AWS EC2 Ubuntu linux 2204

Результаты сканирования amazon linux.

Вводные данные:

  • ec2 t2.micro
  • security group 22 port from any to any
  • AMI ID ami-03f65b8614a860c29
  • Linux Kernel 5.19.0-1025-aws on Ubuntu 22.04

Vulnerabilities

OpenSSH < 9.3p2 Vulnerability

Synopsis

The SSH server running on the remote host is affected by a vulnerability.

Description

The version of OpenSSH installed on the remote host is prior to 9.3p2. It is, therefore, affected by a vulnerability as referenced in the release-9.3p2 advisory.

  • Fix CVE-2023-38408 - a condition where specific libaries loaded via ssh-agent(1)’s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if the following (openssh-9.3p2-1)

More

https://www.openssh.com/txt/release-9.3p2

Solution

Upgrade to OpenSSH version 9.3p2 or later.

Risk Factor

Critical

CVSS v3.0 Base Score

9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

VPR Score

5.2

CVSS v2.0 Base Score

10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

References

CVE: CVE-2023-38408

Linux Kernel Detection of MDS vulnerabilities (MDSUM/RIDL) (MFBDS/RIDL/ZombieLoad) (MLPDS/RIDL) (MSBDS/Fallout)

Synopsis

The remote Linux kernel is affected by a series of information disclosure vulnerabilities.

Description

According to the remote Linux kernel, this system is vulnerable to the following information disclosure vulnerabilities:

  • MSBDS leaks Store Buffer Entries which can be speculatively forwarded to a dependent load (store-to-load forwarding) as an optimization. The forward can also happen to a faulting or assisting load operation for a different memory address, which can cause an issue under certain conditions. Store buffers are partitioned between Hyper-Threads so cross thread forwarding is not possible. But if a thread enters or exits a sleep state the store buffer is repartitioned which can expose data from one thread to the other.(MSBDS/Fallout) (CVE-2018-12126)

  • MLDPS leaks Load Port Data. Load ports are used to perform load operations from memory or I/O. The received data is then forwarded to the register file or a subsequent operation. In some implementations the Load Port can contain stale data from a previous operation which can be forwarded to faulting or assisting loads under certain conditions, which again can cause an issue eventually. Load ports are shared between Hyper-Threads so cross thread leakage is possible. (MLPDS/RIDL) (CVE-2018-12127)

  • MFBDS leaks Fill Buffer Entries. Fill buffers are used internally to manage L1 miss situations and to hold data which is returned or sent in response to a memory or I/O operation. Fill buffers can forward data to a load operation and also write data to the cache. When the fill buffer is deallocated it can retain the stale data of the preceding operations which can then be forwarded to a faulting or assisting load operation, which can cause an issue under certain conditions. Fill buffers are shared between Hyper-Threads so cross thread leakage is possible. (MFBDS/RIDL/ZombieLoad) (CVE-2018-12130)

  • MDSUM is a special case of MSBDS, MFBDS and MLPDS. An uncacheable load from memory that takes a fault or assist can leave data in a microarchitectural structure that may later be observed using one of the same methods used by MSBDS, MFBDS or MLPDS. (MDSUM/RIDL) (CVE-2019-11091)

To address these issues, update the kernel packages on your Linux system, disable Simultaneous Multi-Threading (SMT) or otherwise configure it to a non-vulnerable state, and apply microcode fixes to your hardware. Consult your Linux distribution and processor hardware vendors for details and patches.

See Also

https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html

Solution

  1. Ensure the latest kernel and package updates are applied to your linux packages for your OS distribution.
  2. Either disable SMT or configure it to a non-vulnerable state. Consult your processor manufacturer for details.
  3. Apply the appropriate microcode fix for your hardware. Consult your processor manufacturer for details.

Risk Factor

Medium

CVSS v3.0 Base Score

5.6 (CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N)

VPR Score

7.1

CVSS v2.0 Base Score

4.7 (CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N)

References:

CVE-2018-12127

CVE-2018-12130

CVE-2019-11091

CEA-ID:CEA-2019-0547

CEA-ID:CEA-2019-0324

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS : snapd vulnerability (USN-6125-1)

Synopsis The remote Ubuntu host is missing a security update.

Description The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6125-1 advisory.

See Also https://ubuntu.com/security/notices/USN-6125-1

Solution Update the affected packages.

Risk Factor Critical

CVSS v3.0 Base Score 10.0 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H)

VPR Score 7.3

CVSS v2.0 Base Score 10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

References

CVE-2023-1523

XREF USN:6125-1

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : OpenSSH vulnerability (USN-6242-1)

Synopsis The remote Ubuntu host is missing a security update.

Description The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6242-1 advisory.

  • The PKCS#11 feature in ssh-agent in OpenSSH before 9.3p2 has an insufficiently trustworthy search path, leading to remote code execution if an agent is forwarded to an attacker-controlled system. (Code in /usr/lib is not necessarily safe for loading into ssh-agent.) NOTE: this issue exists because of an incomplete fix for CVE-2016-10009. (CVE-2023-38408)

See Also https://ubuntu.com/security/notices/USN-6242-1

Solution Update the affected packages.

Risk Factor Critical

CVSS v3.0 Base Score 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

VPR Score 5.2

CVSS v2.0 Base Score 10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

References CVE CVE-2023-38408

XREF USN:6242-1

XREF IAVA:2023-A-0377

Ubuntu 22.04 LTS : json-c vulnerability (USN-6310-1)

Synopsis The remote Ubuntu host is missing a security update.

Description The remote Ubuntu 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6310-1 advisory.

  • An issue was discovered in json-c through 0.15-20200726. A stack-buffer-overflow exists in the function parseit located in json_parse.c. It allows an attacker to cause code Execution. (CVE-2021-32292)

See Also https://ubuntu.com/security/notices/USN-6310-1

Solution Update the affected libjson-c-dev and / or libjson-c5 packages.

Risk Factor Critical

CVSS v3.0 Base Score 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

VPR Score 7.4

CVSS v2.0 Base Score 10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

References

CVE-2021-32292

USN:6310-1

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : AMD Microcode vulnerability (USN-6319-1)

Synopsis The remote Ubuntu host is missing a security update.

Description The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 host has a package installed that is affected by a vulnerability as referenced in the USN-6319-1 advisory.

  • A side channel vulnerability on some of the AMD CPUs may allow an attacker to influence the return address prediction. This may result in speculative execution at an attacker-controlled?address, potentially leading to information disclosure. (CVE-2023-20569)

See Also https://ubuntu.com/security/notices/USN-6319-1

Solution Update the affected amd64-microcode package.

Risk Factor High CVSS v3.0 Base Score 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N)

VPR Score 6.1

CVSS v2.0 Base Score 7.8 (CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N)

References

CVE CVE-2023-20569

XREF USN:6319-1

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : Python vulnerability (USN-6139-1)

Synopsis The remote Ubuntu host is missing a security update.

Description The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6139-1 advisory.

  • An issue in the urllib.parse component of Python before v3.11 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters. (CVE-2023-24329)

See Also https://ubuntu.com/security/notices/USN-6139-1

Solution

Update the affected packages.

Risk Factor High

CVSS v3.0 Base Score 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N)

VPR Score 6.7

CVSS v2.0 Base Score 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:C/A:N)

STIG Severity I

References

CVE CVE-2023-24329

XREF USN:6139-1

XREF IAVA:2023-A-0283-S

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : Vim vulnerabilities (USN-6154-1)

Synopsis The remote Ubuntu host is missing one or more security updates.

Description The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6154-1 advisory.

  • Use of Out-of-range Pointer Offset in GitHub repository vim/vim prior to 9.0.1499. (CVE-2023-2426)

  • NULL Pointer Dereference in GitHub repository vim/vim prior to 9.0.1531. (CVE-2023-2609)

  • Integer Overflow or Wraparound in GitHub repository vim/vim prior to 9.0.1532. (CVE-2023-2610)

See Also https://ubuntu.com/security/notices/USN-6154-1

Solution Update the affected packages.

Risk Factor High

CVSS v3.0 Base Score 7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

VPR Score 6.7

CVSS v2.0 Base Score 7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

STIG Severity I

References

CVE CVE-2023-2426

CVE CVE-2023-2609

CVE CVE-2023-2610

XREF USN:6154-1

XREF IAVB:2023-B-0033-S

XREF IAVB:2023-B-0035-S

XREF IAVB:2023-B-0039-S

Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 / 23.04 : GNU binutils vulnerabilities (USN-6101-1)

Synopsis The remote Ubuntu host is missing one or more security updates.

Description The remote Ubuntu 16.04 ESM / 18.04 LTS / 20.04 LTS / 22.04 LTS / 22.10 / 23.04 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6101-1 advisory.

  • Heap based buffer overflow in binutils-gdb/bfd/libbfd.c in bfd_getl64. (CVE-2023-1579)

  • A potential heap based buffer overflow was found in _bfd_elf_slurp_version_tables() in bfd/elf.c. This may lead to loss of availability. (CVE-2023-1972)

See Also https://ubuntu.com/security/notices/USN-6101-1

Solution Update the affected packages.

Risk Factor High CVSS v3.0 Base Score 7.8 (CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)

VPR Score 6.7

CVSS v2.0 Base Score 7.2 (CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C)

References CVE CVE-2023-1579

CVE CVE-2023-1972

CVE CVE-2023-25584

CVE CVE-2023-25585

CVE CVE-2023-25588

XREF USN:6101-1

Ubuntu 18.04 ESM / 20.04 LTS / 22.04 LTS : Vim vulnerabilities (USN-6302-1)

Synopsis The remote Ubuntu host is missing one or more security updates.

Description The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6119-1 advisory.

  • Issue summary: The AES-XTS cipher decryption implementation for 64 bit ARM platform contains a bug that could cause it to read past the input buffer, leading to a crash. Impact summary: Applications that use the AES-XTS algorithm on the 64 bit ARM platform can crash in rare circumstances. The AES-XTS algorithm is usually used for disk encryption. The AES-XTS cipher decryption implementation for 64 bit ARM platform will read past the end of the ciphertext buffer if the ciphertext size is 4 mod 5 in 16 byte blocks, e.g. 144 bytes or 1024 bytes. If the memory after the ciphertext buffer is unmapped, this will trigger a crash which results in a denial of service. If an attacker can control the size and location of the ciphertext buffer being decrypted by an application using AES-XTS on 64 bit ARM, the application is affected. This is fairly unlikely making this issue a Low severity one. (CVE-2023-1255)

  • Issue summary: Processing some specially crafted ASN.1 object identifiers or data containing them may be very slow. Impact summary: Applications that use OBJ_obj2txt() directly, or use any of the OpenSSL subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS with no message size limit may experience notable to very long delays when processing those messages, which may lead to a Denial of Service. An OBJECT IDENTIFIER is composed of a series of numbers - sub-identifiers - most of which have no size limit. OBJ_obj2txt() may be used to translate an ASN.1 OBJECT IDENTIFIER given in DER encoding form (using the OpenSSL type ASN1_OBJECT) to its canonical numeric text form, which are the sub-identifiers of the OBJECT IDENTIFIER in decimal form, separated by periods. When one of the sub-identifiers in the OBJECT IDENTIFIER is very large (these are sizes that are seen as absurdly large, taking up tens or hundreds of KiBs), the translation to a decimal number in text may take a very long time. The time complexity is O(n^2) with ’n' being the size of the sub-identifiers in bytes (*). With OpenSSL 3.0, support to fetch cryptographic algorithms using names / identifiers in string form was introduced. This includes using OBJECT IDENTIFIERs in canonical numeric text form as identifiers for fetching algorithms. Such OBJECT IDENTIFIERs may be received through the ASN.1 structure AlgorithmIdentifier, which is commonly used in multiple protocols to specify what cryptographic algorithm should be used to sign or verify, encrypt or decrypt, or digest passed data. Applications that call OBJ_obj2txt() directly with untrusted data are affected, with any version of OpenSSL. If the use is for the mere purpose of display, the severity is considered low. In OpenSSL 3.0 and newer, this affects the subsystems OCSP, PKCS7/SMIME, CMS, CMP/CRMF or TS. It also impacts anything that processes X.509 certificates, including simple things like verifying its signature. The impact on TLS is relatively low, because all versions of OpenSSL have a 100KiB limit on the peer’s certificate chain. Additionally, this only impacts clients, or servers that have explicitly enabled client authentication. In OpenSSL 1.1.1 and 1.0.2, this only affects displaying diverse objects, such as X.509 certificates. This is assumed to not happen in such a way that it would cause a Denial of Service, so these versions are considered not affected by this issue in such a way that it would be cause for concern, and the severity is therefore considered low. (CVE-2023-2650)

See Also https://ubuntu.com/security/notices/USN-6119-1

Solution Update the affected packages.

Risk Factor High

CVSS v3.0 Base Score 6.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)

VPR Score 4.4

CVSS v2.0 Base Score 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

STIG Severity I

References CVE CVE-2023-1255

CVE CVE-2023-2650

XREF USN:6119-1

XREF IAVA:2023-A-0158-S

Ubuntu 20.04 LTS / 22.04 LTS / 22.10 : Bind vulnerabilities (USN-6183-1)

Synopsis The remote Ubuntu host is missing one or more security updates.

Description The remote Ubuntu 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6183-1 advisory.

  • Every named instance configured to run as a recursive resolver maintains a cache database holding the responses to the queries it has recently sent to authoritative servers. The size limit for that cache database can be configured using the max-cache-size statement in the configuration file; it defaults to 90% of the total amount of memory available on the host. When the size of the cache reaches 7/8 of the configured limit, a cache-cleaning algorithm starts to remove expired and/or least-recently used RRsets from the cache, to keep memory use below the configured limit. It has been discovered that the effectiveness of the cache-cleaning algorithm used in named can be severely diminished by querying the resolver for specific RRsets in a certain order, effectively allowing the configured max-cache-size limit to be significantly exceeded. This issue affects BIND 9 versions 9.11.0 through 9.16.41, 9.18.0 through 9.18.15, 9.19.0 through 9.19.13, 9.11.3-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. (CVE-2023-2828)

  • If the recursive-clients quota is reached on a BIND 9 resolver configured with both stale-answer-enable yes; and stale-answer-client-timeout 0;, a sequence of serve-stale-related lookups could cause named to loop and terminate unexpectedly due to a stack overflow. This issue affects BIND 9 versions 9.16.33 through 9.16.41, 9.18.7 through 9.18.15, 9.16.33-S1 through 9.16.41-S1, and 9.18.11-S1 through 9.18.15-S1. (CVE-2023-2911)

See Also https://ubuntu.com/security/notices/USN-6183-1

Solution Update the affected packages.

Risk Factor High CVSS v3.0 Base Score 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

VPR Score 4.4

CVSS v2.0 Base Score 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

STIG Severity I

References CVE CVE-2023-2828

CVE CVE-2023-2911

XREF USN:6183-1

XREF IAVA:2023-A-0320

Ubuntu 20.04 LTS / 22.04 LTS / 22.10 : Perl vulnerability (USN-6112-2)

Synopsis The remote Ubuntu host is missing a security update.

Description The remote Ubuntu 20.04 LTS / 22.04 LTS / 22.10 host has packages installed that are affected by a vulnerability as referenced in the USN-6112-2 advisory.

  • CPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS. (CVE-2023-31484)

See Also https://ubuntu.com/security/notices/USN-6112-2

Solution Update the affected packages.

Risk Factor High

CVSS v3.0 Base Score 8.1 (CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)

VPR Score 6.7

CVSS v2.0 Base Score 7.6 (CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)

References CVE CVE-2023-31484

XREF USN:6112-2

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : libx11 vulnerability (USN-6168-1)

Synopsis The remote Ubuntu host is missing a security update.

Description The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6168-1 advisory.

See Also https://ubuntu.com/security/notices/USN-6168-1

Solution Update the affected packages.

Risk Factor High

CVSS v3.0 Base Score 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)

VPR Score 3.6

CVSS v2.0 Base Score 7.8 (CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)

References CVE CVE-2023-3138

XREF USN:6168-1

Ubuntu 20.04 LTS / 22.04 LTS : GLib vulnerabilities (USN-6165-1)

Synopsis The remote Ubuntu host is missing one or more security updates.

Description The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6165-1 advisory.

  • In GNOME GLib 2.56.1, g_markup_parse_context_end_parse() in gmarkup.c has a NULL pointer dereference. (CVE-2018-16428) (CVE-2023-24593, CVE-2023-25180)

See Also https://ubuntu.com/security/notices/USN-6165-1

Solution Update the affected packages.

Risk Factor High

CVSS v3.0 Base Score 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)

VPR Score 7.4

CVSS v2.0 Base Score 7.5 (CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

References CVE CVE-2023-24593

CVE CVE-2023-25180

CVE CVE-2023-29499

CVE CVE-2023-32611

CVE CVE-2023-32636

CVE CVE-2023-32643

CVE CVE-2023-32665

XREF USN:6165-1

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : AMD Microcode vulnerability (USN-6244-1)

Synopsis The remote Ubuntu host is missing a security update.

Description The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 host has a package installed that is affected by a vulnerability as referenced in the USN-6244-1 advisory.

  • An issue in Zen 2 CPUs, under specific microarchitectural circumstances, may allow an attacker to potentially access sensitive information. (CVE-2023-20593)

See Also https://ubuntu.com/security/notices/USN-6244-1

Solution Update the affected amd64-microcode package.

Risk Factor Medium

CVSS v3.0 Base Score 5.5 (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N)

VPR Score 6.9

CVSS v2.0 Base Score 4.6 (CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:N)

References CVE CVE-2023-20593

XREF USN:6244-1

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 : Intel Microcode vulnerabilities (USN-6286-1)

Synopsis The remote Ubuntu host is missing one or more security updates.

Description The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 LTS / 22.04 LTS / 23.04 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6286-1 advisory.

  • Information exposure through microarchitectural state after transient execution in certain vector execution units for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. (CVE-2022-40982)

  • Unauthorized error injection in Intel(R) SGX or Intel(R) TDX for some Intel(R) Xeon(R) Processors may allow a privileged user to potentially enable escalation of privilege via local access. (CVE-2022-41804)

  • Improper access control in some 3rd Generation Intel(R) Xeon(R) Scalable processors may allow a privileged user to potentially enable information disclosure via local access. (CVE-2023-23908)

See Also https://ubuntu.com/security/notices/USN-6286-1

Solution Update the affected intel-microcode package.

Risk Factor Medium

CVSS v3.0 Base Score 6.7 (CVSS:3.0/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H)

VPR Score 7.7

CVSS v2.0 Base Score 6.5 (CVSS2#AV:L/AC:L/Au:M/C:C/I:C/A:C)

References CVE CVE-2022-40982

CVE CVE-2022-41804

CVE CVE-2023-23908

XREF USN:6286-1