https://bugzilla.suse.com/1206402
https://bugzilla.suse.com/1206608
https://bugzilla.suse.com/1207543
https://bugzilla.suse.com/1207598
https://bugzilla.suse.com/1208928
https://bugzilla.suse.com/1209979
https://bugzilla.suse.com/1210015
https://bugzilla.suse.com/1210950
https://bugzilla.suse.com/1211598
https://bugzilla.suse.com/1211599
https://bugzilla.suse.com/1213127
Plugin Details
Severity: Medium
ID: 182109
File Name: suse_SU-2023-3803-1.nasl
Version: 1.1
Type: Local
Agent: unix
Family: SuSE Local Security Checks
Published: 9/28/2023
Updated: 6/26/2026
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, tenable_cloud_security, tenable_self_hosted_container_security, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
CVSS v2
Risk Factor: Medium
Base Score: 4.6
Temporal Score: 3.6
Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:N
CVSS Score Source: CVE-2022-45154
CVSS v3
Risk Factor: Medium
Base Score: 5.5
Temporal Score: 5
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:novell:suse_linux:supportutils, cpe:/o:novell:suse_linux:15
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 9/27/2023
Vulnerability Publication Date: 2/15/2023
Reference Information
CVE: CVE-2022-45154
SuSE: SUSE-SU-2023:3803-1