Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

fstec логотип

BDU:2024-01979

Опубликовано: 05 апр. 2023
Источник: fstec
CVSS3: 9.8
CVSS2: 10
EPSS Низкий

Описание

Уязвимость пакета golang операционной системы Debian GNU/Linux связана с неверным управлением генерацией кода. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код

Вендор

Canonical Ltd.
Red Hat Inc.
Novell Inc.
Сообщество свободного программного обеспечения
ООО «Ред Софт»
The Go Project

Наименование ПО

Ubuntu
Red Hat Enterprise Linux
openSUSE Tumbleweed
Red Hat Storage
Red Hat AMQ Broker
Debian GNU/Linux
РЕД ОС
OpenSUSE Leap
SUSE Linux Enterprise Server for SAP Applications
Red Hat Openshift Data Foundation
Red Hat OpenShift GitOps
Suse Linux Enterprise Server
Red Hat OpenShift Container Platform
Suse Linux Enterprise Desktop
Red Hat OpenStack Platform
SUSE Manager Retail Branch Server
SUSE Manager Proxy
SUSE Manager Server
SUSE Linux Enterprise High Performance Computing
SUSE Enterprise Storage
SUSE Linux Enterprise Module for Development Tools
Red Hat Web Terminal
Node Maintenance Operator
Service Telemetry Framework
OpenShift Developer Tools and Services
SUSE Linux Enterprise Real Time
Red Hat Ceph Storage
Red Hat OpenShift Virtualization
OpenShift Serverless
Red Hat Developer Tools
Migration Toolkit for Applications
Red Hat Advanced Cluster Security
Self Node Remediation
Migration Toolkit for Containers
OpenShift API for Data Protection
Red Hat Ansible Automation Platform
Red Hat OpenShift distributed tracing
Red Hat Service Interconnect
SUSE Liberty Linux
Go
OpenShift Container Platform
Red Hat Advanced Cluster Security (RHACS) for Kubernetes
OpenShift

Версия ПО

14.04 LTS (Ubuntu)
16.04 LTS (Ubuntu)
18.04 LTS (Ubuntu)
8 (Red Hat Enterprise Linux)
- (openSUSE Tumbleweed)
3 (Red Hat Storage)
20.04 LTS (Ubuntu)
7 (Red Hat AMQ Broker)
11 (Debian GNU/Linux)
12 (Debian GNU/Linux)
7.3 (РЕД ОС)
15.4 (OpenSUSE Leap)
15 SP3 (SUSE Linux Enterprise Server for SAP Applications)
4 (Red Hat Openshift Data Foundation)
- (Red Hat OpenShift GitOps)
15 SP4 (Suse Linux Enterprise Server)
4 (Red Hat OpenShift Container Platform)
15 SP4 (Suse Linux Enterprise Desktop)
15 SP4 (SUSE Linux Enterprise Server for SAP Applications)
22.04 LTS (Ubuntu)
9 (Red Hat Enterprise Linux)
16.2 (Red Hat OpenStack Platform)
4.3 (SUSE Manager Retail Branch Server)
4.3 (SUSE Manager Proxy)
4.3 (SUSE Manager Server)
15 SP4 (SUSE Linux Enterprise High Performance Computing)
7.1 (SUSE Enterprise Storage)
15 SP4 (SUSE Linux Enterprise Module for Development Tools)
- (Red Hat Web Terminal)
- (Node Maintenance Operator)
1.4 for RHEL 8 (Service Telemetry Framework)
- (OpenShift Developer Tools and Services)
15 SP3-LTSS (Suse Linux Enterprise Server)
17.0 (Red Hat OpenStack Platform)
15 SP3-ESPOS (SUSE Linux Enterprise High Performance Computing)
15 SP3-LTSS (SUSE Linux Enterprise High Performance Computing)
15 SP3 (SUSE Linux Enterprise Real Time)
5 (Red Hat Ceph Storage)
15 SP5 (SUSE Linux Enterprise Server for SAP Applications)
15 SP5 (Suse Linux Enterprise Server)
15 SP5 (Suse Linux Enterprise Desktop)
4 (Red Hat OpenShift Virtualization)
- (OpenShift Serverless)
15 SP5 (SUSE Linux Enterprise High Performance Computing)
15 SP5 (SUSE Linux Enterprise Module for Development Tools)
4.13 (Red Hat OpenShift Container Platform)
- (Red Hat Developer Tools)
6.2 (Migration Toolkit for Applications)
3 (Red Hat Advanced Cluster Security)
- (Self Node Remediation)
- (Migration Toolkit for Containers)
- (OpenShift API for Data Protection)
2.3 (Red Hat Ansible Automation Platform)
- (Red Hat OpenShift distributed tracing)
1 (Red Hat Service Interconnect)
9 (SUSE Liberty Linux)
до 1.19.8 (Go)
от 1.20.0 до 1.20.3 (Go)
4.13 (OpenShift Container Platform)
- (Red Hat Advanced Cluster Security (RHACS) for Kubernetes)
1.10 (OpenShift)
1.7 (Migration Toolkit for Containers)
2 (Red Hat OpenShift distributed tracing)
15 SP6 (Suse Linux Enterprise Desktop)
15 SP6 (Suse Linux Enterprise Server)
15 SP6 (SUSE Linux Enterprise Server for SAP Applications)
15 SP6 (SUSE Linux Enterprise High Performance Computing)
15 SP6 (SUSE Linux Enterprise Module for Development Tools)

Тип ПО

Операционная система
Прикладное ПО информационных систем
ПО программно-аппаратного средства
Сетевое средство
ПО виртуализации/ПО виртуального программно-аппаратного средства
Сетевое программное средство
Средство защиты

Операционные системы и аппаратные платформы

Canonical Ltd. Ubuntu 14.04 LTS
Canonical Ltd. Ubuntu 16.04 LTS
Canonical Ltd. Ubuntu 18.04 LTS
Red Hat Inc. Red Hat Enterprise Linux 8
Сообщество свободного программного обеспечения Debian GNU/Linux 10
Novell Inc. openSUSE Tumbleweed -
Canonical Ltd. Ubuntu 20.04 LTS
Canonical Ltd. Ubuntu 16.04 ESM
Сообщество свободного программного обеспечения Debian GNU/Linux 11
Сообщество свободного программного обеспечения Debian GNU/Linux 12
ООО «Ред Софт» РЕД ОС 7.3
Novell Inc. OpenSUSE Leap 15.4
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP3
Novell Inc. Suse Linux Enterprise Server 15 SP4
Novell Inc. Suse Linux Enterprise Desktop 15 SP4
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP4
Canonical Ltd. Ubuntu 22.04 LTS
Red Hat Inc. Red Hat Enterprise Linux 9
Canonical Ltd. Ubuntu 22.10
Novell Inc. Suse Linux Enterprise Server 15 SP3-LTSS
Novell Inc. SUSE Linux Enterprise Real Time 15 SP3
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP5
Novell Inc. Suse Linux Enterprise Server 15 SP5
Novell Inc. Suse Linux Enterprise Desktop 15 SP5
Canonical Ltd. Ubuntu 18.04 ESM
Canonical Ltd. Ubuntu 23.04
Novell Inc. SUSE Liberty Linux 9
Novell Inc. Suse Linux Enterprise Desktop 15 SP6
Novell Inc. Suse Linux Enterprise Server 15 SP6
Novell Inc. SUSE Linux Enterprise Server for SAP Applications 15 SP6

Уровень опасности уязвимости

Критический уровень опасности (базовая оценка CVSS 2.0 составляет 10)
Критический уровень опасности (базовая оценка CVSS 3.0 составляет 9,8)

Возможные меры по устранению уязвимости

В условиях отсутствия обновлений безопасности от производителя рекомендуется придерживаться "Рекомендаций по безопасной настройке операционных систем LINUX", изложенных в методическом документе ФСТЭК России, утверждённом 25 декабря 2022 года.
Использование рекомендаций
Для Go:
https://pkg.go.dev/vuln/GO-2023-1703
https://go.dev/issue/59234
Для Debian GNU/Linux:
https://security-tracker.debian.org/tracker/CVE-2023-24538
Для программных продуктов Novell Inc.:
https://www.suse.com/security/cve/CVE-2023-24538.html
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/CVE-2023-24538
Для Ubuntu:
https://ubuntu.com/security/CVE-2023-24538
Для РедОС:
http://repo.red-soft.ru/redos/7.3c/x86_64/updates/

Статус уязвимости

Подтверждена производителем

Наличие эксплойта

Данные уточняются

Информация об устранении

Уязвимость устранена

Ссылки на источники

Идентификаторы других систем описаний уязвимостей

EPSS

Процентиль: 70%
0.00646
Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Связанные уязвимости

redos логотип

ROS-20241017-01

CVSS3: 9.8
redos
8 месяцев назад

Множественные уязвимости golang

redos логотип

ROS-20241203-15

CVSS3: 9.8
redos
7 месяцев назад

Множественные уязвимости filebeat

redos логотип

ROS-20240418-06

CVSS3: 9.8
redos
около 1 года назад

Множественные уязвимости buildah

ubuntu логотип

CVE-2023-24538

CVSS3: 9.8
ubuntu
около 2 лет назад

Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmplliti...

redhat логотип

CVE-2023-24538

CVSS3: 9.8
redhat
около 2 лет назад

Templates do not properly consider backticks (`) as Javascript string delimiters, and do not escape them as expected. Backticks are used, since ES6, for JS template literals. If a template contains a Go template action within a Javascript template literal, the contents of the action can be used to terminate the literal, injecting arbitrary Javascript code into the Go template. As ES6 template literals are rather complex, and themselves can do string interpolation, the decision was made to simply disallow Go template actions from being used inside of them (e.g. "var a = {{.}}"), since there is no obviously safe way to allow this behavior. This takes the same approach as github.com/google/safehtml. With fix, Template.Parse returns an Error when it encounters templates like this, with an ErrorCode of value 12. This ErrorCode is currently unexported, but will be exported in the release of Go 1.21. Users who rely on the previous behavior can re-enable it using the GODEBUG flag jstmplliti...

EPSS

Процентиль: 70%
0.00646
Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2