Detections
Analytics

Rocky Linux 8 : dnf (RLSA-2021:4464)

high Nessus Plugin ID 184731

Synopsis

The remote Rocky Linux host is missing a security update.

Description

The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2021:4464 advisory.

 - A flaw was found in libdnf's signature verification functionality in versions before 0.60.1. This flaw allows an attacker to achieve code execution if they can alter the header information of an RPM package and then trick a user or system into installing it. The highest risk of this vulnerability is to confidentiality, integrity, as well as system availability. (CVE-2021-3445)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://errata.rockylinux.org/RLSA-2021:4464

https://bugzilla.redhat.com/show_bug.cgi?id=1804234

https://bugzilla.redhat.com/show_bug.cgi?id=1818118

https://bugzilla.redhat.com/show_bug.cgi?id=1847035

https://bugzilla.redhat.com/show_bug.cgi?id=1893176

https://bugzilla.redhat.com/show_bug.cgi?id=1898293

https://bugzilla.redhat.com/show_bug.cgi?id=1904490

https://bugzilla.redhat.com/show_bug.cgi?id=1906970

https://bugzilla.redhat.com/show_bug.cgi?id=1913962

https://bugzilla.redhat.com/show_bug.cgi?id=1914827

https://bugzilla.redhat.com/show_bug.cgi?id=1918475

https://bugzilla.redhat.com/show_bug.cgi?id=1926261

https://bugzilla.redhat.com/show_bug.cgi?id=1926771

https://bugzilla.redhat.com/show_bug.cgi?id=1929163

https://bugzilla.redhat.com/show_bug.cgi?id=1929667

https://bugzilla.redhat.com/show_bug.cgi?id=1932079

https://bugzilla.redhat.com/show_bug.cgi?id=1934499

https://bugzilla.redhat.com/show_bug.cgi?id=1940345

https://bugzilla.redhat.com/show_bug.cgi?id=1951409

https://bugzilla.redhat.com/show_bug.cgi?id=1951411

https://bugzilla.redhat.com/show_bug.cgi?id=1951414

https://bugzilla.redhat.com/show_bug.cgi?id=1957280

https://bugzilla.redhat.com/show_bug.cgi?id=1961632

https://bugzilla.redhat.com/show_bug.cgi?id=1961633

https://bugzilla.redhat.com/show_bug.cgi?id=1961634

https://bugzilla.redhat.com/show_bug.cgi?id=1967454

Plugin Details

Severity: High

ID: 184731

File Name: rocky_linux_RLSA-2021-4464.nasl

Version: 1.0

Type: local

Published: 11/6/2023

Updated: 11/6/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 5.1

Temporal Score: 3.8

Vector: CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2021-3445

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:rocky:linux:dnf-plugins-core, p-cpe:/a:rocky:linux:libdnf, p-cpe:/a:rocky:linux:libdnf-debuginfo, p-cpe:/a:rocky:linux:libdnf-debugsource, p-cpe:/a:rocky:linux:libdnf-devel, p-cpe:/a:rocky:linux:python3-dnf, p-cpe:/a:rocky:linux:python3-dnf-plugin-post-transaction-actions, p-cpe:/a:rocky:linux:python3-dnf-plugin-versionlock, p-cpe:/a:rocky:linux:python3-dnf-plugins-core, p-cpe:/a:rocky:linux:python3-hawkey, p-cpe:/a:rocky:linux:python3-hawkey-debuginfo, p-cpe:/a:rocky:linux:python3-libdnf, p-cpe:/a:rocky:linux:python3-libdnf-debuginfo, p-cpe:/a:rocky:linux:yum, p-cpe:/a:rocky:linux:yum-utils, cpe:/o:rocky:linux:8, p-cpe:/a:rocky:linux:dnf, p-cpe:/a:rocky:linux:dnf-automatic, p-cpe:/a:rocky:linux:dnf-data

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RockyLinux/release, Host/RockyLinux/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/9/2021

Vulnerability Publication Date: 5/19/2021

Reference Information

CVE: CVE-2021-3445