Ubuntu 22.04 Yandex cloud
Результаты сканирования Ubuntu linux.
Вводные данные:
- vCPU 2; RAM 2 GB; Platform Intel Ice Lake; Guaranteed vCPU performance 100%
- Ubuntu 22.04
- Linux Kernel 5.15.0-83-generic on Ubuntu 22.04
Vulnerabilities
OpenSSH < 9.3p2 Vulnerability
Synopsis The SSH server running on the remote host is affected by a vulnerability. Description The version of OpenSSH installed on the remote host is prior to 9.3p2. It is, therefore, affected by a vulnerability as referenced in the release-9.3p2 advisory.
- Fix CVE-2023-38408 - a condition where specific libaries loaded via ssh-agent(1)’s PKCS#11 support could be abused to achieve remote code execution via a forwarded agent socket if the following (openssh-9.3p2-1)
See Also
https://www.openssh.com/txt/release-9.3p2
Solution Upgrade to OpenSSH version 9.3p2 or later.
Risk Factor Critical
CVSS v3.0 Base Score 9.8 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
VPR Score 5.2
CVSS v2.0 Base Score 10.0 (CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
References CVE-2023-38408
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 : Open VM Tools vulnerability (USN-6365-1)
Synopsis The remote Ubuntu host is missing a security update.
Description The remote Ubuntu 20.04 LTS / 22.04 LTS / 23.04 host has packages installed that are affected by a vulnerability as referenced in the USN-6365-1 advisory.
- A malicious actor that has been granted Guest Operation Privileges https://docs.vmware.com/en/VMware-vSphere/8.0/vsphere-security/GUID-6A952214-0E5E-4CCF-9D2A-90948FF643EC.html in a target virtual machine may be able to elevate their privileges if that target virtual machine has been assigned a more privileged Guest Alias https://vdc-download.vmware.com/vmwb-repository/dcr-public/d1902b0e-d479-46bf-8ac9-cee0e31e8ec0/07ce8dbd-db48-4261-9b8f-c6d3ad8ba472/vim.vm.guest.AliasManager.html . (CVE-2023-20900)
See Also https://ubuntu.com/security/notices/USN-6365-1
Solution Update the affected packages.
Risk Factor Medium
CVSS v3.0 Base Score 7.5 (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
CVSS v2.0 Base Score 6.8 (CVSS2#AV:A/AC:H/Au:N/C:C/I:C/A:C)
References
Ubuntu 22.04 LTS : file vulnerability (USN-6359-1)
Synopsis The remote Ubuntu host is missing a security update.
Description The remote Ubuntu 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6359-1 advisory.
- File before 5.43 has an stack-based buffer over-read in file_copystr in funcs.c. NOTE: File is the name of an Open Source project. (CVE-2022-48554)
See Also https://ubuntu.com/security/notices/USN-6359-1
Solution
Update the affected packages.
Risk Factor Medium
CVSS v3.0 Base Score 8.1 (CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H)
VPR Score 4.4 CVSS v2.0 Base Score 5.8 (CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:P)
References