Detections
Analytics

RHEL 9 : nodejs:18 (RHSA-2024:1503)

high Nessus Plugin ID 192549

Language:

Synopsis

The remote Red Hat host is missing one or more security updates for nodejs:18.

Description

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1503 advisory.

 - A vulnerability in the privateDecrypt() API of the crypto library, allowed a covert timing side-channel during PKCS#1 v1.5 padding error handling. The vulnerability revealed significant timing differences in decryption for valid and invalid ciphertexts. This poses a serious threat as attackers could remotely exploit the vulnerability to decrypt captured RSA ciphertexts or forge signatures, especially in scenarios involving API endpoints processing Json Web Encryption messages. Impacts: Thank you, to hkario for reporting this vulnerability and thank you Michael Dawson for fixing it. (CVE-2023-46809)

 - On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE. Due to a bug in the implementation of this exception, Node.js incorrectly applies this exception even when certain other capabilities have been set. This allows unprivileged users to inject code that inherits the process's elevated privileges. (CVE-2024-21892)

 - A vulnerability in Node.js HTTP servers allows an attacker to send a specially crafted HTTP request with chunked encoding, leading to resource exhaustion and denial of service (DoS). The server reads an unbounded number of bytes from a single connection, exploiting the lack of limitations on chunk extension bytes. The issue can cause CPU and network bandwidth exhaustion, bypassing standard safeguards like timeouts and body size limits. (CVE-2024-22019)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL nodejs:18 package based on the guidance in RHSA-2024:1503.

See Also

https://access.redhat.com/security/cve/CVE-2023-46809

https://access.redhat.com/security/cve/CVE-2024-21892

https://access.redhat.com/security/cve/CVE-2024-22019

https://access.redhat.com/errata/RHSA-2024:1503

Plugin Details

Severity: High

ID: 192549

File Name: redhat-RHSA-2024-1503.nasl

Version: 1.0

Type: local

Agent: unix

Published: 3/25/2024

Updated: 3/25/2024

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.1

CVSS v2

Risk Factor: High

Base Score: 8.5

Temporal Score: 6.3

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:N

CVSS Score Source: CVE-2024-21892

CVSS v3

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.5

Vector: CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:9, p-cpe:/a:redhat:enterprise_linux:nodejs, p-cpe:/a:redhat:enterprise_linux:nodejs-devel, p-cpe:/a:redhat:enterprise_linux:nodejs-docs, p-cpe:/a:redhat:enterprise_linux:nodejs-full-i18n, p-cpe:/a:redhat:enterprise_linux:nodejs-nodemon, p-cpe:/a:redhat:enterprise_linux:nodejs-packaging, p-cpe:/a:redhat:enterprise_linux:nodejs-packaging-bundler, p-cpe:/a:redhat:enterprise_linux:npm

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 3/25/2024

Vulnerability Publication Date: 2/14/2024

Reference Information

CVE: CVE-2023-46809, CVE-2024-21892, CVE-2024-22019

CWE: 208, 385, 400, 94

RHSA: 2024:1503