Detections
Analytics
Oracle Linux 8 : container-tools:4.0 (ELSA-2024-0748)
high Nessus Plugin ID 190564
Language:
Synopsis
The remote Oracle Linux host is missing one or more security updates.Description
The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-0748 advisory.- runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem (attack 2). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run (attack 1). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes (attack 3a and attack 3b). runc 1.1.12 includes patches for this issue. (CVE-2024-21626)
- Before Go 1.20, the RSA based TLS key exchanges used the math/big library, which is not constant time. RSA blinding was applied to prevent timing attacks, but analysis shows this may not have been fully effective.
In particular it appears as if the removal of PKCS#1 padding may leak timing information, which in turn could be used to recover session key bits. In Go 1.20, the crypto/tls library switched to a fully constant time RSA implementation, which we do not believe exhibits any timing side channels. (CVE-2023-45287)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
Plugin Details
Severity: High
ID: 190564
File Name: oraclelinux_ELSA-2024-0748.nasl
Version: 1.2
Type: local
Agent: unix
Published: 2/15/2024
Updated: 3/8/2024
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Critical
Score: 9.9
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 6.4
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N
CVSS Score Source: CVE-2023-45287
CVSS v3
Risk Factor: High
Base Score: 8.6
Temporal Score: 8
Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
CVSS Score Source: CVE-2024-21626
Vulnerability Information
CPE: cpe:/a:oracle:linux:8::appstream, cpe:/o:oracle:linux:8, p-cpe:/a:oracle:linux:aardvark-dns, p-cpe:/a:oracle:linux:buildah, p-cpe:/a:oracle:linux:buildah-tests, p-cpe:/a:oracle:linux:cockpit-podman, p-cpe:/a:oracle:linux:conmon, p-cpe:/a:oracle:linux:container-selinux, p-cpe:/a:oracle:linux:containernetworking-plugins, p-cpe:/a:oracle:linux:containers-common, p-cpe:/a:oracle:linux:crit, p-cpe:/a:oracle:linux:criu, p-cpe:/a:oracle:linux:criu-devel, p-cpe:/a:oracle:linux:criu-libs, p-cpe:/a:oracle:linux:crun, p-cpe:/a:oracle:linux:fuse-overlayfs, p-cpe:/a:oracle:linux:libslirp, p-cpe:/a:oracle:linux:libslirp-devel, p-cpe:/a:oracle:linux:netavark, p-cpe:/a:oracle:linux:oci-seccomp-bpf-hook, p-cpe:/a:oracle:linux:podman, p-cpe:/a:oracle:linux:podman-catatonit, p-cpe:/a:oracle:linux:podman-docker, p-cpe:/a:oracle:linux:podman-gvproxy, p-cpe:/a:oracle:linux:podman-plugins, p-cpe:/a:oracle:linux:podman-remote, p-cpe:/a:oracle:linux:podman-tests, p-cpe:/a:oracle:linux:python3-criu, p-cpe:/a:oracle:linux:python3-podman, p-cpe:/a:oracle:linux:runc, p-cpe:/a:oracle:linux:skopeo, p-cpe:/a:oracle:linux:skopeo-tests, p-cpe:/a:oracle:linux:slirp4netns, p-cpe:/a:oracle:linux:udica
Required KB Items: Host/OracleLinux, Host/RedHat/release, Host/RedHat/rpm-list, Host/local_checks_enabled
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 2/14/2024
Vulnerability Publication Date: 12/5/2023
Exploitable With
Metasploit (runc (docker) File Descriptor Leak Privilege Escalation)
Reference Information
CVE: CVE-2023-45287, CVE-2024-21626
IAVA: 2024-A-0071
IAVB: 2023-B-0096-S