RHEL 7:openshift (RHSA-2016:0070)
critical Nessus Plugin ID 119442
語系:
概要
遠端 Red Hat 主機缺少一個或多個安全性更新。說明
Red Hat OpenShift Enterprise 3.1.1 版現在隨附套件更新,可修正數個安全性問題、錯誤並推出增強功能。Red Hat 產品安全性團隊已將此更新評等為具有重要安全性影響。可針對每個弱點從〈參照〉一節的 CVE 連結中取得常見弱點評分系統 (CVSS) 的基本分數,其中包含有關嚴重性評等的詳細資訊。Red Hat 的 OpenShift Enterprise 是該公司的雲端運算平台即服務 (PaaS) 解決方案,專門針對內部部署或私有雲端部署而設計。此版本已解決以下安全性問題:在 Kubernetes 中發現一個授權缺陷;處理特定要求時,API 伺服器未正確檢查使用者權限。經驗證的遠端攻擊者可利用此缺陷取得資源的其他存取權,例如 RAM 和磁碟空間。(CVE-2016-1905) 在 Kubernetes 中發現一個授權缺陷;處理特定組建組態策略時,API 伺服器未正確檢查使用者權限。遠端攻擊者可使用違反原則的策略,建立組建組態。雖然攻擊者無法自行啟動組建 (違反原則時啟動失敗),但是如果之後其他具權限的服務 (例如,自動化觸發) 啟動組建組態檔,則可繞過使用者權限,進而允許使用者提升。(CVE-2016-1906) Jenkins Continuous Integration Server 的更新可解決大量安全性問題,包括 XSS、CSRF,資訊洩漏和程式碼執行也已經解決。(CVE-2013-2186、CVE-2014-1869、CVE-2014-3661、CVE-2014-3662、CVE-2014-3663、CVE-2014-3664、CVE-2014-3666、CVE-2014-3667、CVE-2014-3680、CVE-2014-3681、CVE-2015-1806、CVE-2015-1807、CVE-2015-1808、CVE-2015-1810、CVE-2015-1812、CVE-2015-1813、CVE-2015-1814、CVE-2015-5317、CVE-2015-5318、CVE-2015-5319、CVE-2015-5320、CVE-2015-5321、CVE-2015-5322、CVE-2015-5323、CVE-2015-5324、CVE-2015-5325、CVE-2015-5326、CVE-2015-7537、CVE-2015-7538、CVE-2015-7539、CVE-2015-8103) 因空間所限,無法在此公告中記錄所有錯誤修正與增強功能。如需有關這些變更的詳細資訊,請參閱 OpenShift Enterprise 3.1 版本資訊,這項資訊不久將在 3.1.1 版中更新:https://docs.openshift.com/enterprise/3.1/release_notes/ ose_3_1_release_notes.html 建議所有 OpenShift Enterprise 3 使用者皆升級至這些更新版套件。解決方案
更新受影響的套件。另請參閱
https://access.redhat.com/errata/RHSA-2016:0070
https://access.redhat.com/security/cve/cve-2013-2186
https://access.redhat.com/security/cve/cve-2014-1869
https://access.redhat.com/security/cve/cve-2014-3661
https://access.redhat.com/security/cve/cve-2014-3662
https://access.redhat.com/security/cve/cve-2014-3663
https://access.redhat.com/security/cve/cve-2014-3664
https://access.redhat.com/security/cve/cve-2014-3666
https://access.redhat.com/security/cve/cve-2014-3667
https://access.redhat.com/security/cve/cve-2014-3680
https://access.redhat.com/security/cve/cve-2014-3681
https://access.redhat.com/security/cve/cve-2015-1806
https://access.redhat.com/security/cve/cve-2015-1807
https://access.redhat.com/security/cve/cve-2015-1808
https://access.redhat.com/security/cve/cve-2015-1810
https://access.redhat.com/security/cve/cve-2015-1812
https://access.redhat.com/security/cve/cve-2015-1813
https://access.redhat.com/security/cve/cve-2015-1814
https://access.redhat.com/security/cve/cve-2015-5317
https://access.redhat.com/security/cve/cve-2015-5318
https://access.redhat.com/security/cve/cve-2015-5319
https://access.redhat.com/security/cve/cve-2015-5320
https://access.redhat.com/security/cve/cve-2015-5321
https://access.redhat.com/security/cve/cve-2015-5322
https://access.redhat.com/security/cve/cve-2015-5323
https://access.redhat.com/security/cve/cve-2015-5324
https://access.redhat.com/security/cve/cve-2015-5325
https://access.redhat.com/security/cve/cve-2015-5326
https://access.redhat.com/security/cve/cve-2015-7537
https://access.redhat.com/security/cve/cve-2015-7538
https://access.redhat.com/security/cve/cve-2015-7539
https://access.redhat.com/security/cve/cve-2015-8103
https://access.redhat.com/security/cve/cve-2016-1905
Plugin 詳細資訊
嚴重性: Critical
ID: 119442
檔案名稱: redhat-RHSA-2016-0070.nasl
版本: 1.7
類型: local
代理程式: unix
已發布: 2018/12/6
已更新: 2023/5/14
支援的感應器: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
風險資訊
VPR
風險因素: High
分數: 7.4
CVSS v2
風險因素: Critical
基本分數: 10
時間分數: 8.3
媒介: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C
CVSS 評分資料來源: CVE-2016-1906
CVSS v3
風險因素: Critical
基本分數: 9.8
時間分數: 9.1
媒介: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
時間媒介: CVSS:3.0/E:F/RL:O/RC:C
弱點資訊
CPE: p-cpe:/a:redhat:enterprise_linux:nodejs-ansi-green, p-cpe:/a:redhat:enterprise_linux:nodejs-duplexify, p-cpe:/a:redhat:enterprise_linux:nodejs-is-plain-obj, p-cpe:/a:redhat:enterprise_linux:nodejs-is-stream, p-cpe:/a:redhat:enterprise_linux:nodejs-latest-version, p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.keys, p-cpe:/a:redhat:enterprise_linux:nodejs-package-json, p-cpe:/a:redhat:enterprise_linux:nodejs-preserve, p-cpe:/a:redhat:enterprise_linux:nodejs-semver, p-cpe:/a:redhat:enterprise_linux:nodejs-xdg-basedir, p-cpe:/a:redhat:enterprise_linux:openvswitch-devel, p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients-redistributable, p-cpe:/a:redhat:enterprise_linux:nodejs-fill-range, p-cpe:/a:redhat:enterprise_linux:nodejs-glob-parent, p-cpe:/a:redhat:enterprise_linux:nodejs-is-extglob, p-cpe:/a:redhat:enterprise_linux:nodejs-isobject, p-cpe:/a:redhat:enterprise_linux:nodejs-optimist, p-cpe:/a:redhat:enterprise_linux:nodejs-pinkie, p-cpe:/a:redhat:enterprise_linux:nodejs-regex-cache, p-cpe:/a:redhat:enterprise_linux:openshift-ansible-playbooks, p-cpe:/a:redhat:enterprise_linux:atomic-openshift-dockerregistry, p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.getnative, p-cpe:/a:redhat:enterprise_linux:nodejs-micromatch, p-cpe:/a:redhat:enterprise_linux:nodejs-object-assign, p-cpe:/a:redhat:enterprise_linux:nodejs-read-all-stream, p-cpe:/a:redhat:enterprise_linux:openvswitch-debuginfo, p-cpe:/a:redhat:enterprise_linux:nodejs-ansi-wrap, p-cpe:/a:redhat:enterprise_linux:nodejs-anymatch, p-cpe:/a:redhat:enterprise_linux:nodejs-async-each, p-cpe:/a:redhat:enterprise_linux:nodejs-create-error-class, p-cpe:/a:redhat:enterprise_linux:nodejs-end-of-stream, p-cpe:/a:redhat:enterprise_linux:nodejs-got, p-cpe:/a:redhat:enterprise_linux:nodejs-is-equal-shallow, p-cpe:/a:redhat:enterprise_linux:nodejs-is-redirect, p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.baseassign, p-cpe:/a:redhat:enterprise_linux:nodejs-registry-url, p-cpe:/a:redhat:enterprise_linux:nodejs-capture-stack-trace, p-cpe:/a:redhat:enterprise_linux:nodejs-deep-extend, p-cpe:/a:redhat:enterprise_linux:nodejs-error-ex, p-cpe:/a:redhat:enterprise_linux:nodejs-lazy-cache, p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.assign, p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.isiterateecall, p-cpe:/a:redhat:enterprise_linux:nodejs-mkdirp, p-cpe:/a:redhat:enterprise_linux:nodejs-os-tmpdir, p-cpe:/a:redhat:enterprise_linux:nodejs-pinkie-promise, p-cpe:/a:redhat:enterprise_linux:nodejs-ps-tree, p-cpe:/a:redhat:enterprise_linux:nodejs-readdirp, p-cpe:/a:redhat:enterprise_linux:nodejs-strip-json-comments, p-cpe:/a:redhat:enterprise_linux:nodejs-unzip-response, p-cpe:/a:redhat:enterprise_linux:nss_wrapper, p-cpe:/a:redhat:enterprise_linux:heapster, p-cpe:/a:redhat:enterprise_linux:jenkins, p-cpe:/a:redhat:enterprise_linux:nodejs-event-stream, p-cpe:/a:redhat:enterprise_linux:nodejs-for-in, p-cpe:/a:redhat:enterprise_linux:nodejs-is-number, p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.defaults, p-cpe:/a:redhat:enterprise_linux:nodejs-prepend-http, p-cpe:/a:redhat:enterprise_linux:nodejs-repeat-element, p-cpe:/a:redhat:enterprise_linux:nodejs-semver-diff, p-cpe:/a:redhat:enterprise_linux:nodejs-split, p-cpe:/a:redhat:enterprise_linux:nodejs-stream-combiner, p-cpe:/a:redhat:enterprise_linux:nodejs-success-symbol, p-cpe:/a:redhat:enterprise_linux:nodejs-uuid, p-cpe:/a:redhat:enterprise_linux:openshift-ansible-filter-plugins, p-cpe:/a:redhat:enterprise_linux:atomic-openshift, p-cpe:/a:redhat:enterprise_linux:atomic-openshift-master, p-cpe:/a:redhat:enterprise_linux:atomic-openshift-pod, p-cpe:/a:redhat:enterprise_linux:nodejs-is-binary-path, p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.basecopy, p-cpe:/a:redhat:enterprise_linux:nodejs-node-status-codes, p-cpe:/a:redhat:enterprise_linux:nodejs-os-homedir, p-cpe:/a:redhat:enterprise_linux:nodejs-parse-glob, p-cpe:/a:redhat:enterprise_linux:nodejs-touch, p-cpe:/a:redhat:enterprise_linux:openshift-ansible, p-cpe:/a:redhat:enterprise_linux:nodejs-arr-flatten, p-cpe:/a:redhat:enterprise_linux:nodejs-binary-extensions, p-cpe:/a:redhat:enterprise_linux:nodejs-extglob, p-cpe:/a:redhat:enterprise_linux:nodejs-graceful-fs, p-cpe:/a:redhat:enterprise_linux:nodejs-is-extendable, p-cpe:/a:redhat:enterprise_linux:nodejs-is-primitive, p-cpe:/a:redhat:enterprise_linux:nodejs-through, p-cpe:/a:redhat:enterprise_linux:nodejs-undefsafe, p-cpe:/a:redhat:enterprise_linux:atomic-openshift-sdn-ovs, p-cpe:/a:redhat:enterprise_linux:nodejs-arrify, p-cpe:/a:redhat:enterprise_linux:nodejs-for-own, p-cpe:/a:redhat:enterprise_linux:nodejs-glob-base, p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.restparam, p-cpe:/a:redhat:enterprise_linux:nodejs-pause-stream, p-cpe:/a:redhat:enterprise_linux:nodejs-rc, p-cpe:/a:redhat:enterprise_linux:nodejs-url-parse-lax, p-cpe:/a:redhat:enterprise_linux:nss_wrapper-debuginfo, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:nodejs-arr-diff, p-cpe:/a:redhat:enterprise_linux:nodejs-is-glob, p-cpe:/a:redhat:enterprise_linux:nodejs-string-length, p-cpe:/a:redhat:enterprise_linux:nodejs-update-notifier, p-cpe:/a:redhat:enterprise_linux:nodejs-write-file-atomic, p-cpe:/a:redhat:enterprise_linux:openvswitch, p-cpe:/a:redhat:enterprise_linux:atomic-openshift-recycle, p-cpe:/a:redhat:enterprise_linux:nodejs-align-text, p-cpe:/a:redhat:enterprise_linux:nodejs-chokidar, p-cpe:/a:redhat:enterprise_linux:nodejs-expand-range, p-cpe:/a:redhat:enterprise_linux:nodejs-from, p-cpe:/a:redhat:enterprise_linux:tuned-profiles-atomic-openshift-node, p-cpe:/a:redhat:enterprise_linux:nodejs-array-unique, p-cpe:/a:redhat:enterprise_linux:nodejs-es6-promise, p-cpe:/a:redhat:enterprise_linux:nodejs-filename-regex, p-cpe:/a:redhat:enterprise_linux:nodejs-nodemon, p-cpe:/a:redhat:enterprise_linux:nodejs-osenv, p-cpe:/a:redhat:enterprise_linux:nodejs-timed-out, p-cpe:/a:redhat:enterprise_linux:openshift-ansible-docs, p-cpe:/a:redhat:enterprise_linux:openshift-ansible-lookup-plugins, p-cpe:/a:redhat:enterprise_linux:nodejs-expand-brackets, p-cpe:/a:redhat:enterprise_linux:nodejs-is-dotfile, p-cpe:/a:redhat:enterprise_linux:nodejs-normalize-path, p-cpe:/a:redhat:enterprise_linux:openvswitch-test, p-cpe:/a:redhat:enterprise_linux:atomic-openshift-clients, p-cpe:/a:redhat:enterprise_linux:atomic-openshift-node, p-cpe:/a:redhat:enterprise_linux:nodejs-ini, p-cpe:/a:redhat:enterprise_linux:nodejs-is-npm, p-cpe:/a:redhat:enterprise_linux:nodejs-kind-of, p-cpe:/a:redhat:enterprise_linux:nodejs-lowercase-keys, p-cpe:/a:redhat:enterprise_linux:nodejs-map-stream, p-cpe:/a:redhat:enterprise_linux:nodejs-object.omit, p-cpe:/a:redhat:enterprise_linux:nodejs-slide, p-cpe:/a:redhat:enterprise_linux:openshift-ansible-roles, p-cpe:/a:redhat:enterprise_linux:nodejs-braces, p-cpe:/a:redhat:enterprise_linux:origin-kibana, p-cpe:/a:redhat:enterprise_linux:python-openvswitch, p-cpe:/a:redhat:enterprise_linux:atomic-openshift-utils, p-cpe:/a:redhat:enterprise_linux:nodejs-configstore, p-cpe:/a:redhat:enterprise_linux:nodejs-duplexer, p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.bindcallback, p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.createassigner, p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.isarguments, p-cpe:/a:redhat:enterprise_linux:nodejs-lodash.isarray, p-cpe:/a:redhat:enterprise_linux:nodejs-parse-json, p-cpe:/a:redhat:enterprise_linux:nodejs-randomatic
必要的 KB 項目: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
可被惡意程式利用: true
可輕鬆利用: Exploits are available
修補程式發佈日期: 2016/1/26
弱點發布日期: 2013/10/28
CISA 已知遭惡意利用弱點到期日: 2023/6/2
可惡意利用
CANVAS (CANVAS)
Core Impact
Metasploit (OpenNMS Java Object Unserialization Remote Code Execution)
參考資訊
CVE: CVE-2013-2186, CVE-2014-1869, CVE-2014-3661, CVE-2014-3662, CVE-2014-3663, CVE-2014-3664, CVE-2014-3666, CVE-2014-3667, CVE-2014-3680, CVE-2014-3681, CVE-2015-1806, CVE-2015-1807, CVE-2015-1808, CVE-2015-1810, CVE-2015-1812, CVE-2015-1813, CVE-2015-1814, CVE-2015-5317, CVE-2015-5318, CVE-2015-5319, CVE-2015-5320, CVE-2015-5321, CVE-2015-5322, CVE-2015-5323, CVE-2015-5324, CVE-2015-5325, CVE-2015-5326, CVE-2015-7537, CVE-2015-7538, CVE-2015-7539, CVE-2015-8103, CVE-2016-1905, CVE-2016-1906
RHSA: 2016:0070
TRA: TRA-2016-23